Using tools like BIND or Windows DNS in growing networks can quickly make DNS workload unmanageable. Larger networks can involve many man-years simply administering DNS. A lot of this could be saved with better tools:
Administering DNS is complex, repetitive and time-consuming:
- Editing DNS records involves inefficient workflows – with lots of repetition and copying – and errors are easy to make. The data is not human-friendly.
- Now DNSSEC and IPv6 are creating even more work and complexity.
- Controlling, maintaining and administering multiple linked DNS servers individually creates more inefficiency.
Controlling DNS data and enforcing administrative procedures is challenging. It’s difficult to:
- See the big picture or navigate around the data
- Share the work among multiple administrators without tools for controlling delegated editing rights or viewing history
- Ensure DNS records are set up in line with any overall plan for use of IP address space
Protecting your core DNS services from security threats and service failures:
- DNS is a top security target. BIND and Windows DNS are vulnerable to intrusion, DoS attacks and cache poisoning, with new vulnerabilities often emerging
- Configuration is error-prone: a single mistyped character could bring down your entire network, with disastrous business consequences
- A DNS server failure could be caused by application or operating system software, hardware or operator error. Robust DNS architectures need redundancy, which itself is complicated to get right
DDI appliances overcome these issues by simplifying DNS administration, giving you more control over your DNS systems, and protecting your DNS service from attack or failure.
Managing DNS Data
DDI solutions like DNSBOX make editing DNS data much easier than editing configuration files directly. Tasks which take many steps in BIND are automated, saving time and minimising errors.
For example, adding a zone in BIND takes 10-20 minutes, while the same task takes < 30s on DNSBOX.
Configuring multiple remote DNS slaves
Copying zone data from a master to slaves is hard work. If you’re managing a number of slaves across multiple locations configuring one server at a time can quickly turn into a major headache. DDI solutions automate synchronisation, enabling you to configure all the slaves from a single web-based interface.
Gain better control over your data
- Make DNS data entry more disciplined through forms and automation tools
- Share pre-populated templates with other users
- Make advanced DNS configurations accurate and error-free using validation tools
Share workload in a controlled way
- Assign permissions to view and edit specific data to individuals or groups of people
- Audit trails to log who made which changes and when
Increase visibility with audits and reports
- Easier to see and navigate through – be more disciplined and consistent in the way you name and number
- Reports on historical and real-time activity levels of remote DNS servers – control performance and DNS query traffic
Enhanced reliability & redundancy
Having your network grind to a halt because your only DNS server has gone offline is a nightmare scenario for most organisations. Validating data entries dramatically reduces the risk of entering incorrect DNS data and so ensures the stability of DNS is never compromised. DDI solutions offer software security features like DNSSEC to protect against security threats such as cache poisoning. Introducing options such as failover units and clustering to your existing architecture can address issues with hardware failure.
These additional layers of redundancy ensure business critical core network services are always available.