Having discussed DNS and Nixu SNS with more than hundred people during the last two days, I think we now have a good understanding of the aspects people really liked about the new product. They were:

- Nixu SNS is a software appliance. Take a clean general purpose server (or a clean PC); download Nixu SNS ISO image and burn it on CD or, if you’re a Linux / UNIX user, on USB stick; stick the media in; boot the machine. After 10 minutes and a couple of simple configurations, you have a dedicated, hardened DNS server appliance running on Linux (CentOS).

- DNS Security. The secure design makes Nixu SNS an ideal solution for external DNS: among other things, we’re first in the world to incorporate IPS and DNS. The best way to find details about this and other security features is to read our new DNS Security White Paper. I just heard that this paper was approved by Ziff Davis editors to be included in Webbuyersguide’s White Paper library, so we’re not the only ones who think it’s a valuable read.

- Cost. At USD 495 / year / server including maintenance & support, Nixu SNS is cheaper to install, to configure, and to run than traditional open source based do-it-yourself DNS servers: not even open source software is free because of the overheads associated with running it.

I think that pretty much sums it up. As for the pictures I promised, here’s Tom, our US rep, busy at Infosecurity New York:

The first day of Infosecurity New York is now behind us. Tom (our US rep), Ville (technical product manager) and I were really excited about the great reception Nixu SNS received from the information security and networking community.

Based on the enthusiastic feedback we received on Nixu SNS, it seems like taking the software appliance route with Nixu SNS was the right way to go about. While the concept is new and therefore required some educating to open up, people picked it up really quickly. For all of you who are new with this concept, I thought I’d add a link to Network Computing’s article on software appliances here. This is recommended reading for anyone interested in the topic.

I’ll post another blog on Infosecurity within the next 48 hours (with some photos ): please stay tuned for more.

If anyone active in ICT has missed Google’s YouTube acquisition of last week, there could well be something wrong with his RSS Client or WLAN connection. It seems like everyone and their mother is now into Web 2.0 and the phenomena it has brought along with it.

There are several things that have acted as a catalyst for Web 2.0. The first one is the dramatically lower price of hardware. The second catalyst is open source software. The third enabler would be broadband networks. You really don’t have to go too far back to find yourself in a time where setting up services such as YouTube would have been impossible. Not so much because the technology didn’t exist or because people didn’t have ideas. Nope, it was simply because those with the ideas couldn’t afford to turn their vision into reality because technology was so darned expensive. Those days, technology really wasn’t an enabler.

But all of a sudden, the price of hardware took a dive, open source software projects were everywhere, and anyone could buy plenty of bandwidth at relatively low cost. And before you knew it, the early birds of Web 2.0 raised from the ashes like a phoenix. There was Google, Wikipedia, Skype, eBay, PayPal, and iStockphotos. And, of course, YouTube.

All this comes back to DNS. While open source software and lower price of hardware has created some really tangible discontinuities in many areas, it really hasn’t been the case with DNS. This is simply because DNS has been more or less dominated by open source software, ISC’s BIND, since the technology was invented back in 1983. As BIND has been free all along and has done the job ok, there really hasn’t been much room for other DNS implementations or innovations to prosper.

Which poses an intriguing question: if open source software dominates, does it curb innovation?

When one looks at Web 2.0, it becomes obvious that while open source software has been used in many 2.0 projects, the innovation has come from elsewhere: open source software has simply been an enabler that has been harnessed to do a specific job. And here, my dear readers, lies the answer. Rather than getting fussy about open source software as an end in itself, people should shift their focus a little and start thinking about how open source software could be used to do things differently. By combining existing open source software modules in an innovative way, one can come up with great inventions.

In Nixu Software’s case, we have taken different open source software modules (CentOS, PSAD, Bastille, PHP, Apache, BIND, etc.) and merged them into Nixu Secure Name Server. Nixu SNS is not only more secure than traditional stand-alone BIND servers, but it’s also cheaper to install and to run then do-it-yourself DNS servers based on open source software. So in essence, combining existing pieces of open source software in a new way has translated to higher level of DNS security and lower costs for our customers.

Now that’s what I call an open source Innovation!

California is a great place. In addition to having Arnold as governor, it is the home of the venture-capital-pumped dynamic duo of the DNS world, Nominum and Infoblox.

As we all know, one can do many things with venture capital. This fall, the trend seems to be all about providing organizations with free DNS analysis tools to verify the insecure state of their DNS: both Nominum and Infoblox have announced free DNS analysis tools during this and last week.

To provide our readers with the same level of service, I thought I’d equip you with a couple of links to The Measurement Factory’s website:

• DNS Analysis Tools
• DNS Surveys

The Measurement Factory is a company based in Boulder, CO that has published some very interesting DNS surveys during the last two years or so. They also offer some open source tools for DNS analysis and so their website is really worth checking out.

Oh and guess what: it seems like The Measurement Factory’s DNS analysis tools are to Cricket Liu’s liking too, as Infoblox has apparently been using them to obtain the results published in their latest news announcement:

“Infoblox Introduces Cricket Liu’s DNS Advisor: Free Online Tool Enables Organizations to Assess DNS Systems”

When I saw the headline and skimmed through the annoucement, I was under the impression that Infoblox would have developed this great, free online tool and offered it to the general public free of charge. That’s apparently not the case, as The Measurement Factory is very briefly acknowledged in the last paragraph of the rather lengthy article.

After posting my first blog at this website two weeks ago, it has been a pleasure to see the number of readers we have had. In just under 13 days (12.93 to be exact ), we have had more than 1.000 visitors from 41 different top-level domains. And so, I would first like to take this opportunity to thank all of you who have made a habit out of following up on my ramblings.

To make things interesting for you, I decided that we start running a series of Classic DNS Articles at this site. First up in the series is Securing an Internet Name Server by Allen Householder and Brian King, which qualifies as a classic as far as DNS security papers are concerned.

What stroke me the most after revisiting this piece was how little things have changed since 2002. Sure, some of the recommended versions of BIND have been found to have vulnerabilities since the piece was written – that’s why Allen and Brian urge people to stay up to date with their software – but in the great scheme of things the DNS design flaws depicted in the paper still persist. I think it’s about time the network community addressed these DNS security issues.

To make securing DNS simple, Nixu Software will make the new Nixu Secure Name Server (SNS) publicly available on October 16. As any organization concerned about DNS security can afford it, we sincerely hope to make a difference.

Most of us still remember a time when hardware was expensive. In the heydays, I had the pleasure of visiting the Internet data centre of a major data storage vendor where every single rack I saw sold for more than million dollars. They had people flown in from all over the world just to hear the sales pitch.

Around the same time, the demand for hardware appliances started picking up. And why not: considering the margins hardware vendors were earning on their products, appliance servers made perfect sense. They offered better security due to their purpose-built design, and were easier to deploy and to maintain. And oh, they were more cost-efficient too.

Since then, the price of hardware has come down – dramatically so – which poses a new problem for hardware appliance vendors. If general purpose servers can nowadays be had for 1 unit, and software for purpose x for another 1 unit, why on earth would anyone spend 4 units on a hardware appliance?

I really do think the concept of a purpose-built appliance is a great one: they continue to offer better security, and are easier to deploy and to maintain. But at the same time, I think the heydays of hardware-based appliances will soon be behind us, as they really aren’t that cost-effective anymore. It makes better sense to run software appliances on general purpose servers.

Network World wrote a nice piece about software appliances a year ago. In case you’re not familiar with the concept, I recommend taking a closer look.