Internal DNS

1. Mixed internal network running UNIX/Linux and Microsoft AD
2. UNIX/Linux based network infrastructure
3. Microsoft AD based network infrastructure
4. Virtual Servers
5. Voice over IP (VoIP) / SIP Networks
6. IPv4 / IPv6 / Dual-Stack Networks
7. DNS Views for Consolidating Internal and External DNS
8. DNSSEC


DHCP

9. Nixu DHCP Server
10. Microsoft AD and Commercial DHCP Servers


1. Mixed internal DNS running UNIX/Linux and Microsoft AD

In mixed internal DNS implementations, Nixu NameSurfer Suite can be used for centralized and secure management of DNS data and IP address space, and as master DNS server that propagates all changes to authorative and/or caching DNS servers. Within this deployment scenario, UNIX/Linux based DNS servers (e.g. Nixu SNS) can be used as caching and/or as authorative DNS server.

Microsoft AD servers can either be configured as secondary DNS servers for Nixu NameSurfer Suite (acting as primary name server) that receive updates from it or, alternatively, as local workstation networks that do not receive updates from the remote DNS primary server. If the latter is the case, any DNS data that needs to be included in the public DNS can be propagated to Nixu NameSurfer primary using Dynamic DNS and Transaction Signatures (TSIGs).

Nixu Secure Name Server (SNS) can be used as caching and/or authoritative DNS server that receives DNS data updates from RFC compliant master DNS server (e.g. Nixu NameSurfer, BIND master with home-grown tools, products by other DNS management vendors). Nixu SNS can also be used as the master DNS server in which case DNS data in managed using editor included in SNS WebUI. In order to prevent faulty DNS configurations that lead to network downtime and compromise DNS security, the web-based editor comes with automated validation of DNS data entries. Nixu SNS is targeted at organizations running plain BIND on their public DNS servers.


2. UNIX/Linux based internal DNS

In UNIX/Linux based internal DNS implementations, Nixu NameSurfer Suite can be used for centralized and secure management of DNS data and IP address space, and as master DNS server that propagates all changes to authorative and/or caching DNS servers. Within this deployment scenario, UNIX/Linux based DNS servers (e.g. Nixu SNS) can be used as caching and/or as authorative DNS server. Nixu NameSurfer Suite can be used to manage the whole name (DNS) space or, alternatively, only certain sections using DNS delegations.

Nixu Secure Name Server (SNS) can be used as caching and/or authoritative DNS server that receives DNS data updates from RFC compliant master DNS server (e.g. Nixu NameSurfer, BIND master with home-grown tools, products by other DNS management vendors). Nixu SNS can also be used as the master DNS server in which case DNS data in managed using editor included in SNS WebUI. In order to prevent faulty DNS configurations that lead to network downtime and compromise DNS security, the web-based editor comes with automated validation of DNS data entries. Nixu SNS is targeted at organizations running plain BIND on their public DNS servers.

Due to its security features, Nixu SNS is especially suitable to be operated as the authoritative and/or caching DNS server located at the edge of the network.


3. Microsoft AD based internal DNS

Nixu NameSurfer Suite can be used as primary DNS server in Microsoft AD based network as follows:

Microsoft AD servers can either be configured as secondary DNS servers for Nixu NameSurfer Suite that receive updates from the DNS master or, alternatively, as local workstation networks that do not receive updates from the remote DNS master (i.e. Nixu NameSurfer Suite). In the latter case, any DNS entries required in public DNS can be propagated to Nixu NameSurfer primary using Dynamic DNS and Transaction Signatures (TSIGs). However, please note that Nixu Software's products are not supported on Windows and therefore have to be run on UNIX/Linux platform.

Nixu Secure Name Server can be used as caching or as authoritative name server in Microsoft AD networks to extend load balancing and/or to improve performance. Due to its software appliance design, it does not require customers to support UNIX/Linux servers internally.


4. Virtual and Blade Servers

Both Nixu NameSurfer Suite and Nixu Secure Name Server can be installed and run on virtual and/or blade servers. Most Virtual Server software can use Nixu SNS installation image (ISO) directly when installing a new virtual machine. Users can save in hardware costs by implementing their DNS setup using Virtual Machines (run NS Suite and Secondary on same physical server using two physical network interfaces).


5. Voice over IP (VoIP) / SIP Networks

Both Nixu NameSurfer Suite and Nixu Secure Name Server are RFC compliant and can be operated in VoIP environments / SIP networks. Both products are ideal for usage such as this because of their level of DNS security and scalability.


6. IPv4 / IPv6 / Dual-Stack Networks

Both Nixu NameSurfer Suite and Nixu Secure Name Server are RFC compliant and offer full support for IPv4, IPv6, and dual-stack networks. Both products are ideal for usage such as this because of their level of DNS security and scalability.


7. DNS Views for Consolidating Internal and External DNS

Nixu NameSurfer Suite supports DNS Views and can therefore be used for centralized management of unlimited number of views in a consolidated DNS environment.

For security reasons, Nixu NameSurfer Suite supports a solution architecture where all views are managed centrally but in which each view has its own secondary DNS server(s). Within this setup, the same secondary DNS server cannot be used to serve both the external and the internal network, as having a single server answering both external and internal queries poses a security threat. In our implementation of DNS Views, each view is assigned its own transaction signature (TSIG) used to authenticate servers and to allow only authenticated server(s) an access to given view.

Nixu Secure Name Server can be operated as secondary DNS server (either as caching or as authorative name server) in DNS Views setup.


8. DNSSEC

Nixu NameSurfer Suite 6.0.1 and later versions include native support for DNSSEC.


9. Nixu DHCP Server

Nixu DHCP Server can be operated both as an authoritative DHCP server and as a Relay Agent. Delivered as software appliance, Nixu DHCP Server can be operated in any network environment where different communications devices depend on dynamic IP allocation (e.g. workstation networks, wireless/WLAN/Wi-Fi networks, VoIP networks). Nixu DHCP Server has a built-in support for failover mechanism in which two Nixu DHCP Servers are implemented as a failover pair.

Nixu NameSurfer Suite includes a DHCP configuration utility that can be used to manage configurations of remote DHCP servers. Supported remote DHCP servers include Nixu DHCP Server and ISC DHCPD.


10. Microsoft AD and Commercial DHCP servers

While Nixu NameSurfer Suite cannot be used to manage Microsoft AD and/or commercial DHCP servers, any changes and IP allocations can be configured to be propagated to Nixu NameSurfer Suite using dynamic DNS. Connections between dynamic servers and Nixu NameSurfer can be secured using TSIGs.


 

About Nixu Software  | IPR & OSS Policy  | Privacy Statement  | Disclaimer  | Site Map  | Contact Us
© Nixu Software Limited 2006-2008. All Rights Reserved.