BIND Based Appliances.

[Jeff A. Earickson]

Hi,

I am evaluating an Infoblox appliance right now, having landed on
my desk a couple of days ago, for DNS and DHCP.  We currently use the
ISC versions of DNS and DHCP.

So far, I am *totally* unimpressed with Infoblox.  I use Macs.
Their java client does not work at all on a Mac.  I also use Boot Camp
and vmware fusion (2.0) to run Vista on my Macs -- it did not work there
either.  I would reasonably expect a Mac booted into Vista from Boot Camp
to work with a Windows-centric Java client.  It totally flunked, using
java 1.4.2, 1.5, and 1.6u7.  I had to get a Windows XP box to get the
client to work.

After all that, I finally get connected to the Infoblox, and I'm ready
to import my DNS and DHCP data from my ISC files.  The manager does 
not have an import feature.  It is a separate java client available from
their support.  So I have to track that down and get it, more phone
calls and wasted time.

So I get the Data Import Wizard installs.  It completely failed on a
DHCP import of my dhcpd.master file.  It did not like:

Parsing DHCP file error: line 46:1: unexpected token: omapi-port

so I comment this line out in the file.  Then it complains:

Parsing DHCP file error: line 50:1: unexpected token: max-lease-time

Excuse me???  The max lease time is a very important parameter in
DHCP.

Then tried to import my DNS data via either file imports or DNS zone
transfer.  Both failed.  Both choked on errors in the DNS boot file.
I am looking at this right now.

I would expect data imports of ISC DNS and DHCP information to work
flawlessly if thie appliance was worth anything.

Methinks this eval is headed for failure/rejection.

Jeff Earickson
Colby College

On Fri, 3 Oct 2008, Larry Fahnoe wrote:

> Date: Fri, 3 Oct 2008 09:30:22 -0500
> From: Larry Fahnoe <fahnoe at fahnoetech.com>
> To: bind-users at isc.org
> Subject: Re: BIND Based Appliances.
> 
> I don't know about the ISC authorization part of your question, but
> Infoblox's DNSone is based upon bind and works very well.  As an
> appliance, it offers out of the box HA as well as a distributed
> database shared by both bind and ISC dhcpd.  The appliances and
> database can be configured in a distributed grid to build a scalable
> DNS, DHCP, and IP management environment for entities of varying
> sizes.  It can also be used as a primary with stock bind secondaries
> if you do not wish to purchase additional appliances (this does
> require a bit more work on your part, but is of course less
> expensive).  The combined database underneath bind and dhcpd make the
> appliance ideally suited to do IP management tasks, and the IP Address
> Management component provide a very nice tool to manage networks and
> their address ranges.  The appliance has a decent GUI as well as a
> full featured API for you customizations.  We've been using DNSone for
> a few years and are quite pleased with it.
>
> As far as Josh's comments about his experience, I would partially
> agree and partially disagree.  We worked with Infoblox quite a while
> before I was comfortable with the data import process.  I opened
> several cases with Infoblox during that time to get things fixed or
> improved.  Some of the fruits of our work there have shown up in their
> current java import tool.  I consider myself a reasonably seasoned
> bind user (after 20+ years, I ought to have learned something!), but
> at this point I would have no hesitation in giving a strong
> endorsement to the Infoblox appliances.  Not unlike bind itself, you
> have to spend a little time learning to think like it does, but once
> you do so, the appliance is quite decent to use.  As far as the
> Infoblox API is concerned, yes, it has been evolving over the years,
> and things do change from time to time.  In fact I have only had one
> of my scripts break as a result of an upgrade over the years and this
> was due to them changing their permissions model.  If you want to use
> the API, look at the examples provided and plan to spend some time
> working with it.
>
> --Larry
>
> On Fri, Oct 3, 2008 at 9:12 AM, Josh Smith <juicewvu at gmail.com> wrote:
>> I believe the infoblox appliances are bind based however After
>> administering them for over a year I have to say steer clear of them.
>> They definitely make dns easy enough that anyone can do it at the
>> expense of making it impossible for someone who knows what they are
>> doing being able to automate anything.  They do have a perl API but
>> its aweful.
>>
>>
>>
>> On Fri, Oct 3, 2008 at 9:50 AM, Jeff Lightner <jlightner at water.com> wrote:
>>> If you're a Linux Addict why not just buy a couple of x86 servers and
>>> install Linux with BIND on top of it?
>>>
>>> -----Original Message-----
>>> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
>>> Behalf Of Linux Addict
>>> Sent: Friday, October 03, 2008 9:37 AM
>>> To: bind-users at isc.org
>>> Subject: BIND Based Appliances.
>>>
>>> Folks, I am looking to re-architecture our NS Infrastructure. Can you
>>> guys suggest me if there are any Bind-Based Appliances available and
>>> authorized by ISC itself?
>>>
>>> Thanks, LA
>>> ----------------------------------
>>> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
>>> ----------------------------------
>>>
>>>
>>
>>
>>
>> --
>> Josh Smith
>> email/jabber:  juicewvu at gmail.com
>> phone:  304.237.9369(c)
>>
>> ()  ascii ribbon campaign - against html e-mail
>> /\  www.asciiribbon.org   - against proprietary attachments
>>
>>
>
>
>
> -- 
> Larry Fahnoe, Fahnoe Technology Consulting, fahnoe at FahnoeTech.com
> 952/925-0744      Minneapolis, Minnesota       www.FahnoeTech.com
>
>