Improve Core Network Services With High Availability From TCPWave

Internet is a great platform for businesses to grow on, however, it can be harsh on your enterprise if your DNS services are fragile and lack proactive monitoring and smart built-in action plan to continue operations even during DNS attacks or physical failures. DNS failure is not good for your business. We at TCPWave understand that certain events are beyond control, but our DNS Resiliency solutions empower you to sail through any DNS crises.

TCPWave offers various flavors of DNS Authoritative and Cache appliances.

TCPWave DNS Authoritative Appliance

Authoritative DNS appliance for hosting authoritative zone data.

Flavors

  • ISC BIND Authoritative
  • NSD Authoritative

TCPWave DNS Cache Appliance

Cache DNS appliance to perform recursive lookup.

Flavors

  • ISC BIND Cache
  • UNBOUND Cache
DNS DR

In case, a catastrophic event brings down the root server , the cache server takes charge as authoritative server by inheriting and processing Zone files from IPAM without interrupting the enterprise network.

Dual DNS

ISC BIND, Unbound and NSD are three DNS servers with different source code which come preloaded with TCPWave remote server package.

Once they are configured, they work in sync to enable you with continuous DNS operations even when a BIND Cache server is attacked or crashes, TCPWave intelligent watchdog server, MONIT, will check for the health of DNS and if it detects a failure, it will switch to Unbound.

Stealth DNS Master

Stealth DNS Master concept keeps your master server hidden from Cache DNS Servers and clients doing NSlookup, and allow only the slave to know about the Master DNS server’s existence. The zones are available to people on your network using slave DNS servers. So, your DNS Data is protected while bad DNS exploits are only able to impact the slaves, and they get overwritten when slave syncs up with master.

Master-Slave

The authoritative servers can be configured as Master or Slave servers, this topology will provide you with high availability when the Master comes crashing down. Regular Master to Slave updates and zone transfers happen over a secured channel, hence Slave is always up-to-date, so in case Master is brought down, the slave can act as master to support continuity of operations.

Monitoring
  • All our flavors of DNS appliances have been configured with SNMP MIB to provide fault and performance management statistics so your network administrator can make proactive decisions.
  • The robust TCPWAve IPAM chart engine provides user sophisticated yet comprehensive charts to assist network administrator to monitor and take necessary actions.
  • TCPWave logs engine provides all logs in the UI.
  • Our monitoring engine continuously checks for DNS services health Check.
High Availability
  • TCPWave’s Watchdog, MONIT, will check the health of DNS for every 5 sec’s . If the MONIT gets 3 bad signals from named, it will switch from named to the unbound.
  • Multiple disaster recovery nodes can be configured with our IPAM, and TCPWave IPAM syncs up the operational database with disaster recovery database both in real-time and offline.
  • Our support for multiple DNS master-slave, DNS cache constellations setup for DNS zones ensure that zones are always highly available.
  • Source port randomization on our BIND and Unbound DNS along with code diversity in ISC BIND, Unbound and NSD minimizes vulnerability to DNS attacks.
  • TCPWave’s IPAM is a highly scalable and reliable IP address management solution. It ensures strict database and configuration integrity checks
  • The solution is built with high availability and disaster recovery management to ensure the continuity of business critical services.