External DNS

1. UNIX/Linux based external DNS
2. Microsoft AD based external DNS
3. Virtual Servers
4. IPv4 / IPv6 / dual-stack networks
5. DNS Views for consolidating internal and external DNS
6. DNSSEC


1. UNIX/Linux based external DNS

In UNIX/Linux based external DNS implementations, Nixu NameSurfer Suite can be used for centralized and secure management of DNS data and IP address space, and as master DNS server that propagates all changes to authorative and/or caching DNS servers. Within this deployment scenario, UNIX/Linux based DNS servers (e.g. Nixu SNS) can be used as caching and/or as authorative DNS server. Nixu NameSurfer Suite can be used to manage the whole name (DNS) space or, alternatively, only certain sections using DNS delegations.

Nixu Secure Name Server (SNS) can be used as caching and/or authoritative DNS server that receives DNS data updates from RFC compliant master DNS server (e.g. Nixu NameSurfer, BIND master with home-grown tools, products by other DNS management vendors). Nixu SNS can also be used as the master DNS server in which case DNS data in managed using editor included in SNS WebUI. In order to prevent faulty DNS configurations that lead to network downtime and compromise DNS security, the web-based editor comes with automated validation of DNS data entries. Nixu SNS is targeted at organizations running plain BIND on their public DNS servers.


2. Microsoft AD based external DNS

As external enterprise networks / DMZs are rarely dynamic, we recommend running Nixu NameSurfer Suite and/or Nixu Secure Name Server within this deployment scenario. For further information about the set-up, please refer to the above description.


3. Virtual and Blade Servers

Both Nixu NameSurfer Suite and Nixu Secure Name Server can be installed and run on virtual and/or blade servers. Most Virtual Server software can use Nixu SNS installation image (ISO) directly when installing a new virtual machine. Users can save in hardware costs by implementing their DNS setup using Virtual Machines (run NS Suite and Secondary on same physical server using two physical network interfaces).


4. IPv4 / IPv6 / Dual-Stack Networks

Both Nixu NameSurfer Suite and Nixu Secure Name Server are RFC compliant and offer full support for IPv4, IPv6, and dual-stack networks. Both products are ideal for usage such as this because of their level of DNS security and scalability.


5. DNS Views for Consolidating Internal and External DNS

Nixu NameSurfer Suite supports DNS Views and can therefore be used for centralized management of unlimited number of views in a consolidated DNS environment.

For security reasons, Nixu NameSurfer Suite supports a solution architecture where all views are managed centrally but in which each view has its own secondary DNS server(s). Within this setup, the same secondary DNS server cannot be used to serve both the external and the internal network, as having a single server answering both external and internal queries poses a security threat. In our implementation of DNS Views, each view is assigned its own transaction signature (TSIG) used to authenticate servers and to allow only authenticated server(s) an access to given view.

Nixu Secure Name Server can be operated as secondary DNS server (either as caching or as authorative name server) in DNSViews setup.


6. DNSSEC

Nixu NameSurfer Suite 6.0.1 and later versions include native support for DNSSEC.


 

About Nixu Software  | IPR & OSS Policy  | Privacy Statement  | Disclaimer  | Site Map  | Contact Us
© Nixu Software Limited 2006-2008. All Rights Reserved.