“Software Freedom Day” Redefines the Modern Network Infrastructures

“Software Freedom Day” is celebrated on the third Saturday of every September to increase public awareness of free and open source software. Open source software has come a long way since its beginnings as a forum for tech-savvy hobbyists and now makes significant contributions in the enterprise domain as well.

As the world moves towards the “work from anywhere” model, cloud-native architectures are increasingly becoming critical to maintaining business operations. As one of the few networking and security solutions providers to have implemented cloud-native, container-based architecture at the foundational level, Infoblox is uniquely positioned to enable organizations to leverage the benefits of open source when making the transition to a borderless enterprise. For example, the BloxOne platform leverages the open source CoreDNS, which is hosted by the Cloud Native Computing Foundation (CNCF), to enable organizations to secure and manage cloud, hybrid, and on-prem networks from pretty much anywhere.

Universal BloxOne DDI Architecture

Infoblox’s innovative BloxOne DDI takes advantage of open source technologies like Docker, containers and Kubernetes, to deliver core DDI services as modular containers. For an enterprise DDI stack, BloxOne DDI provides a number of functions that can be deployed on cloud-native architecture and implemented as separate, isolated and independent components.

BloxOne DDI’s DNS function is based on CoreDNS, a relatively recent and actively developed DNS server hosted by the CNCF. It can be deployed anywhere as a stateless container and can be swapped with any other DNS container – even one from a different vendor such as ISC BIND – for cases where a particular feature is not available. Even better, they can be also chained together to implement complex pipelines, like Infoblox does in BloxOne Threat Defense.

A key attribute of cloud-native applications is that functions must be isolated from the system they run on. BloxOne DDI functions with this in mind, and can be deployed in a variety of environments: on BloxOne appliances, of course, but in general on any system that supports the ability to run containers. This includes virtual machines and bare-metal systems, which opens the door to integration with many other vendors. Deployment follows a simple and unique methodology, based on the Infoblox On-Premises Agent: a single container that implements the control plane functions and orchestrates the deployment, control and monitoring of each application’s functions.

Enhanced Threat Defense for Modern Networks

When it comes to security, Response Policy Zones (RPZs) provide the ability to configure resolution policy in DNS servers to prevent known or suspected malicious domain names from being resolved. Organizations can subscribe to RPZ “feeds” containing lists of active malicious domains that are curated by respected internet security organizations such as Spamhaus and SURBL.

However, this system fails when employees use DNS infrastructure provided by someone other than their employer. For example, employees working from home or traveling generally use whichever DNS servers are assigned by the DHCP, which likely lacks their employer’s approved RPZ configuration.

To address this shortcoming, Infoblox developed BloxOne Threat Defense (B1TD), a cloud- based recursive DNS service that allows customers to apply a configurable resolution policy to employee devices and maintain visibility of DNS activity while devices are outside the corporate network. B1TD uses CoreDNS in several ways. It is the heart of the software that sends employees’ queries to the B1TD cloud, and it also receives those employees’ queries in the cloud, checks for applicable policies, and applies them. CoreDNS’s plug-ins and plug-in- based architecture make it well suited to both of these very different applications.
(Source: “Learning CoreDNS: Configuring DNS for Cloud Native Environments” Book by Cricket Liu and John Belamaric)

Open Source is the Cloud-Native Future

In early 2019, CoreDNS achieved “Graduated” status in the CNCF. To reach this milestone, a project must show it has been adopted by multiple organizations, have a documented and structured governance process, and show a strong commitment to community success and inclusivity. Infoblox has contributed to the development of CoreDNS and currently has 5 engineers actively contributing to its evolution.

CoreDNS is a great example of how open source technologies have helped provide network infrastructure with critical capabilities, and these technologies have much more to offer going forward. But in order to fully realize these benefits, organizations will need to continue investing in platforms that leverage the enormous potential of open source technologies. It is the only way to achieve the cloud-native transformation that the workplace of the future demands.