Attention: Upgrade notice
Due to infrastructure changes introduced in DNS/DHCP Server v9.5.0, you can only configure Service Point v3.6.0 or greater on DNS/DHCP Server v9.5.0 or greater.
Before you proceed to upgrade to DNS/DHCP Server v9.5.0 or greater, you must first upgrade the Service Point deployed to DNS/DHCP Server to Service Point v3.6.0 or greater. If you do not upgrade the Service Point version before upgrading to DNS/DHCP Server v9.5.0 or greater, the Service Point will no longer start upon the DNS/DHCP Server upgrade.
For more information on upgrading your Service Point, refer to Manually update service point versions.
By configuring a DNS Edge Service Point v3 instance on a supported DNS/DHCP Server, you
can enable your existing hardware to streamline network operations and take advantage of
enhanced DNS, providing better visibility and control. Service point functionality (such
as policy application, threat evaluation, and DNS event logging) can all be applied to
the DNS client traffic directed to the service point's IPv4 address.
Attention: This service cannot be configured on DNS/DHCP Servers operating in
an xHA pair.
Note: If your network infrastructure requires the outbound
communication with Edge cloud to go through a HTTP proxy, you can configure the
service point to route all outbound HTTPS requests through a HTTP proxy by entering
the proxy details in the
host
, port
,
user
, and password
parameters. - The value you enter in the
host
parameter can either be an IPv4 address or a FQDN. - HTTP is the only supported proxy type. SOCKS proxy servers are not supported.
- Basic authentication with username and password is the only tested and supported authentication.
- You must configure the proxy server to allow HTTP POST traffic.
- The proxy server must resolve all DNS Edge Cloud endpoints. For more information, refer to BlueCat DNS Edge system setup in the DNS Edge Deployment Guide.
- If the service point cannot reach the proxy, it will attempt a direct connection to the target host.
- The proxy configuration defined when you first configure the service point cannot be edited once the service point is enabled. Any proxy updates will require the service point to be disabled and re-enabled with the necessary changes to the proxy settings.
- For proxy servers and firewalls with SSL interception:
- mTLS must exclude or except *.bluec.at from the SSL interception
- You cannot install certificates as a workaround
Example
{
"version": "1.0.0",
"services": {
"edgeServicePoint": {
"configurations": [
{
"edgeServicePointConfiguration": {
"enable": true,
"customerInstanceUrl": "https://example.bluec.at/",
"siteID": "2f803151-9fd1-2f9f-9284-f9317dfafad2",
"servicePointIP4": "192.168.10.59",
"accessKeySet": {
"clientID": "c901d1c2-01ab-597c-1235-725b011d9d99",
"secretKey": "0a12bcd9-623e-56f7-9a0b-cde1f2a2b3cd"
},
"httpProxySettings": {
"host": "192.168.10.10",
"port": 8080,
"user": "user1",
"password": "user1pass"
}
}
}
]
}
}
}
Parameters
enable
—set to true to enable DNS Edge service point service; set to false to disable DNS Edge service point service.customerInstanceUrl
—enter the DNS Edge URL.siteID
—enter the DNS Edge site ID.servicePointIP4
—enter the IPv4 address previously configured. The service point listens to this IPv4 address for incoming DNS client traffic.accessKeySet
—enter the user credential information to configure the service point.clientID
—enter the client ID that is generated from the API access key set on the DNS Edge user profile page.secretKey
—enter the secret key that is generated from the API access key set on the DNS Edge user profile page.jsonFile
—enter the contents of the keys.json file that was downloaded from the DNS Edge user profile page. Enter this content if you do not specify theclientID
orsecretKey
parameters.
httpProxySettings
—enter the HTTP Proxy configuration settings to connect to the DNS Edge cloud.host
—enter the IPv4 address or FQDN of the proxy.port
—enter the port of the proxy.user
—enter the username used to authenticate with the proxy.password
—enter the password used to authenticate with the proxy.