Before installing Cloud Resolver, ensure that the following requirements are met:
In addition to installing Cloud Resolver, you must also have the following environments:
- You must have a valid AWS or Azure subscription.
- You must have a BlueCat Edge environment.
Cloud Resolver uses the default system DNS resolver to access the API endpoints of Cloud Service Providers (CSPs). For Linux installations, it uses the /etc/resolv.conf file and for Docker installations, it uses the Docker network settings.
- When Cloud Resolver is deployed in Azure, the default DNS resolver is the Azure DNS IP address of 126.96.36.199.
- When Cloud Resolver is deployed in AWS, the default DNS resolver is the .2 IP address of the VPC.
Cloud Resolver can be deployed on one of the following platforms:
- One of the following Linux-based server operating system:
Note: The platform can be physical, virtual, or cloud-based, such as an EC2 instance or VM.
- Debian 10 (Buster) or later
- Ubuntu 20.04 LTS or later
- RedHat Enterprise Linux (RHEL) 7 or later
- CentOS 7 or later
- Any platform that supports the deployment of Docker containers.
The host machine must have at least 2 CPU cores, 4 GB of RAM, and 20 GB of disk space.
If Cloud Resolver is running systemd-resolved or any other service that listens on port 53, you must disable and stop that service. To disable and stop the systemd-resolved service, run the following commands:
sudo systemctl disable systemd-resolved.service sudo systemctl stop systemd-resolved
The platform that has Cloud Resolver installed must have the following:
- It must be capable of resolving and routing traffic to the cloud provider API endpoints. Endpoints vary based on the Cloud Service Provider and can be accessible through a proxy.
- It must be capable of resolving and routing to public internet locations. These can be accessible through a proxy.
- The Linux platform must allow for the installation of an OS-appropriate
installation package as root. The installation packages are as follows:
- .deb package for Debian/Ubuntu
- .rpm package for RHEL/CentOS
- The Docker container platform must allow for the retrieval of a Docker image from a public Docker registry.
Ensure that the following ports are open on the host machine or firewall to Cloud Resolver:
|Source||Destination||Source Port||Destination Port||Protocol||Notes|
|BlueCat Cloud Resolver||Cloud DNS server||Ephemeral port||53||TCP||For outbound DNS traffic.|
|Cloud DNS server||BlueCat Cloud Resolver||Ephemeral port||53||TCP||For inbound DNS traffic.|
|BlueCat Cloud Resolver||Cloud APIs||Ephemeral port||443||TCP||For API access to the Cloud environment, such as AWS or Azure, and API access to BlueCat DNS Edge.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||8080||TCP||For simple TCP checks to determine whether the service is live.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||8090||TCP||For verifying whether Kubernetes service is ready.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||9000||TCP||For accessing the Cloud Resolver web delivered diagnostics. For more information on Cloud Resolver diagnostics, refer to Viewing the Cloud Resolver diagnostics endpoint.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||9050||TCP||For creating a snapshot of the current DNS zone and resource record information, and configuration information of Cloud Resolver. For more information on snapshots, refer to Creating a snapshot.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||9090||TCP||For pulling data to Prometheus.|