Site icon IT World Canada

Never-die DNS and DHCP services

If a network is like a car, then DNS is the ignition key. To extend that analogy, DHCP might be the battery. These two services are among the lightest available on any network, but no network can function without them. Without DHCP, address management becomes a nightmare. Without DNS, no one can access much of anything at all.

In an enterprise network, these services usually reside on the same local server or on a central server pushing DHCP scopes to remote sites and serving DNS requests across WAN links. Providing DNS and DHCP services in an easy-to-cluster appliance, Infoblox offers a way to bring never-die network services to remotely supported environments.

The Infoblox-1000 DNSone is simple to configure. When first powered up, the box assumes a 192.168.1.2 IP address and is immediately accessible via the Web, or you can configure the IP parameters using the LCD panel on the front or through the serial interface.

Once on the network, the device is managed from a Java interface served via SSL to a Web browser. I had no problems working with the interface while running Firefox on Linux, Mac and Windows, nor did IE show any problems.

You can configure two Infoblox-1000 devices to work as an active/passive cluster, bringing together custom synchronization and working with Virtual Routing Redundancy Protocol (VRRP). Intracluster communication is nicely handled by an encrypted tunnel between the devices.

In the lab, I built two HA clusters of Infoblox-1000 devices on separate VLANs on a Layer 3 switch. A few laptops served as DHCP and DNS clients, and a dual-Xeon Dell PowerEdge 2600 running Red Hat Advanced Server 4 served as a load generator.

I created a DNS zone of 100,000 records on a second Linux server and configured the same zone on the Infoblox. Handily, a feature in the zone-creation dialogue box allows you to configure a master zone and import the zone via DNS Asynchronous Full Transfer Zone (AXFR) from another server. I then transferred the 100,000-record zone into the cluster and transferred the corresponding reverse zone. Here I experienced a hitch. During the import of the large reverse zone, the cluster fell off the network. After probing around the boxes with the serial console, I couldn’t get any response from them. Power cycling the units didn’t alleviate the problem either, but when given enough time (presumably to do file system checks on the boot disk), the cluster did reboot back to its previous state.

Next I tested the clustering failover speed. I ran a script to continuously query the Virtual IP Address (VIP) of the cluster. I then forced a failover. Initially the passive node failing to assume the primary role. I replaced the questionable node with another Infoblox unit and brought it into the HA cluster. This configuration worked flawlessly.

The clustering combined with the ease of configuration provided by the Infoblox-1000 is attractive.

QuickLink 052101

Exit mobile version