DNSBOX200 is an advanced DNS slave, recursive resolver (DNS cache) and DHCP server for high performance and security needs. It is a very flexible appliance, which can be used in different ways and adapts to its specific role to give you a fit-for-purpose device.
|  | It can be licenced for whichever of the 3 services you need. If you don’t use the appliance for all 3 roles, the user interface hides features you don’t need to keep things simple. It can be deployed in different ways: 
Managed seamlessly from the DNSBOX400 / DNSBOX300 master web interfaceLinked to other DNS or DHCP serversAs a standalone server (DNS cache or DHCP) | 
 
In addition, DNSBOX200 can be used as a DNS master, for editing authoritative DNS records.
DNSBOX200 runs authoritative and recursive (cache) DNS as separate services on the same physical server. This:
- Improves security by isolating the authoritative server from the more vulnerable DNS cache, with each running in its own ‘sandbox’ environment. Each can be served from a separate IP address and on a different NIC.
- Means you can follow this best practice approach yet only need to pay for and manage one physical server – the best of both worlds.
- Gives you better performance as specialised software is used for the individual services:
- BIND for authoritative
- Unbound for recursive
 
When you use the authoritative resolver as a DNS slave…
- You have the specialist DNS admin features you need on a slave:
- Ability to display, filter and search for zones, as well as view their status
- Real-time and historical graphs giving an overview of how your authoritative DNS service is performing, e.g. the number and types of queries and responses
- Easy monitoring of slaved zones with zone logging and graphs on query and response types, e.g. visibility of which domains receive most queries
- Support for slave and stub zones
- IPv6 support
 

- Additional features make the service even more secure and reliable:
- Support for DNSSEC signed zones
- TSIG Keys
- IP-secured connections with other DNS servers in your architecture
- Offline master mode – serving zones from their last known ‘good’ state, if the master becomes unavailable
 
 
When you use the recursive resolver (DNS cache)…
- Because the server is Unbound, you get a more secure solution and carrier-grade caching performance – 2.5x performance of BIND
- You have the specialist DNS admin features you need:
- Ability to display, filter, add, edit, delete and search for forward zones
- Automatic forward zones creation for local zones
- Real-time and historical graphs giving you an overview of how your recursive DNS service is performing, e.g. the number, rate and types of queries and service latency
- Logging recursive queries to syslog and local log
- IPv6 support
 

- Additional features make the service even more secure and reliable:
- Cache poisoning protection with max randomness for query ID and port, case preservation, response scrubbing and access control
- DDoS attacks protection
- Rate-limiter restricting amount of DNS traffic from individual or all IP addresses
- Ability to block the IP address of the attacker using custom firewall rules
- Automatic service restart if the DNS or DHCP servers are caused to fail
 
- DNSSEC validation protecting against other compromised DNS servers with ability to configure DNSSEC trust anchors
- High availability load balanced clustering gives you redundancy and protection against DDoS attacks – the more query load you can handle, the lower the risk of disruption
 
 
When you use the DHCP Server…
- DHCP configuration is easy and accurate
- Automated validation of DHCP configurations
- Custom configuration fields
- Import/export option for easy backups and ability to copy changes between servers, including importing configuration data from ISC-DHCPD servers
- Ability to group hosts, subnets and networks with similar configurations
- Support for all DHCPD options on global and subnet level
- Ability to assign static IP addresses to clients using MAC authentication
- Automated log rotation
- IPv6 and DHCPv6 support
 

- You can easily set up DHCP failover to ensure maximum availability of this critical service
- Single web interface for managing all failover units
- Separate XML-RPC interface between the servers – only the primary needs to be configured
- Automated replication of changes to a secondary active unit
 
- Informative DHCP statistics give you full visibility of the service. You can:
- View and search for current and historical leases
- View and search for specific hosts, DDNS zones, configured subnets and IP ranges
- Group subnets, which share a common network media (e.g. same LAN or broadcast address)
- Store additional description information about devices
 
 Download DNSBOX200 for DHCP Factsheet (pdf, 945.14kB)
 Download DNSBOX200 for DHCP Factsheet (pdf, 945.14kB)
 
 1. Pair of slaves in authoritative role for external DNS
1. Pair of slaves in authoritative role for external DNS
2. Slave cluster in recursive resolver/DNS cache role for internal DNS
3. DNSBOX200 as a DHCP server with failover at secondary location
4. Single slave adopting both authoritative and recursive/cache roles
 
If you have just a few small zones, you can use 
DNSBOX
200 as a DNS master for editing authoritative DNS records simply by switching its operating mode from slave to master.
When you use the authoritative resolver as a DNS master…
- You have the specialist DNS admin features you need:
- Ability to display, add, delete, edit, filter and search for zones, as well as view their status
- Real-time and historical graphs giving an overview of how your authoritative DNS service is performing, e.g. the number and types of queries and responses
- Easy monitoring of slaved zones with zone logging and graphs on query and response types, e.g. visibility of which domains receive most queries
- Support for slave and stub zones
- Automated validation of DNS configuration
- IPv6 support
 
- Additional features make the service even more secure and reliable:
- Support for DNSSEC signed zones
- TSIG Keys
- IP-secured connections with other DNS servers in your architecture
 
