bind on bluecat's adonis 1000

Greg Chavez greg.chavez at gmail.com
Thu Sep 15 13:25:27 UTC 2005 

On 9/14/05, Brad Knowles <brad at stop.mail-abuse.org> wrote:
=20
I was also blushing at how transparent your earlier "Questions you
should ask of a DNS Appliance" effort was.  All Infoblox, all the
time.

>         I can't speak for a tool to check for errors, but I know that
> Infoblox fully supports views, and I've seen some pretty impressive
> performance on these things -- out-of-the-box performance in the
> 25,000-30,000 queries per second range for authoritative nameservice
> on a large-scale domain.

They plan to support views.  The current version (3.1rc6) does not.=20
Infoblox is minus many of the features and fine-tuning controls of
BIND 9.2.4.  They may exist somewhere in the bowels of the code, but
they are not available in the management interface.  I suspect much of
this is on purpose - appliances probably should appeal to those
without the desire or resources to tinker much.
=20
>         Every appliance is either a grid member or a grid master, and all
> configuration is done through the master for a particular grid.  You
> can update a configuration or a zone, roll that out across all the
> members of the grid, have them automatically stagger their
> reconfiguration process, monitor the reconfig as it is in progress
> across the grid, etc....  And reconfiguration takes just a few
> seconds.

This is where Infoblox's DNS-ONE product clearly excels. My client
"company" which is in the process of migrating from a creaky,
byzantine, hard-to-debug BIND 9.2.2 split-DNS architecture will
benefit enormously from these enterprise features.  *IF* this
clustering feature works as advertised, multiple appliances can be
effortlessly inserted into an existing environment with virtually
identical configurations.  Sort of like a hands-off Jumpstart.=20
Unfortunately, this enterprise feature requires a separate license -
one which I am trying to coax my client company to procure.  Without
this feature - which is oddly called Keystone DVS - you will have to
configure each Infoblox separately.  Caveat emptor.

Still, I am very much looking forward to testing it, along with its
VRRP high-availability getup.  Let me tell you this though - you will
need FIVE IP addresses per HA pair on the same network LAN to make
this work.  If you run a large operation with many appliances, you
will consume IP subnets fast.  My IP migration spreadsheets are a
nightmare.

>         Infoblox doesn't try to hide the which version of BIND they're
> running, and they're open about the software being built with support
> for threading, and the type of dual-CPU Opteron box they're running
> on, etc....  They don't let you create the configuration file
> manually, but you can see the whole thing on their Java Web Start
> Application or on their Java Applet in your web browsers, you can
> download it to your desktop, etc....

I forget what version its *based* on, but it's very recent.  However,
it's probably been bent and reduced to their will, possibly enough to
make it qualify as more of an ersatz BIND, much in the way other
appliances bend and reduce BSD and Linux.

This Java GUI of which you speak is the major weakness of the product.
 It is, at times, prohibitively slow.  The worst part is they way the
GUI "exits".  There is no log-off button.  Instead, you must exit your
browser completely to reconnect.  This is so annoying, I can barely
stop myself from foaming at the mouth as I type this paragraph.

I cannot speak to its performance yet, although it promises to be very good=
.

Infoblox is very receptive to these complaints though, and I predict
that they will start making more and more concessions to half-baked
BIND-geeks like myself as the versions march by.  You should also note
that Infoblox contains more than one BIND emeritus on their payroll.=20
Their influence can't help but rub off.
 =20
>         But Terry is right -- you should arrange to get at least one of
> each and test them out for yourself.

Here, here.  Test.  *THEN* tell us how it works.  Corporate Web sites
and marketing brochures and those who read from them are about as
accurate as my shoe.

--Greg Chavez

More information about the bind-users mailing list