Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page Download as PDF E-Mail this URL Discuss this article Flame the author     In this article Introduction BlueCat Networks Adonis ApplianSys DNSBox300 Infoblox DNS One Executive Summary | How We Tested | Related Links Report Card

Executive Summary

DNS appliances offer advantages in ease of use and long-term cost savings when compared with server-based solutions. The appliances we tested all provide excellent functionality, serving up services while targeting an often hidden IT cost: The use of top IT staffers to design, set up and troubleshoot DNS. Migrating to a DNS appliance should allow these employees to allocate more time to business-focused concerns, instead of tinkering with the network.

And by relying on autoupdate capabilities and hardened platforms, ongoing maintenance costs are further reduced, especially compared with Windows- or Unix-based DNS.

While each of the three DNS appliances we tested delivers on the promise of easy-to-manage DNS, we recommend BlueCat's Adonis for its security features, client interface and error-checking capabilities.

All three vendors supplied examples of return on investment, each showing a payback in four to 12 months. In every case, the cost of the appliance was offset by reducing setup and maintenance expenses compared with conventional setups. By our numbers, if you're looking at a $10,000 outlay, your DNS guru is bringing in $45 per hour, and you can save 222 hours in configuration and maintenance labor, you've paid for the appliance. However you calculate it, it should be easy to justify the expense.

Our existing production environment hosts more than 600 user nodes, with a mix of Linux, Microsoft Windows NT and Apple Macintosh OS X servers on the back end. All users have Internet access. Multiple externally accessible Web sites are hosted on Red Hat Linux and Mac OS X-based Apache servers. Our normal primary and secondary DNS servers are hosted on Red Hat Linux, running BIND 9.2 that we manage with a GUI (QuickDNS 4.x from Men&Mice). Our primary DNS resides behind our firewall; our secondary DNS lies outside.

Each appliance was installed behind our firewall one at a time over a six-week period. Our existing DNS configuration was imported, and the appliance was activated as primary. Each appliance then served two weeks in production as our domain's primary DNS. Each product took its turn as our main internal DNS server. During that period, the switch to any one of the three appliances was transparent to our users. Real DNS lookup times appeared anecdotally similar to, if not faster than, our end-user population. We performed multiple stress tests using the queryperf tool from ISC, while the appliances and Linux box were connected via a private 100-Mbps connection. The appliances were configured as primary and were not managing any production queries during stress testing.

• DNS Resources Directory

• iCANN DNS Security Update

• Men&Mice

• NIXU NameSurfer,

• Public DNS Service,