According to an article published by The Register on January 17, a gentleman called David Ritz was fined $60,000 for doing DNS lookups. Apparently, this ruling by District Court, County of Cass, State of North Dakota was largely based on a finding that David had been using zone transfers and Whois service to hack the two authoritative DNS servers of a certain specialist web hosting and Internet services firm. As I really couldn’t believe what I was reading – and based on the comments posted at The Register I wasn’t alone – I decided to have an actual look at the ruling itself. After all, if using zone transfers was a crime, most network and system admins would be looking to do some serious jailtime.

To read the ruling yourself, please click here.

Now, while the merits of this case are certainly debatable, I’ll leave that to others. What I’d like to point out, though, is that the plaintiff in this case – a specialist web hosting and Internet services firm – was running two public, authoritative DNS servers containing confidential DNS data that they did not want to disclose to the public. Yet practically anyone who cared to initiate zone transfers was allowed to do that. In my books, it’s like leaving your door open – not unlocked but wide open – and then being upset about the fact that someone came in. If you asked me, the plaintiff had it coming.

But what strikes me the most is this: although leaving one’s door open for anyone to come in sounds a little gullible to say the least, there are literally millions of public DNS servers out there that have been configured insecurely and are open for anyone to access. Yes, millions. Yet if you asked the system administrators responsible for these DNS servers whether or not their servers were securely managed and configured, they would most likely say ‘yes’ and then share a clever detail or two of the finesses of managing a DNS server. Doesn’t it sound like there’s a bit of a discrepancy at play here?

The reason for the discrepancy is simple enough, though: plain vanilla BIND servers that make up some 80%+ of all public DNS servers come with default configurations that are not secure. And this, my dear readers, is exactly why we developed Nixu Secure Name Server (SNS): to protect your DNS servers by making the related installation, configuration and management processes a walk in the park.

As some of you may have already noticed, we launched the new 6.1.1 version of Nixu NameSurfer Suite yesterday. The most important new feature in this release is full integration with Secure64 DNS server application. If you are not familiar with Secure64 DNS, I strongly urge you to check it out: it is the highest-performing and the most secure authoritative DNS server on the planet.

Now, I guess some of you may wonder the rationale behind our co-operation with Secure64. After all, Nixu Software already has another authoritative DNS server in its solution portfolio, Nixu Secure Name Server (SNS), so one might think there is an overlap between the two products. Nothing could be further from the truth, though.

Nixu SNS is an inexpensive ($495 per server per year) DNS software appliance that offers a good level of security and performance on x86-based platforms, whether x86 hardware or virtualization platforms emulating x86 computing environment. Depending on the exact platform specifications, Nixu SNS can answer up to 30,000-40,000 queries per second. With its hardened Linux OS and built-in intrusion detection / intrusion prevention, it is as secure as a hardened Linux-based server can be. In many cases, this would be enough.

However, there are also some security-conscious service providers, enterprises and other organizations out there that want to go the extra mile to protect their Internet-dependent business under any and all circumstances. And for these folks, there is Secure64 DNS, the DNS marvel. A single entry-level HP Integrity server with Intel Itanium CPU running Secure64 DNS can answer 100,000+ queries per second. Even better, it’s totally immune against all known malware & rootkits and remains responsive until a one-gigabit connection has been saturated. Impressive stuff, no?

So essentially, I think it’s safe to say these two technologies complement rather than compete with each other. But even more importantly, I think we’ve now gone a long way into redefining DNS performance and security with Secure64. As many of you know, some vendors in our industry ship Nixu SNS -like products on Dell boxes and call them high-end. I’m sorry to tell them that’s nowadays just the bare minimum.

Seems like the good old DNS is going mainstream. According to Infoworld, in Sony Pictures’ upcoming “Untraceable”, FBI agents use whois domain name lookup, traceroute and ping to hunt down the killer. For further details, please see Infoworld’s article on the topic.

Over the last couple of years, some of the biggest success stories in the internet economy – Google, Amazon.com and alike – have been attributed to the so called Long Tail economics first coined by Chris Anderson back in 2004. Put simply, thanks to the economies of scale and the distribution power introduced by the Internet, companies are now able to attend to the needs of the smallest of market segments (niches) at reasonable price points, yet make a profit in the process.

Think about the recording industry: before MP3s were sold and distributed online, it would have been rather time-consuming and very expensive to get a hold of for example Chet Baker’s “In Milan”, as there wouldn’t have been sufficient demand for a bricks and mortar record store to sell the CD, let alone the vinyl, off the shelf. However, now that one can go to Amazon.com to buy and download this particular recording, the buying process is both easy and inexpensive.

In my blog entry last week, I talked about different industry analyst firms that see great potential in software appliances. One of the software appliance benefits identified by Gartner, IDC, Forrester et al is that it allows the utilization of the Long Tail economics in software distribution. This is simply because unlike their hardware-based computing appliance cousins that require a specific piece of hardware to run on, software appliances can be distributed electronically – much like rare jazz albums – at very attractive price points.

When it comes to DNS and DHCP, two networking niches as far as commercial aspects are concerned, the Long Tail economics and the software appliance distribution model really do make a difference. In the days of yore, only the larger organizations could afford productized, secure DNS and IP addressing solutions. This was mostly because the price points would have been prohibitive for smaller outfits due to the not-so-efficient delivery and distribution processes.

However, with the next generation software appliances such as Nixu Secure Name Server (SNS) and Nixu DHCP Server that are distributed electronically, practically any organization can afford and has an access to secure, dedicated DNS and/or DHCP servers. This is especially true when these software appliances are installed and run as virtual appliances (in virtual machines), as the deployment does not require dedicated hardware.

To try out how the Long Tail economics of networking software work in practice, please download our software appliances for a free 30-day evaluation by clicking here.

Now that the year has turned, it seems like everyone and their mother is making predictions for 2008. And although we aren’t great believers in me-too tactics at Nixu Software, I thought I’d put my two cents in as well. After all, extrapolating trends is a nice excercise. How I’d love to be an analyst!

Talking about analysts, 2007 saw a huge increase in the number of research firms talking about software appliances: Forrester, Gartner, IDC as well as a number of smaller analyst firms all started talking about the great promise of software appliances. And for a good reason too. Considering the evolving complexities associated with OSs of today, the increasing popularity of software as a service (SaaS), and the fact that virtualization is expected to gain some serious traction during 2008 – not least because of Microsoft’s Hyper-V that will be included in Windows Server 2008 sometime in H2 2008 – software appliances offer a hugely attractive proposition to entities in all walks of organizational life whether large, small or somewhere in between. This will also mark the end of the OS dependant world as we know it, as organizations can start running Linux-based software appliances on Windows servers without having to bother maintaining the underlying Linux OSs themselves.

Since launching the world’s first DNS software appliance in October 2006, followed by DHCP and DNS/IPAM software appliances in 2007, this is also what we at Nixu Software have been witnessing. The number of downloads has been climbing steadily quarter over quarter and it looks like we’ll be seeing more of the same during 2008. This is largely caused by the fact that once organizations have invested in and committed to virtual computing environments, they must start rolling out applications and network services on those platforms to show ROI. And as software appliances offer the best bang for the buck when deployed in virtual environments, we are going to see more and more organizations running software appliances in them. Further, as it happens, I have this little theory that the number of virtualized computing environments could actually be construed as a leading indicator for the popularity of software appliances. Considering how much has been said on virtualization during 2007, it could well be that software appliances follow the suit in 2008 and beyond.