Managed Internal DNS

Internal DNS/DHCP

NeuStar has leveraged its technology and experience of domain name and IP management in the UltraDNS suite of products that address one of the most challenging and complex issues facing network professionals - managing the DNS/IP infrastructure that exists within their corporate firewall (intranets, internal domains, DHCP etc.). Managed Internal DNS Service brings the flexibility, scalability and manageability of the UltraDNS industry-leading Managed DNS service for external DNS resolution to the corporate network.

Many network professionals struggle to maintain and administer their internal DNS environment using editors such as VI to update BIND files. This is a time-consuming and error-prone process and requires a high level of technical understanding. Consequently, many large corporations have only one or two individuals with the ability to make such changes. This centralization of such critical resources often cause significant delays in deploying DNS changes and, hinders day-to-day business operations, particularly with international companies that have global subsidiaries.

To address the internal DNS challenge, some corporations have invested in expensive IP Address Management (IPAM) solutions such as Lucent’s QIP, Nortel’s Net ID and Cisco’s Network Register. However, while improving controls for DNS management, these solutions have added a new level of complexity, with DNS administrators often requiring extensive off-site training to be able to fully utilize the solutions’ functionality. Consequently, the ‘bottleneck’ discussed above often remains. In addition, these solutions typically sit on top of the existing BIND infrastructure and can be subject to its numerous security vulnerabilities.

Benefits of Managed Internal DNS Service

Manageability

IP Services as a Managed Service - Managed Internal DNS provides customers with an opportunity to reduce several costs including hardware, software and administrative resources. All Internal DNS appliances are managed and maintained by UltraDNS staff to include hardware replacements, software updates and appliance monitoring. Managed Internal DNS Service is capable of both DNS and DHCP providing an integrated solution when required by customers.

Centralized Data Storage and Management - All IP Services data (DNS and DHCP data) is stored in the UltraDNS core production network (Directory Platform). This proprietary mesh network provides redundancy and availability equivalent to no other infrastructure in the IP management and DNS product space. When replicated to local site appliances, replication is near real-time across all locations, no matter where the change is made. There is no wait for zone transfers as all incremental updates are propagated immediately.

Scalability and Performance

Appliance-Based Local Service - NeuStar Ultra Services uses its proprietary, system hardened “Directory Gateway Appliance” to provide local services to customers. To ensure maximum DNS resolution and DHCP lease performance, the Managed Internal DNS Service uses the local Directory Gateway appliances throughout the customer network placed at strategic locations agreed upon by the customer and NeuStar Ultra Services. These appliances contain local copies of DNS / DHCP data and securely “check in” with the NeuStar Ultra Services Directory Platform for any customer-specific changes. The following diagram illustrates a typical customer configuration.

High Availability Failover Appliances - All Directory Gateway appliances have failover capabilities in several forms. The first is a system failover capability. Two appliances are placed in the customer network in an “Active/Standby” state using a virtual IP for service binding. If the active appliance fails, the standby appliance takes over all DNS/DHCP functions for that location or service group. Multiple appliances can also be used to provide additional DNS servers in the event excessive loads are anticipated for specific sites/regions. This also allows the use of more than one DNS server IP address in client resolvers to provide additional redundancy.

Security and Reliability

Security – Managed Internal DNS is a non-BIND solution avoiding security vulnerabilities inherent even with the latest release of BIND that can still be exploited behind the enterprise firewall. Additionally, all management, maintenance and administration communication with the local appliances is done through authenticated Secure Socket Layer (SSL) connections. Whether its an administrator connecting to the Management Portal or an appliance checking into the NeuStar Ultra Services Directory Platform, the traffic is authenticated and encrypted, maximizing organizations’ privacy and security.

Support

Unparalleled Support in the DNS Market - Since Internal DNS is provided as a managed service; customer support is taken to a new level in the DNS management space. NeuStar does not wait for the customer to have a problem and then respond; rather, proactive monitoring is conducted and customers are notified by NeuStar Support if a problem occurs. Of course there will always be questions regarding the user interface, new implementations, etc. For these types of inquiries, the NeuStar Support department is staffed 24x7. Support requests can be made by phone or e-mail and response times are strictly adhered to according to support guidelines.