The External DNS system at MaximumASP has been replaced with a new system of hardware appliances based on the BIND nameserver software. The appliance vendor of choice for this solution is Infoblox,one of the industry's leading companies in DNS infrastructure and management as well as security for core network services.
The Infoblox DNS solution replaces our old DNS servers which were running Microsoft DNS on 64-bit Windows 2003 servers. The decision to replace this critical part of our network infrastructure was made a number of months ago following a series of DNS related outages. We were simply outgrowing the capabilities of Microsoft DNS.
BIND based software is a comfortable fit for our external DNS that offers us the performance and uptime our customers are accustomed to having. To further our commitment to performance and uptime, the decision was made to use a network appliance solution and place management of DNS with our netops department. This decision placed priority on the security of our external DNS in addition to performance.
Of the appliances considered, the Infoblox family of boxes met - and in many cases exceeded - all our needs. The solution provided the functionality we required, a flexible solution architecture, a short migration path, a knowledgeable and responsive technical support base and a thorough attention to security.
As we were wrapping up our final tests on the new system, posts all across the industry spoke of the DNS vulnerability identified by Dan Kaminsky in early July. Because the code update was already available from Infoblox when we first caught wind of the vulnerability, our solution went live with the patch in place. Now, granted, the possibility of that vulnerability affecting our external DNS was low. However, the fact that Infoblox was prepared before the public-at-large knew about the problem convinced us that we made the right choice.
Since putting the new system in production, the days of our public DNS servers needing weekly reboots and experiencing other "mini-disasters" related to server performance and software limitations, our netops now boasts DNS uptime in terms of months (soon to be years) and DNS problems have been cut down to almost nothing. In fact, this all comes to fruition without any of our Microsoft Certified engineers needing to learn a single BASH command.