The following instructions describe how to set up a basic BlueCat Cloud DNS configuration using Address Manager and BlueCat DNS/DHCP Servers.
- Contact BlueCat Customer Care to receive BlueCat Cloud DNS account details.
- Ensure that the firewall rules for Address Manager and the Primary BlueCat DNS/DHCP Server allow for the network traffic detailed in BlueCat Cloud DNS firewall requirements.
- Add a new server using the BlueCat Cloud DNS server profile and the account details received from Care. For more information on adding BlueCat Cloud DNS servers, refer to Adding a BlueCat Cloud DNS server.
- Add a BlueCat DNS/DHCP Server that will operate as a Hidden Primary for the external zones. For more information on adding BlueCat DNS/DHCP Servers, refer to Adding DNS/DHCP Servers to Address Manager.
- Add zones into Address Manager. For more information on adding and managing zones, refer
to Managing DNS zones. Note: BlueCat Cloud DNS supports DNSSEC by allowing the deployment of pre-signed zones to the cloud provider. Configure zones with DNSSEC normally as described in DNSSEC. However, note that NSEC3 is not supported by the cloud DNS provider. Ensure that you do not configure DNSSEC for BlueCat Cloud DNS using NSEC3, as there will be no DNS resolution for NSEC3 signed zones.
- Add a Hidden Primary DNS Deployment Role to the zones, using the server interface for the BlueCat DNS/DHCP Server. For more information on adding deployment roles, refer to Adding DNS deployment roles.
- Add a Secondary DNS Deployment Role to the zones, using the server interface for the Bluecat Cloud DNS Server.
- Deploy DNS on the Secondary (BlueCat Cloud DNS) server first. For more
information on DNS deployment, refer to Manual deployment. For more information on how
to read cloud DNS deployment events, refer to Troubleshooting BlueCat Cloud DNS.Warning: DNS must be deployed on the Secondary (BlueCat Cloud DNS) server first to ensure that Address Manager is provided the necessary NS records to update the Hidden Primary (BlueCat DNS/DHCP Server) in the next step. If you have accidently deployed DNS on the Hidden Primary before the Secondary, refer to Troubleshooting BlueCat Cloud DNS for instructions on fixing the faulty zone configuration before proceeding.Warning: For configurations that use Address Manager servers in replication, deployments must be performed on the primary Address Manager server. Deployment from replicated secondary Address Manager servers is not supported.
- After deploying DNS on the Secondary, deploy DNS on the Hidden Primary (BlueCat DNS/DHCP
Server). Note: In some scenarios, the zones being deployed may already exist on the primary, such as in the case of migrating a primary BlueCat DNS/DHCP Server with secondary BlueCat DNS/DHCP Server configuration to a primary BlueCat DNS/DHCP Server with secondary BlueCat Cloud DNS server configuration. If a zone already exists on the primary, a change must be made to the existing zone to ensure that the serial number for the zone is incremented. This is required, as it will cause the primary BlueCat DNS/DHCP Server to send a NOTIFY announcement to the secondary cloud DNS servers upon deployment, for initiation of the zone transfer process. Modifying the TTL for the zone is one way of accomplishing this. If you do not modify the TTL, you must modify the zone in an alternate way, such as by adding a dummy record.
Post-configuration deployments to the BlueCat Cloud DNS environment
When adding or removing zones for an active BlueCat Cloud DNS configuration, always deploy DNS to the Secondary (BlueCat Cloud DNS server) first, followed by the Hidden Primary (BlueCat DNS/DHCP Server). When updating records within a zone that already exists in the cloud DNS environment, deployment to the Hidden Primary alone is sufficient.