Network Computingwww.networkcomputing.com

To put it quite simply, this is the easiest IP management device I have ever installed. The initial setup required me to hook up the serial port, power cable and serial cable -- it doesn't get any easier than that. After feeding DNS One its IP address over the serial port, I had the machine up and running. Configuring DNS One with my Web browser was just as easy. There aren't any security worries, because DNS One will only use the HTTPS protocol to communicate with your Web browser. It's a snap to tell if DNS One is running OK, because it has a heartbeat light on the front: If the heart stops beating, the machine is dead!

Administration for Blox-Heads

DNS One brings ease of use to the typically turbulent environment of DNS management. The problem with most DNS management tools is that even the initial setup requires a high-level amount of skill -- your organization's top systems administrators are usually required to set up the DNS server and oversee its operation. With DNS One, I found the user interface to be intuitive enough for even entry-level systems administrators. With DNS One I was able to create accounts and grant those accounts any access I wanted. I had the ability to set access restrictions per each individual subnet or per each zone, which allows a fairly fine granularity of control. This will allow you to distribute the task of IP management out to a larger number of people without increasing the risk of catastrophe due to misconfiguration.

You should also consider security measures that allow you to place restrictions on where DNS queries can come from. The DNS One has zone-level and network-level controls available. This is important because potential network intruders can gain a lot of information from your DNS servers. You will, of course, want www.yourcompany.com to be seen by the world, but you do not want salesdatabase.yourcompany.com to be seen. If you don't set these controls, it would be like publishing a detailed map of your secret research building in the telephone book--intruders can gain critical information by digging around in your DNS databases.

User-Friendly Features, Super Support

DNS One provides a simple, yet powerful Web-based GUI. It's easy to use, and there is absolutely nothing to install on the administration clients. The only requirement for the Web-based GUI is a relatively recently updated Netscape or Microsoft browser. As with most other IP management systems, the DNS and DHCP are completely integrated. I easily transferred in my DNS zone file and began serving my DHCP clients using the client ID of the hostname in the DNS zone. This way, even though the DNS One did not know the MAC (Media Access Control) address of my statically assigned clients, it was able to infer these addresses from the client ID used by the client machine when it requested DHCP service.

One of the key features of DNS One is InfoBlox's support. While monitoring for new releases, DNS One also monitors itself to make sure all of its internal parts are working properly. DNS One comes with redundant power supplies and mirrored hard drives. If any part of DNS One fails, it automatically phones home to InfoBlox. InfoBlox will then turn around and ship out a working unit -- often scheduling it before you notice a problem.

InfoBlox' servicing model for DNS One machines is zero on-site. If any part fails, the company ships you a working machine and takes the failing DNS One back. To forward this model, DNS One version 1.1 allows the failing machine -- if it is able -- to dump its state completely over to the new DNS One machine. Prior versions required assistance from an InfoBlox engineer to facilitate the transfer. This transfer is done via an XML export, so if you wanted to, you could import this data into any standard XML processing software.

Although this feature wasn't in the version I tested, DNS One promises a lightweight PERL module that allows you to access the DNS One database directly from a PERL script. If implemented correctly, this feature will be invaluable to anyone who demands advanced configuration.

Updates Made Easy

DNS One comes with one free year of software upgrades. I found the upgrade process totally painless. With a simple click of the mouse, my DNS One machine fetched the new release over the Web. Although I chose to have DNS One upgrade only on my command, the machine can either notify you when new upgrades are available or upgrade itself automatically. If you prefer, or if you are not directly connected to the Internet, InfoBlox can e-mail you when updates are available.

While the update is easy, there are a few potential problems with the update process itself. The first problem I found was that there is no way to enter a proxy server. Therefore, if your DNS One machine is not directly connected to the Internet, you will need to use either a NAT (Network Address Translation) or a transparent proxy to update it. Another problem with the network update is that the transfer process is not encrypted, nor is the update itself encrypted. This leaves a hole in DNS One's otherwise well-thought-out security.

Potential security problems aside, there are tremendous advantages to having an easily updateable server. Theoretically, you do not have to monitor the DNS Security mailing lists for new compromises, although I would still monitor them to make sure InfoBlox is addressing exploits. Additionally, since InfoBlox controls the operating system on the machine, it patches the OS as security problems arise. This means you have one less machine to worry about patching.

Room for Improvement