Start-up InfoWeapons is selling what it claims are the first domain name system appliances to support both IPv4 and IPv6 running in dual-stack mode.
IPv4 is the Internet's main communications protocol, while IPv6 is a long-anticipated upgrade to that protocol.
InfoWeapons says it has sold several of its SolidDNS appliances, which became available in June, to Asian telecom carriers and the U.S. military.
IPv6 promises easier administration, tighter security and an advanced addressing scheme over IPv4. IPv6 uses a 128-bit addressing scheme, which allows for a virtually limitless number of uniquely identified systems to be connected directly to the Internet. IPv4 uses a 32-bit addressing scheme and supports only a few billion systems. Developed 10 years ago by the Internet Engineering Task Force, IPv6 is just starting to be deployed by carriers and enterprises.
The SolidDNS appliances run on a secure version of the open source BSD operating system that InfoWeapons developed and dubbed SolidBSD. The appliances use certificate-based authentication for communications between the DNS server and the network administrator. They also feature built-in dual stack firewalls. (http://www.networkworld.com/topics/firewalls.html)
"It's absolutely critical for IPv6, even more so than with IPv4, to have secure DNS,'' says Lawrence Hughes, founder and CTO of InfoWeapons. "The whole IPv6 architecture is dependent on DNS being secure, reliable and easy to manage.''
SolidDNS appliances provide instant prefix renumbering, a feature that is particularly useful for IPv6. This feature lets network managers quickly update the 64-bit prefixes that they get from their ISPs. This is a process that can take several weeks to do manually. Network managers need to change prefixes when they change ISPs or when they configure network equipment in one location and ship it somewhere else.
SolidDNS appliances also support Enum, an emerging protocol used in VoIP systems to convert telephone numbers to IP addresses. And the devices automatically generate reverse zone files for DNS, which can be tricky to do manually.
"Configuration files, root fixes and zone files -- they are all automatically generated, and we guarantee them to be perfect,'' Hughes says. "With IPv6, the complexity of doing zone files, both forward and reverse zones, are going to be much harder than with IPv4.''
The next release of the SolidDNS appliances, due out early next year, will offer failover from primary to secondary devices and support for the Dynamic Host Configuration Protocol Service for IPv6.
SolidDNS appliances sell for US$10,000 each. A carrier-grade version, with redundant power suppliers, sells for $30,000.
Jim Bound, CTO of the IPv6 Forum and Chair of the North American IPv6 Task Force, says he knows of no other vendor marking dual-stack IPv4 and IPv6 support with DNS appliances. However, he says software vendors such as Sun, HP, IBM and Microsoft support IPv4 and IPV6 access to DNS and have various methods for securing that access.
Bound says the availability of the SolidDNS appliances is "important for what needs to be done to expand IPv6 deployment.''
Bound acknowledges that some network managers will prefer running DNS as an appliance for IPv6 environments rather than running software.
"Any Internet technology application like DNS can be hardened and better integrated to support...indepth security,'' (http://www.networkworld.com/topics/security.html) Bound says. "Some customers will require this hardening, so I suppose there is a market for such server appliances.''
InfoWeapons is the brain child of Hughes, a co-founder of CipherTrust, a secure e-mail company bought by Secure Computing. The company, which is funded by Hughes, has six employees in Atlanta and 84 employees in the Philippine Islands.
"Our goal is to become one of the dominant providers of network infrastructure in the new IPv6 generation,'' Hughes says. "We're very IPv6-aware, and we're security aware. My philosophy is that security needs to be built in at every step of the process.''
InfoWeapons plans to offer several other network appliances that support IPv4 and IPv6 in dual stack mode. These include: SolidPKI, which will support Public Key Infrastructure and is due out in 2007; SolidWall, a firewall and IPv6 tunneling appliance due out in 2007; and SolidDirectory, which will support the Lightweight Directory Access Protocol and is due out in 2008. All of these devices will run the SolidBSD operating system and offer the same user administration and security features as SolidDNS.
Hughes says it is important for network managers to buy appliances that will work as their networks gradually migrate from IPv4 to IPv6 over the next few years.
"For some time, network environments are going to be running Ipv4 and IPv6. DNS will have to work in dual-stack mode. This is one of the key pieces of the network infrastructure you need to do the transition,'' Hughes says.