By configuring a DNS Edge service point on a supported DNS/DHCP Server, you can enable
your existing hardware to streamline network operations and take advantage of enhanced
DNS, providing better visibility and control. Service point functionality (such as
policy application, threat evaluation, and DNS event logging) can all be applied to the
DNS client traffic directed to the service point's IPv4 address.
Attention: This service cannot be configured on DNS/DHCP Servers operating in an xHA
pair.
Note: If your network infrastructure requires the outbound communication
with Edge cloud to go through a HTTP proxy, you can configure the service point to
route all outbound HTTPS requests through a HTTP proxy by entering the proxy details
in the
host, port, user, and
password parameters. - The value you enter in the
hostparameter can either be an IPv4 address or a FQDN. - HTTP is the only supported proxy type. SOCKS proxy servers are not supported.
- Basic authentication with username and password is the only tested and supported authentication.
- You must configure the proxy server to allow HTTP POST traffic.
- The proxy server must resolve all DNS Edge Cloud endpoints. For more information, refer to BlueCat DNS Edge system setup in the DNS Edge Deployment Guide.
- If the service point cannot reach the proxy, it will attempt a direct connection to the target host.
- The proxy configuration defined when you first configure the service point cannot be edited once the service point is enabled. Any proxy updates will require the service point to be disabled and re-enabled with the necessary changes to the proxy settings.
- For proxy servers and firewalls with SSL interception:
- mTLS must exclude or except *.bluec.at from the SSL interception
- You cannot install certificates as a workaround
Example
{
"version": "1.0.0",
"services": {
"edgeServicePoint": {
"configurations": [
{
"edgeServicePointConfiguration": {
"enable": true,
"customerInstanceUrl": "https://example.bluec.at/",
"siteID": "2f803151-9fd1-2f9f-9284-f9317dfafad2",
"servicePointIP4": "192.168.10.59",
"accessKeySet": {
"clientID": "c901d1c2-01ab-597c-1235-725b011d9d99",
"secretKey": "0a12bcd9-623e-56f7-9a0b-cde1f2a2b3cd"
},
"httpProxySettings": {
"host": "192.168.10.10",
"port": 8080,
"user": "user1",
"password": "user1pass"
}
}
}
]
}
}
}Parameters
enable—set to true to enable DNS Edge service point service; set to false to disable DNS Edge service point service.customerInstanceUrl—enter the DNS Edge URL.siteID—enter the DNS Edge site ID.servicePointIP4—enter the IPv4 address previously configured. The service point listens to this IPv4 address for incoming DNS client traffic.accessKeySet—enter the user credential information to configure the service point.clientID—enter the client ID that is generated from the API access key set on the DNS Edge user profile page.secretKey—enter the secret key that is generated from the API access key set on the DNS Edge user profile page.jsonFile—enter the contents of the keys.json file that was downloaded from the DNS Edge user profile page. Enter this content if you do not specify theclientIDorsecretKeyparameters.
httpProxySettings—enter the HTTP Proxy configuration settings to connect to the DNS Edge cloud.host—enter the IPv4 address or FQDN of the proxy.port—enter the port of the proxy.user—enter the username used to authenticate with the proxy.password—enter the password used to authenticate with the proxy.