DNSBOX200 is an advanced DNS slave, recursive resolver (DNS cache) and DHCP server for high performance and security needs. It is a very flexible appliance, which can be used in different ways and adapts to its specific role to give you a fit-for-purpose device.
 |
It can be licenced for whichever of the 3 services you need. If you don’t use the appliance for all 3 roles, the user interface hides features you don’t need to keep things simple. It can be deployed in different ways:
- Managed seamlessly from the DNSBOX400 / DNSBOX300 master web interface
- Linked to other DNS or DHCP servers
- As a standalone server (DNS cache or DHCP)
|
In addition, DNSBOX200 can be used as a DNS master, for editing authoritative DNS records.
DNSBOX200 runs authoritative and recursive (cache) DNS as separate services on the same physical server. This:
- Improves security by isolating the authoritative server from the more vulnerable DNS cache, with each running in its own ‘sandbox’ environment. Each can be served from a separate IP address and on a different NIC.
- Means you can follow this best practice approach yet only need to pay for and manage one physical server – the best of both worlds.
- Gives you better performance as specialised software is used for the individual services:
- BIND for authoritative
- Unbound for recursive
When you use the authoritative resolver as a DNS slave…
- You have the specialist DNS admin features you need on a slave:
- Ability to display, filter and search for zones, as well as view their status
- Real-time and historical graphs giving an overview of how your authoritative DNS service is performing, e.g. the number and types of queries and responses
- Easy monitoring of slaved zones with zone logging and graphs on query and response types, e.g. visibility of which domains receive most queries
- Support for slave and stub zones
- IPv6 support
- Additional features make the service even more secure and reliable:
- Support for DNSSEC signed zones
- TSIG Keys
- IP-secured connections with other DNS servers in your architecture
- Offline master mode – serving zones from their last known ‘good’ state, if the master becomes unavailable
When you use the recursive resolver (DNS cache)…
- Because the server is Unbound, you get a more secure solution and carrier-grade caching performance – 2.5x performance of BIND
- You have the specialist DNS admin features you need:
- Ability to display, filter, add, edit, delete and search for forward zones
- Automatic forward zones creation for local zones
- Real-time and historical graphs giving you an overview of how your recursive DNS service is performing, e.g. the number, rate and types of queries and service latency
- Logging recursive queries to syslog and local log
- IPv6 support
- Additional features make the service even more secure and reliable:
- Cache poisoning protection with max randomness for query ID and port, case preservation, response scrubbing and access control
- DDoS attacks protection
- Rate-limiter restricting amount of DNS traffic from individual or all IP addresses
- Ability to block the IP address of the attacker using custom firewall rules
- Automatic service restart if the DNS or DHCP servers are caused to fail
- DNSSEC validation protecting against other compromised DNS servers with ability to configure DNSSEC trust anchors
- High availability load balanced clustering gives you redundancy and protection against DDoS attacks – the more query load you can handle, the lower the risk of disruption
When you use the DHCP Server…
- DHCP configuration is easy and accurate
- Automated validation of DHCP configurations
- Custom configuration fields
- Import/export option for easy backups and ability to copy changes between servers, including importing configuration data from ISC-DHCPD servers
- Ability to group hosts, subnets and networks with similar configurations
- Support for all DHCPD options on global and subnet level
- Ability to assign static IP addresses to clients using MAC authentication
- Automated log rotation
- IPv6 and DHCPv6 support
- You can easily set up DHCP failover to ensure maximum availability of this critical service
- Single web interface for managing all failover units
- Separate XML-RPC interface between the servers – only the primary needs to be configured
- Automated replication of changes to a secondary active unit
- Informative DHCP statistics give you full visibility of the service. You can:
- View and search for current and historical leases
- View and search for specific hosts, DDNS zones, configured subnets and IP ranges
- Group subnets, which share a common network media (e.g. same LAN or broadcast address)
- Store additional description information about devices
Download DNSBOX200 for DHCP Factsheet (pdf, 945.14kB)
1. Pair of slaves in authoritative role for external DNS
2. Slave cluster in recursive resolver/DNS cache role for internal DNS
3. DNSBOX200 as a DHCP server with failover at secondary location
4. Single slave adopting both authoritative and recursive/cache roles
If you have just a few small zones, you can use
DNSBOX
200 as a DNS master for editing authoritative DNS records simply by switching its operating mode from slave to master.
When you use the authoritative resolver as a DNS master…
- You have the specialist DNS admin features you need:
- Ability to display, add, delete, edit, filter and search for zones, as well as view their status
- Real-time and historical graphs giving an overview of how your authoritative DNS service is performing, e.g. the number and types of queries and responses
- Easy monitoring of slaved zones with zone logging and graphs on query and response types, e.g. visibility of which domains receive most queries
- Support for slave and stub zones
- Automated validation of DNS configuration
- IPv6 support
- Additional features make the service even more secure and reliable:
- Support for DNSSEC signed zones
- TSIG Keys
- IP-secured connections with other DNS servers in your architecture
