Infoblox Loads DNS Services onto Cisco Routers

Enterprise IT executives looking to cut costs and consolidate infrastructure might be interested in news jointly announced Monday by Infoblox and Cisco, as the vendors team to offer Infoblox DNS, DHCP and other core network services via blades designed to slide into Cisco's integrated services routers.

The technology partnership will enable network managers to put DNS, DHCP, IP address management and other core network services on blades in Cisco routers deployed at branch office locations, eliminating the need for a separate server to maintain those services. The product, developed under Cisco's Application eXtension Platform (AXP), enables customers to push network services closer to the edge and consolidate infrastructure in remote offices. Industry watchers say the partnership reflects a trend among enterprise companies to reduce infrastructure while maintaining services.

"Remember the 'Trapper Keeper?' That's what Cisco's routers are becoming for enterprise branch office: a single place to keep all critical network applications and services," says Phil Hochmuth, senior analyst at Yankee Group. "This is being enabled largely by the AXP, which allows organizations to cram as many services -- even ones beyond Cisco's own scope, such as Infoblox IP address management - onto a single platform."

According to Infoblox, enterprise companies can spend between $600 and $1,500 managing a server per branch office per month. Removing the need for a server at the branch to support core network services not only reduces that cost, but also ensures the branch will continue to have DNS, DHCP, NTP, FTTP, HTTP, TFTP and syslog proxy capabilities at the remote location - even if a connection to the data center is lost. Infoblox vNIOS Virtual Appliance software installs on a blade in Cisco's widely deployed ISR router line -- reportedly 4 million are installed today -- which Infoblox Vice President of Marketing Rick Kagan says will reinforce the vendor's message that DNS services can't be ignored even in a difficult economy.

Cisco and Infoblox also plan to showcase the joint solution at several upcoming industry events, including at a live virtual meeting this week and at Cisco Networkers later this month in Barcelona, Spain.

Source:http://www.networkworld.com/news/2009/011209-infoblox-dns.html

Another DNS Outage Gives OpenDNS Free Advertising

The folks in the OpenDNS marketing department probably huddle together each morning in a meeting room, praying to the digital gods for ISP DNS problems -- given that every time an ISP has a DNS disruption, the increasingly popular company sees an influx of new customers. Since being launched in 2006 by David Ulevitch, the service has developed an almost cult following, and now offers users a slew of services ranging from Internet filters and URL auto-correction to network monitoring and anti-phishing protection.

The company has certainly been helped each time the nation's two largest ISPs, Comcast and AT&T, temporarily forget how to run their DNS servers (which has happened a number of times over the last few years).

It's not clear how many users switched before Time Warner Cable resolved the problem (their LA network status page seems to indicate the problem is ongoing as of mid-day Friday). While probably not a priority for execs at Time Warner Cable, it does eat away at the revenue generated by DNS redirection advertising, which Time Warner Cable began implementing roughly a year ago. A growing number of ISPs have been implementing DNS redirection ad pages that pop-up when a user mistypes a URL, creating a new profit stream off clumsy typing.

OpenDNS is targeting that same profit stream and so far, and seems to be doing a much better job at it -- by including features that users actually find useful. Earlier this year it was estimated that OpenDNS makes $20,000 per day via their search relationship with Yahoo alone. That's money that could be going into ISP pockets, and you can be sure that eventually, should OpenDNS's popularity continue to grow, carriers will start trying to get wayward DNS users back onto their own servers -- one way or another.

DNS Server, DNS Server Support, DNS Problem, Domain Name System

Source: http://www.dslreports.com/shownews/Another-DNS-Outage-Gives-OpenDNS-Free-Advertising-99648?nocomment=1

Using dnsmasq for DNS and DHCP services

Software for providing DNS and DHCP services have typically come from ISC in the form of BIND and dhcpd. While these software packages are quite robust and, for the most part, quite secure, there are other alternatives that may work better depending on your situation. For smaller home or office networks, managing BIND and dhcpd may be overkill.

Another solution that provides both services is dnsmasq, which will cache external DNS addresses, provide local DNS names or override external DNS entries, and also provides dynamic IP addresses in the form of DHCP. It can even provide static IP addresses over DHCP, the same as dhcpd, with the only pre-requisite being the MAC address of the system to assign the static IP to.

Most Linux distributions come with dnsmasq packaged, so it is a simple apt-get, yum, or urpmi away. Otherwise, compiling from source is quite easy. Dnsmasq handles DNS setup differently than BIND and other DNS servers. Everything is configured via a single configuration file, /etc/dnsmasq.conf.

When a request comes in, dnsmasq does not look in zone or similar files; it consults /etc/hosts first and then will look externally for addresses by consulting the name server(s) defined in /etc/resolv.conf. This is a quick and easy way to override external DNS addresses by simply defining them in /etc/hosts on the system that is running dnsmasq.

Dnsmasq also provides DHCP services quite easily. To do so, uncomment and set the following options in /etc/dnsmasq.conf:

expand-hosts

domain=example.com

dhcp-range=192.168.0.50,192.168.0.150,12h

dhcp-option=3,192.168.0.1

This will enable DHCP and set the network domain to “example.com.” The DHCP server will offer addresses between 192.168.0.50 and 192.168.0.150 with a lease of 12 hours. Finally, dhcp-option sets the third (3) DHCP option, which sets the default route, pointing to 192.168.0.1 as the router. There are a lot of dhcp-option values; the configuration file and man pages go through them all with examples.

To set a static IP address for a client, use the dhcp-host keyword:

dhcp-host=11:22:33:44:55:66,foo,192.168.0.10

This will always give the host with the hardware MAC address of 11:22:33:44:55:66 the hostname foo (.example.com) and the IP address 192.168.0.10.

Another useful feature of dnsmasq is that it provides a TFTP server as well. You can enable the TFTP server, point it to the root directory of files to serve, and make use of network booting.

Dnsmasq provides a number of features that make it a compelling replacement for BIND and dhcpd, or any other DNS or DHCP server software you may be using. It can set default MX records, various caching options, a wide variety of DHCP options, SRV records to provide LDAP information, PTR records, SPF records, and even Zeroconf records.

For small office and home networks, dnsmasq is hard to beat in terms of simplicity and power. The configuration file is loaded with examples and information so, while initial setup for a larger network will require a commitment of some time, it is all very straightforward.

Get the PDF version of this tip here.

Source: blogs.techrepublic.com.com/opensource/?p=293