Before installing Cloud Resolver, ensure that the following requirements are met:
In addition to installing Cloud Resolver, you must also have the following environments:
- You must have a valid Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) subscription.
- You must have a BlueCat Edge environment.
Cloud Resolver uses the default system DNS resolver to access the API endpoints of Cloud Service Providers (CSPs). For Linux installations, it uses the /etc/resolv.conf file and for Docker installations, it uses the Docker network settings.
- When Cloud Resolver is deployed in Azure, the default DNS resolver is the
Azure DNS IP address of
- When Cloud Resolver is deployed in AWS, the default DNS resolver is the
.2IP address of the VPC.
Cloud Resolver can be deployed on one of the following platforms:
- One of the following Linux-based server operating system:
Note: The platform can be physical, virtual, or cloud-based, such as an EC2 instance or VM.
- Debian 10 (Buster) or later
- Ubuntu 20.04 LTS or later
- RedHat Enterprise Linux (RHEL) 7 or later
- CentOS 7 or later
- Any platform that supports the deployment of Docker containers.
The host machine must have at least 2 CPU cores, 4 GB of RAM, and 20 GB of disk space.
If Cloud Resolver is running
systemd-resolvedor any other service that listens on port 53, you must disable and stop that service. To disable and stop the
systemd-resolvedservice, run the following commands:
sudo systemctl disable systemd-resolved.service sudo systemctl stop systemd-resolved
The platform that has Cloud Resolver installed must have the following:
- It must be capable of resolving and routing traffic to the cloud provider API endpoints. Endpoints vary based on the Cloud Service Provider and can be accessible through a proxy.
- It must be capable of resolving and routing to public internet locations. These can be accessible through a proxy.
- The Linux platform must allow for the installation of an OS-appropriate
installation package as root. The installation packages are as follows:
.debpackage for Debian/Ubuntu
.rpmpackage for RHEL/CentOS
- The Docker container platform must allow for the retrieval of a Docker image from a public Docker registry.
Ensure that the following ports are open on the host machine or firewall to Cloud Resolver:
|Source||Destination||Source Port||Destination Port||Protocol||Notes|
|BlueCat Cloud Resolver||Cloud DNS server||Ephemeral port||53||TCP and UDP||For outbound DNS traffic.|
|Cloud DNS server||BlueCat Cloud Resolver||Ephemeral port||53||TCP and UDP||For inbound DNS traffic.|
|BlueCat Cloud Resolver||Cloud APIs||Ephemeral port||443||TCP||For API access to the Cloud environment, such as AWS, Azure, or GCP, and API access to BlueCat DNS Edge.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||8080||TCP||For simple TCP checks to determine whether the service is live.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||8090||TCP||For verifying whether Kubernetes service is ready.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||9000||TCP||For accessing the Cloud Resolver web delivered diagnostics. For more information on Cloud Resolver diagnostics, refer to Viewing the Cloud Resolver diagnostics endpoint.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||9050||TCP||For creating a snapshot of the current DNS zone and resource record information, and configuration information of Cloud Resolver. For more information on snapshots, refer to Creating a snapshot.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||9090||TCP||For pulling data to Prometheus.|
If you are using RHEL, you must allow the ports listed through the local firewall by modifying the
firewalldservice. To allow services and ports on the local firewall, run the following commands:
firewall-cmd --add-service=dns firewall-cmd --add-port=9000/tcp firewall-cmd --add-port=<listed_port>/<protocol> ... firewall-cmd --runtime-to-permanent