Adonis truly shines with security. The ACL (access-control list) tools are excellent. Right from the initial installation, everything is secure--including adds/drops and communications between master and slave. Security is maintained via a 128-bit-encrypted SSL connection on Port 10042 between the appliance and client. The certificate keys are generated and installed via the configuration floppy. SSL certificates can only be shared with additional clients via configuration disks. Adonis offers an integrated firewall and keeps only two ports open--for DNS requests and SSL communications with the client.
The error-checking capabilities are impressive. The BlueCat box wowed us with the speed and thoroughness of its audit tools. It instantly reviewed our imported DNS configs and highlighted a couple of minor issues. We watched the tools run through an import file from a multithousand node network in less than five seconds, identifying a number of problems. The tools can check existing configuration files on the client and do a live data check of the environment.
Adonis does need some improvement in one area: Apple Macintosh compatibility. We'd like to see a Macintosh-compatible client. The importation of existing zones and configurations was simple with respect to text files and databases, but not being able to directly import a zone via transfer from existing DNS servers is disappointing, especially from such an impressively polished product. The other two appliances allow for direct import via zone transfer from existing servers, making administration easier.
Adonis, $9,995. BlueCat Networks, (905) 882-5691. www.bluecatnetworks.com
The DNSBox300 is the only product in our testing trio to use NIXU NameSurfer SE to manage DNS. NameSurfer has been around for about six years, with approximately 700 major customers worldwide, including Cox Communications, Nokia and Qwest Communications. The DNSBox300 is designed to be a primary DNS, using secondary or slave DNS boxes to front BIND 9 to the outside world (ApplianSys provided its own DNSBox100 for this purpose, but we also successfully tested with a Linux box as secondary.) NameSurfer retains compatibility with BIND 4 and BIND 8 as well. So while NIXU provides the full functionality of a primary DNS in the background, ApplianSys recommends that you run secondary name servers with traditional BIND to interface with the world.
In keeping with a "simple is better" design theme, the DNSBox300 uses CompactFlash memory rather than traditional hard disks, eliminating a common source of hardware failure. This is a nice touch. With twin CompactFlash slots, the OS and application reside on one LinuxROM card; user configuration and other data are on the second card for ease of update and additional security. From our point of view, no spinning parts equals fewer points of failure.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
