The TCPWave DNS Remote is an intelligent appliance that is controlled and managed by the TCPWave DDI controller. The embedded intelligence of the TCPWave remote ensures that the mission-critical DNS services are always available to the enterprise's applications and end-users with a 100% SLA. The remote DNS appliance uses a secure messaging conduit for all communication. The remote does not need the DDI administrator to perform any local configurations. When a new remote is installed in the data center or the cloud, the DDI administrator assigns a fixed IP Address to the remote. The configuration data needed for the TCPWave DNS remote are automatically downloaded from the TCPWave DDI controller. This methodology dramatically simplifies a large scale deployment of the DNS remotes in an enterprise. The TCPWave DDI controller also manages the firmware and the BIOS of each TCPWave DNS remote.
The TCPWave DNS remotes can be configured as physical appliances in the data centers. They can also be configured as virtual appliances in private clouds or public clouds. They can be configured as hidden masters to serve the public Internet-facing providers such as Akamai, Azure, Cloudflare, Dyn, Route 53, Neustar, etc. When an enterprise does not want an on-premise hidden DNS master, the TCPWave IPAM can also manage the external DNS providers using the northbound REST API calls.
The TCPWave DNS remote also self-monitors itself and reports the key performance indicators to the DDI controller. On the DDI controller, these metrics are leveraged to render the graphs, check if any monitoring thresholds are breached. To ensure compliance, each DNS remote is periodically checked by the DDI controller for configuration assurance policies. The remotes are centrally patched by the DDI controller. Dynamic DNS updates from the DDI controller are not transmitted using UDP in the TCPWave implementation. The dynamic DNS updates are transmitted using a secure encrypted channel that uses TCP over SSL. The remote DNS appliance can perform a "full pull" of all the configurations and the DDI controller can perform a "full sync" on the DDI remote. This prevents the DNS data from getting corrupted with a man in the middle attack.
The DNS remotes auto-sense the failure of a DDI controller and are programmed to automatically bind themselves to the next available DDI controller. The DNS zone transfers between the DNS remotes are encrypted. The DDI controller also has the capabilities to execute specific commands on the remote DNS appliances. Powerful machine learning algorithms are embedded into the TCPWave DNS remote to protect the enterprise's mission-critical DNS infrastructure from exploits. While some of the remote commands are executed automatically by the TCPWave Quartz Scheduling Engine, other commands can be executed by the privileged user that has been granted permissions. The DDI controller maintains and manages the licenses on all the remote DNS appliances. The TCPWave remote DNS appliances have features to stream the live DNS logs to external sources such as Splunk.