Do you have a need for a DNS server that is authoritative for a zone being queried to query one or more other authoritative DNS servers instead of returning a non-existent domain (NXDOMAIN) response to a DNS client? These other DNS servers could be from business partners or, for example, vendors in a public cloud computing service, such as Amazon Web Services (AWS) Marketplace. If you have this need, TCPWave enables you to meet it with a solution unique among DNS-related products: TCPWave DNS Proxy Appliances.
In addition to querying alternate DNS servers, DNS Proxy Appliances provide other unique functions. One related function is to remove the Authority sections and nameserver (NS) records in them from query responses from alternate servers before returning the final responses to DNS clients. Consequently, clients do not cache the NS records, which point to alternate DNS servers, and later attempt to use them to directly contact the alternate DNS servers. This is beneficial, since it prevents clients, such as internal DNS caching servers, from bypassing Proxy Appliances, which are authoritative for some zones. Also, it prevents internal clients, which do not have network connectivity to the internet, from attempting to directly contact external alternate DNS servers on the internet.
For those who would like to better understand these capabilities and take advantage of them, information on an example query flow using a DNS Proxy Appliance and configuration of a Proxy Appliance is presented in the sections below.