I misspoke a bit about DNSSEC. That's not an OS-level thing (unless you
want to hook in an HSM or something like that), so there's no reason to
think that an appliance-based solution would be better at it than an
agent/wrapper-based solution.
- Kevin
On 4/28/2014 12:57 PM, Baird, Josh wrote:
Kevin,
No - our DNS servers do only one thing depending on their role - either to
serve internal clients (caching/recursive/override external authoritative) or
to serve authoritative external clients. I used to cringe at these appliance
based solutions because I want to be in control of BIND and the server's
operating system - but, they are beginning to sound more attractive since they
don't require someone with operating system knowledge run maintain the
application. The bonuses would be things like DNSSEC an Anycast support out of
the box.
Thanks,
Josh
-----Original Message-----
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kevin Darcy
Sent: Monday, April 28, 2014 12:50 PM
To: bind-users@lists.isc.org
Subject: Re: Enterprise IPAM/DNS Solutions
Are you running *other*, non-network-service functions on these boxes besides BIND/M&M? If not,
then you might find an appliance-based solution like Bluecat or Infoblox might be more cost-effective
than adding a DNS-management layer to a generic server. Your security folks should love you too, since
appliances are "hardened" (usually they don't even have a OS-like command line or a
"superuser" function). Lastly, if you're planning to implement things like Anycast, HA
clustering, IPv6, etc. these things are probably a lot easier for an appliance that already has these
capabilities built in, than hacking the OS to support them. DNSSEC is likely to be a lot easier too.
The argument for appliances becomes even stronger if you want to support other
network services, e.g. DHCP, NTP, discovery.
If, on the other hand, you're running "other stuff" on those servers, besides
network services, or you just *have* to have that OS-level control down to the kernel,
filesystems, devices, etc. it might make sense to stick with an agent- or wrapper-based
solution like you already have (M&M). I think IPControl (by British Telecom) is also a
strong player in that space.
- Kevin
On 4/28/2014 12:31 PM, Baird, Josh wrote:
Hi,
We currently use the Men & Mice DNS/IPAM/DHCP suite which is essentially a front-end
"wrapper" for BIND. We deploy our own BIND boxes and simply install the Men & Mice
agent on them which allows us to centrally manage the zones from a GUI (or CLI) based interface.
I'm curious about the other "enterprise" solutions that are on the market. Bluecat
is the first one that comes to mind, but I'm completely unfamiliar with their product. Does
their product run alongside native BIND (like M&M) or do I need to purchase their own
appliances and place them all over my network?
Are there any other suggestions for products similar to Men & Mice and Bluecat
that I should be looking at? I'm looking for DNS and IPAM and central management.
Thanks,
Josh
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
