General
What is Secure64 DNS Cache?
Secure64 DNS Cache is a caching DNS server with extremely high levels of performance and security.
Is Secure64 DNS Cache based on BIND?
No, it is a completely different software implementation.
Is Secure64 DNS Cache an authoritative DNS server?
Secure64 DNS Cache can be configured to respond authoritatively for certain domains, as this is very useful even when setting up a caching nameserver, but it is not intended to be used as an organization’s authoritative nameserver. We recommend using our Secure64 DNS Authority product for authoritative tasks.
Is Secure64 DNS Cache Linux Based?
No, Secure64 DNS Cache uses SourceT, a patented ultra-secure operating system that take advantage of the hardware security features that the Itanium-based HP Integrity platform offers.
Compatibility
What hardware does Secure64 DNS Cache support?
Secure64 DNS Cache runs on the HP Integrity rx2660, rx3600 and BL860c servers.
Is Secure64 DNS Cache compatible with authoritative nameservers running BIND or Microsoft DNS?
Yes, DNS Cache is compatible with any RFC-compliant authoritative nameservers.
Performance and Capacity
What is the maximum number of records that can be saved in the cache?
The only constraint on the cache size is the amount of physical RAM available. The minimum configuration is 2 GB of RAM, which is sufficient for many implementations.
Capabilities
Do you support stub zones?
Yes, DNS Cache supports stub zones.
Can the server be configured as a forwarder?
Yes, DNS Cache can be configured to forward queries to any other RFC-compliant DNS server.
Do you support NXDOMAIN redirection?
Yes, DNS Cache is available with an optional NXDOMAIN redirection module that allows certain NXDOMAIN responses that pass a set of user-defined rules to be redirected. This module also supports opt-out.
Does Secure64 DNS Cache include IPv6 support?
Yes, Secure64 DNS Cache supports IPv6 and has received the IPv6 Ready Phase 2 Gold certification.
Availability
Do you support a high-availability DNS architecture?
Yes. Secure64 DNS Cache has built-in support for BGP-based anycasting that allows multiple DNS servers to share a common IP address. This architecture provides additional availability, resiliency, and performance compared to a traditional DNS architecture.
Management and Reporting
Are there any reporting/logging/alerting features in the product?
Secure64 DNS Cache uses a variety of mechanisms to report and log activity on the system including:
-
DNS statistics, either upon request or at regular intervals
- Syslog records many different system events, including user logins.
-
SNMP traps, in conjunction with syslog, alert and log abnormal conditions, such as when a network attack begins and ends.
- Under attack, the system can provide details to help administrators set upstream router filters to protect bandwidth.
-
System commands provide additional detailed information such as moving averages of attack statistics.
What type of management system does Secure64 DNS Cache offer?
Secure64 DNS Cache is managed through a command line interface over an SSH2-secured connection. We provide a rich set of commands through this interface to configure, manage and monitor the server.
Are system upgrades a manual or automated procedure?
Secure64 DNS Cache provides upgrade and rollback commands and a user role for upgrades. Normally, upgrades are a simple process of downloading the appropriate file and running the upgrade command.
Security
Can Secure64 DNS Cache protect against a Kaminsky cache poisoning attack?
Yes, Secure64 DNS Cache employs 5 layers of defense against cache poisoning attacks. These layers of defense provide industry-leading levels of protection against cache poisoning attacks.