Enterprise IPAM/DNS Solutions

Kevin Darcy kcd at chrysler.com
Mon Apr 28 17:06:41 UTC 2014 

I misspoke a bit about DNSSEC. That's not an OS-level thing (unless you 
want to hook in an HSM or something like that), so there's no reason to 
think that an appliance-based solution would be better at it than an 
agent/wrapper-based solution.

                                         - Kevin

On 4/28/2014 12:57 PM, Baird, Josh wrote:
> Kevin,
>
> No - our DNS servers do only one thing depending on their role - either to serve internal clients (caching/recursive/override external authoritative) or to serve authoritative external clients.  I used to cringe at these appliance based solutions because I want to be in control of BIND and the server's operating system - but, they are beginning to sound more attractive since they don't require someone with operating system knowledge run maintain the application.  The bonuses would be things like DNSSEC an Anycast support out of the box.
>
> Thanks,
>
> Josh
>
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Kevin Darcy
> Sent: Monday, April 28, 2014 12:50 PM
> To: bind-users at lists.isc.org
> Subject: Re: Enterprise IPAM/DNS Solutions
>
> Are you running *other*, non-network-service functions on these boxes besides BIND/M&M? If not, then you might find an appliance-based solution like Bluecat or Infoblox might be more cost-effective than adding a DNS-management layer to a generic server. Your security folks should love you too, since appliances are "hardened" (usually they don't even have a OS-like command line or a "superuser" function). Lastly, if you're planning to implement things like Anycast, HA clustering, IPv6, etc. these things are probably a lot easier for an appliance that already has these capabilities built in, than hacking the OS to support them. DNSSEC is likely to be a lot easier too.
>
> The argument for appliances becomes even stronger if you want to support other network services, e.g. DHCP, NTP, discovery.
>
> If, on the other hand, you're running "other stuff" on those servers, besides network services, or you just *have* to have that OS-level control down to the kernel, filesystems, devices, etc. it might make sense to stick with an agent- or wrapper-based solution like you already have (M&M). I think IPControl (by British Telecom) is also a strong player in that space.
>
>                                       - Kevin
>
> On 4/28/2014 12:31 PM, Baird, Josh wrote:
>> Hi,
>>
>> We currently use the Men & Mice DNS/IPAM/DHCP suite which is essentially a front-end "wrapper" for BIND.  We deploy our own BIND boxes and simply install the Men & Mice agent on them which allows us to centrally manage the zones from a GUI (or CLI) based interface.
>>
>> I'm curious about the other "enterprise" solutions that are on the market.  Bluecat is the first one that comes to mind, but I'm completely unfamiliar with their product.  Does their product run alongside native BIND (like M&M) or do I need to purchase their own appliances and place them all over my network?
>>
>> Are there any other suggestions for products similar to Men & Mice and Bluecat that I should be looking at?  I'm looking for DNS and IPAM and central management.
>>
>> Thanks,
>>
>> Josh
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>

More information about the bind-users mailing list