The following features and functionalities are new in Address Manager and DNS/DHCP Server v26.1.0:
Introduction of Integrity feature modules
Integrity X v26.1 introduces Integrity feature modules, BlueCat's unified approach to integrating adaptive application functionality into Address Manager. With Integrity feature modules, select BlueCat applications that required external installation are now integrated directly into Address Manager, allowing users to easily license and operate adaptive applications from the Address Manager UI for a consistent, intuitive user experience.
For information on activating and managing feature modules, refer to Feature modules.
- Network Discovery & Visibility
-
Network Discovery & Visibility (ND&V) discovers and collects detailed inventory and topology information from network infrastructure (such as routers, switches, and servers), networks, and virtual environments (such as vCenter Servers, ESXi hosts, and virtual machines). ND&V uses multiple discovery methods (SNMP, SSH, and VMware APIs) to obtain detailed information from a variety of sources, providing you with complete and up-to-date visibility into your environment. This information is returned to Address Manager, where it can be reconciled with existing Address Manager data. For more information, refer to Feature Module: Network Discovery & Visibility.
-
- Cloud Discovery & Visibility
- Cloud Discovery & Visibility (CD&V) lets you search for network objects and infrastructure in Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) environments, then import the discovered objects into Address Manager. With CD&V, you can automatically and continuously discover, inventory, and synchronize cloud-based IP and DNS configurations for your entire data center and multi-cloud footprint from one place. For more information, refer to Feature Module: Cloud Discovery & Visibility.
Integrity Events API
Integrity X v26.1 introduces a new Events API that provides real-time streaming of DDI events — including IPAM, DNS, and DHCP activity — to external systems via secure HTTP POST. With the new Events API, users can subscribe to changes in their DDI infrastructure and forward those events as structured JSON payloads to third-party platforms (e.g. SIEM, ITSM, observability pipelines, SOAR tools). For more information, refer to Events API.
Integrity support for secure NTP (NTS)
Integrity X v26.1 introduces support for the Network Time Security (NTS) extension for Network Time Protocol (NTP), allowing users to secure NTP infrastructure with cryptographic authentication and ensuring time synchronization is trusted, accurate, and tamper-proof. For more information, refer to Configuring NTP on Address Manager and Network Time Protocol (BDDS).
CSV import/export improvements
Address Manager v26.1 introduces support for JSON export of Address Manager table data through the user interface. All Address Manager tables with a CSV download option now have an additional option to export table objects as RESTful v2 API resources in JSON format. For more information, refer to Exporting table data.
Address Manager v26.1 also includes a number of enhancements to self-service imports, including JSON import support for blocks, networks, zones, and resource records. Users can now export supported objects in either JSON or CSV format and import those same files back into Address Manager, allowing users to easily transfer data across different configurations or Address Manager servers. For more information on CSV/JSON imports, refer to Importing IP blocks and networks, Importing IP addresses, Importing resource records, and Importing DNS zones.
Azure support for IPv6 and xHA
Integrity X v26.1 introduces IPv6 and crossover high availability (xHA) support for BlueCat Azure virtual appliances. Address Manager and DNS/DHCP Server v26.1 virtual appliances in Azure now support full-dual stack operation, including support for IPv6-enabled appliance interfaces, IPv6 DNS resolution and DHCPv6. For more information, refer to the v26.1 BlueCat Azure Virtual Appliance Guide and Configuring crossover high availability (xHA) in Azure.
Support for /31 and /32 IPv4 blocks
Address Manager v25.1.1 adds support for creating, retrieving, updating, and deleting size /31 and /32 IPv4 blocks using the Address Manager GUI, Legacy v1 API, and RESTful v2 API.
Enhanced BCLA support
Address Manager and DNS/DHCP Server v26.1 introduces enhanced support for BlueCat LiveAssurance (BCLA) integrations, including a new dedicated BCLA user account, data storage improvements, and the ability to preserve BCLA configurations through appliance upgrades. For information on configuring the BCLA user account, refer to Setting the BCLA user password.
Enhanced disk size for cloud images
To increase compatibility between Integrity platforms and support cloud migration, Address Manager v26.1.0 cloud images now support 1TB disk size for Azure, AWS, GCP, and OCI cloud platforms.
