Enterprise IPAM/DNS Solutions
jbaird at follett.com
Mon Apr 28 16:57:26 UTC 2014
No - our DNS servers do only one thing depending on their role - either to serve internal clients (caching/recursive/override external authoritative) or to serve authoritative external clients. I used to cringe at these appliance based solutions because I want to be in control of BIND and the server's operating system - but, they are beginning to sound more attractive since they don't require someone with operating system knowledge run maintain the application. The bonuses would be things like DNSSEC an Anycast support out of the box.
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Kevin Darcy
Sent: Monday, April 28, 2014 12:50 PM
To: bind-users at lists.isc.org
Subject: Re: Enterprise IPAM/DNS Solutions
Are you running *other*, non-network-service functions on these boxes besides BIND/M&M? If not, then you might find an appliance-based solution like Bluecat or Infoblox might be more cost-effective than adding a DNS-management layer to a generic server. Your security folks should love you too, since appliances are "hardened" (usually they don't even have a OS-like command line or a "superuser" function). Lastly, if you're planning to implement things like Anycast, HA clustering, IPv6, etc. these things are probably a lot easier for an appliance that already has these capabilities built in, than hacking the OS to support them. DNSSEC is likely to be a lot easier too.
The argument for appliances becomes even stronger if you want to support other network services, e.g. DHCP, NTP, discovery.
If, on the other hand, you're running "other stuff" on those servers, besides network services, or you just *have* to have that OS-level control down to the kernel, filesystems, devices, etc. it might make sense to stick with an agent- or wrapper-based solution like you already have (M&M). I think IPControl (by British Telecom) is also a strong player in that space.
On 4/28/2014 12:31 PM, Baird, Josh wrote:
> We currently use the Men & Mice DNS/IPAM/DHCP suite which is essentially a front-end "wrapper" for BIND. We deploy our own BIND boxes and simply install the Men & Mice agent on them which allows us to centrally manage the zones from a GUI (or CLI) based interface.
> I'm curious about the other "enterprise" solutions that are on the market. Bluecat is the first one that comes to mind, but I'm completely unfamiliar with their product. Does their product run alongside native BIND (like M&M) or do I need to purchase their own appliances and place them all over my network?
> Are there any other suggestions for products similar to Men & Mice and Bluecat that I should be looking at? I'm looking for DNS and IPAM and central management.
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
More information about the bind-users