Never-die network services

If a network is like a car, then DNS is the ignition key. To extend that analogy, DHCP might be the battery. These two services are among the lightest available on any network, but no network can function without them. Without DHCP, address management becomes a nightmare. Without DNS, no one can access much of anything at all.

In an enterprise network, these services usually reside on the same local server or on a central server pushing DHCP scopes to remote sites and serving DNS requests across WAN links. Though this architecture ties the fate of remote networks to the WAN, network managers typically choose it to avoid installing servers at remote sites where administrators are loath to tread. Providing DNS and DHCP services in an easy-to-cluster appliance, Infoblox offers a way to bring never-die network services to remotely (or scarcely) supported environments.

The Infoblox-1000 DNSone is simple to configure. When first powered up, the box assumes a 192.168.1.2 IP address and is immediately accessible via the Web, or you can configure the IP parameters using the LCD panel on the front or through the serial interface.

Entering the DNS Zone

Once on the network, the device is managed from a Java interface served via SSL to a Web browser. I had no problems working with the interface while running Firefox on Linux, Mac, and Windows, nor did IE show any problems. Two caveats: The client is best suited to running on Java 1.4 rather than Java 1.5. And certain administrative tasks that involve changing core parameters of the device require a full restart of the Web browser. In some instances I had to reboot my client PC to resume using the Web interface.

The administration console is well laid out. Adding and removing zones and scopes is simple, and comfortable views of current zone data are easily had. Because the Infoblox runs Internet System Consortium’s BIND (Berkeley Internet Name Daemon) and DHCPD (Dynamic Host Control Protocol Daemon) packages, every option you could desire is available. Microsoft’s AD (Active Directory) is directly supported, so the Infoblox easily serves as the DNS server in an AD environment. The solution also fully supports dynamic DNS registration, and it’s much better at handling dynamic DNS scavenging than is Microsoft’s DNS server. Because host information is located in a central database on the Infoblox, a DHCP lease expiration will automatically remove address and pointer records, eliminating the problem of DNS ghosts.

Impressive HA (high-availability) and clustering capabilities allow you to configure two Infoblox-1000 devices to work as an active/passive cluster, bringing together custom synchronization and working with VRRP (Virtual Routing Redundancy Protocol). Intracluster communication is nicely handled by an encrypted tunnel between the devices. Beyond this, you can cluster HA nodes into a single entity, or grid, allowing for management of the whole cluster from a master console. This includes automated OS upgrades to cluster nodes, automated zone synchronization, and overall zone management, all of which the Infoblox makes simple and straightforward. The $4,995 per node clustering cost is steep, but the ability to manage all the devices across the network from a single console eases administration significantly.

Feeds and Speeds

In the lab, I built two HA clusters of Infoblox-1000 devices on separate VLANs on a Layer 3 switch. A few laptops served well as DHCP and DNS clients, and a dual-Xeon Dell PowerEdge 2600 running Red Hat Advanced Server 4 served as a load generator.