Custom TLS certificate support for database connections
Address Manager v26.1 supports the deployment of custom TLS certificates for Address Manager database connections on TCP port 5432. To set up a custom TLS certificate for Address Manager database connections, contact BlueCat Customer Care for assistance.
LiveWire on BDDS
Audit trail for service configuration changes
In Address Manager v26.1, changes to Address Manager and DNS/DHCP Server service
configurations are now logged as Service configuration events on
the Event history page. For more information, refer to Managing events.
Disable Basic HTTP authentication for RESTv2 API access
In Address Manager v26.1, users can disable Basic HTTP authentication for the RESTful v2 API, limiting HTTP authentication to OAuth 2.0 authentication through Bearer Tokens. For more information, refer to Configuring API authentication settings.
Support for ECS bits 32 (for IPv4) and 128 (for IPv6)
In Address Manager v26.1, the ECS Bits DNS deployment option has been extended to support a maximum value of 32 for the IPv4 ECS prefix length and 128 for the IPv6 ECS prefix length. For more information, refer to Reference: DNS deployment options.
TSIG key improvements
Server-pair TSIG keys
Integrity v26.1.0 introduces improvements to TSIG key generation for increased security and ease of use. Integrity uses server-pair TSIG keys to authenticate remote server-to-server zone transfer traffic, previously configured using the TSIG Key for Server Pair DNS deployment option. In Integrity v26.1.0, each view now contains a unique hidden seed (salt) value that is used during remote TSIG key generation for increased security. This new seed value, along with internal TSIG key naming improvements, has eliminated the need for the TSIG Key for Server Pair DNS deployment option. It is now default behaviour to generate unique TSIG keys for each server pair, and new server-pair TSIG keys are generated with the view's seed value, instead of the previously defined Key salt value from the DNS deployment option. As such, the TSIG Key for Server Pair option has been removed from Address Manager. Upon upgrade to Integrity v26.1.0, all existing views will be given a new unique seed value. Existing Key salt values from TSIG Key for Server Pair deployment options will be migrated into the associated view's seed value to ensure that existing TSIG key configurations remain operational. In addition, the algorithm used for server-pair TSIG key generation has been upgraded to SHA-512.
Local TSIG keys
Integrity also generates local TSIG keys for each view, which are used by DNS/DHCP Servers to authenticate local control traffic such as dynamic deployments and local Incremental Zone Transfer Protocol (IXFR) harvesting. For v26.1.0 DNS/DHCP Servers, local TSIG keys are now generated on the DNS/DHCP Server side and rotated each time a full deployment is performed. For v25.1.x and earlier DNS/DHCP Servers controlled by Address Manager v26.1.0, the new view seed value will be used to generate local TSIG keys for DNS/DHCP Servers, and these keys can be rotated on demand.
Rotating TSIG keys
A view's seed value can be regenerated on demand from the Address Manager UI, allowing users to manually rotate local (DNS/DHCP Server v25.1.x and earlier) and server-pair TSIG keys as needed. For more information on local and server-pair TSIG keys, refer to Rotating TSIG keys associated with a view.
SSH hardening scripts
Address Manager v26.1.0 servers contain a script for Address Manager security
hardening that can be accessed by root users from the console. Address Manager
v9.5.0 introduced the harden_ssh.sh script to disable the use of
legacy or less preferred MAC, key exchange, and host key algorithms, and restrict
accepted ciphers. In Address Manager v26.1.0, this harden_ssh.sh
script has been enhanced to support an additional level of SSH hardening, with
stricter algorithm and cipher restrictions. For more information, refer to Address Manager SSH hardening.
The harden_ssh.sh script is also available on DNS/DHCP Servers. For
more information, refer to DNS/DHCP Server SSH hardening.
Secure database access
In Address Manager v26.1.0, users can restrict local database access to approved accounts only, by defining authorized system accounts and enabling peer authentication for PostgreSQL connections. For more information, refer to Securing database access.
OAuth Client Credential Grant (CCG) support
- Active Directory Federation Services (ADFS)
- PingFederate
sub (subject) and groups claims. These claims
may require configuration at the Identity Provider (IdP). For more information,
refer to OAuth API authorization.Integrity OpenShift support
Starting in Integrity v26.1.0, Integrity virtual machines are now available in tarball file format compatible with Red Hat OpenShift. For more information, refer to the VM Installation Guide.