New Access
Established in 2003, New Access S.A. specialises in connectivity and business continuity solutions for the corporate sector in Ecuador. A nationwide operator with offices in Quito and Guayaquil, it provides internet, hosting, VoIP, and other networking services to around 500 corporate customers across and the local region.
CHALLENGE
- Previous BIND DNS solution not scalable
- Servers overloaded resulting in zone misconfigurations
- Unable to scale solution to IPv6
- Existing solution now unsupported
SOLUTION
- 2 x DNSBOX220 slaves with authoritative and recursive DNS services
- 2 x DNSBOX420 masters in Active Passive Failover mode
BENEFIT
- Ultra-secure, fully scalable solution
- Affordable redundancy
- Easier config with error-free validation
- IPv6 support
- Localised expert support
Outdated and no longer fit for purpose
New Access had been using a BIND system – editing configuration files manually on Linux – to host authoritative and recursive DNS services for its 500 corporate customers. This consisted of managing dozens of authoritative zones, and managing reverse addressing for IPv4 and IPv6 resource records. In addition, each server handled around 100k DNS requests a day. DNS management was done through a GUI installed in their admin PCs.
However, 10 years on and with a growing customer base, it was clear to Network Administrator Eliana Montera that the ISP had outgrown this solution. The BIND servers could no longer handle the DNS query load – frequently becoming overloaded.
“Due to problems caused by overload, we had to restart the servers twice a week. And every time this happened, the DNS zones would get misconfigured,” recalls Network Administrator Eliana Montero. “This was highly inefficient. In addition, we were using support from the local integrator that deployed our units over a decade ago. But since IPv6 wasn’t supported, we couldn’t extend IPv6-based services to our client base. This was a barrier to growth for the company.”
Needing affordability, ease of use, and excellent support
Eliana sought to replace the legacy system with a more fit-for-purpose solution that would be fully supported. She wanted to find a new system that would be robust, redundant, and scalable, so she researched competing appliance-based recursive and authoritative DNS solutions.
But finding the right combination of benefits was as straightforward as expected, “Infoblox was too expensive – especially on support. We found the web interface too confusing, with many options and tabs mixed together unintuitively. And Fortinet didn’t provide direct support which was an instant deal-breaker,” says Eliana. “In comparison, DNSBOX’s web GUI was really easy to navigate, well designed, simple, and clear. And the support team was highly knowledgeable and approachable.”
The right fit solution
Compared with solutions like Infoblox and Fortinet, Eliana found DNSBOX not only fit for purpose, but that it met all the ISP’s requirements far more affordably. New Access chose to deploy 2 DNSBOX400 master appliances in Active / Passive Failover mode to securely hold the original authoritative records for all customers hidden behind a secure firewall.
In addition, the ISP deployed a DNSBOX200 slave in its two locations – each able to handle both recursive and authoritative DNS services. With other vendors, a redundant solution would have been too costly, but DNSBOX makes it an affordable option.
Easy deployment across both locations now ensures the ISP’s network has sufficient redundancy from downtime.
Copies of the authoritative records are transferred from the master to the slaves via secure SSH communication. Any changes to original records and zones are subsequently copied, on a frequent basis.
High performance, proven
For over 7 years. New Access’s DNSBOX solution has proven to be a robust, reliable, and highly secure solution. Besides delivering serious DNS performance, it has met the ISP’s DDI requirements at several critical levels.
The DNSBOX200s easily handle the ISP’s recursive DNS load. “It’s reassuring knowing that the solution will easily scale with increasing demand from customers,” says Eliana, “We have one unit handling each of the locations comfortably.”
Better Quality of Service, future-proofing business growth
A key concern for New Access had been IP addresses management (IPAM): with more subscribers using IPv6 devices, the service provider needed visibility of IP addresses to plan growth efficiently. This involves:
- Managing IP addresses and allocating them to different subnets and domains;
- Planning IP address allocation for future growth: assigning blocks to specific domains, keeping others free and having a system to handle both IPv4 and IPv6 client devices.
Currently, a total of 1,062 IPAM blocks are managed for customers, as well as 150 authoritative zones. But DNSBOX has made it easier for Eliana to delegate and split the workload between two administrators, “The ‘Users’ feature allows us to assign specific GUI permissions to individual admins neatly – so it’s easy and safe to delegate workload across different parts of the network.”
Simpler, error-free DNS management
DNSBOX400’s DNS management UI has made it easier to manage and update hundreds of authoritative customer records. In-page forms, together with automated entries, make it easy to create new zones and edit zone data. At the same time, DNSBOX’s data validation helps prevent mistakes in configuration.
Download New Access’ case study (478KB)