Before installing Cloud Resolver, ensure that the following requirements are met:
- You must have a valid Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) subscription.
- You must have a BlueCat Edge environment.
- When Cloud Resolver is deployed in Azure, the default DNS resolver is the
Azure DNS IP address of
- When Cloud Resolver is deployed in AWS, the default DNS resolver is the
.2IP address of the VPC.
- One of the following Linux-based server operating system:
Note: The platform can be physical, virtual, or cloud-based, such as an EC2 instance or VM.
- Debian 10 (Buster) or later
- Ubuntu 20.04 LTS or later
- RedHat Enterprise Linux (RHEL) 7 or later
- CentOS 7 or later
- Any platform that supports the deployment of Docker containers.
The host machine must have at least 2 CPU cores, 4 GB of RAM, and 20 GB of disk space.
systemd-resolvedor any other service that listens on port 53, you must disable and stop that service. To disable and stop the
systemd-resolvedservice, run the following commands:
sudo systemctl disable systemd-resolved.service sudo systemctl stop systemd-resolved
- It must be capable of resolving and routing traffic to the cloud provider API endpoints. Endpoints vary based on the Cloud Service Provider and can be accessible through a proxy.
- It must be capable of resolving and routing to public internet locations. These can be accessible through a proxy.
- The Linux platform must allow for the installation of an OS-appropriate
installation package as root. The installation packages are as follows:
.debpackage for Debian/Ubuntu
.rpmpackage for RHEL/CentOS
- The Docker container platform must allow for the retrieval of a Docker image from a public Docker registry.
Ensure that the following ports are open on the host machine or firewall to Cloud Resolver:
|Source||Destination||Source Port||Destination Port||Protocol||Notes|
|BlueCat Cloud Resolver||Cloud DNS server||Ephemeral port||53||TCP and UDP||For outbound DNS traffic.|
|Cloud DNS server||BlueCat Cloud Resolver||Ephemeral port||53||TCP and UDP||For inbound DNS traffic.|
|BlueCat Cloud Resolver||Cloud APIs||Ephemeral port||443||TCP||For API access to the Cloud environment, such as AWS, Azure, or GCP, and API access to BlueCat DNS Edge.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||8080||TCP||For simple TCP checks to determine whether the service is live.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||8090||TCP||For verifying whether Kubernetes service is ready.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||9000||TCP||For accessing the Cloud Resolver web delivered diagnostics. For more information on Cloud Resolver diagnostics, refer to Viewing the Cloud Resolver diagnostics endpoint.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||9050||TCP||For creating a snapshot of the current DNS zone and resource record information, and configuration information of Cloud Resolver. For more information on snapshots, refer to Creating a snapshot.|
|Client device||BlueCat Cloud Resolver||Ephemeral port||9090||TCP||For pulling data to Prometheus.|
firewalldservice. To allow services and ports on the local firewall, run the following commands:
firewall-cmd --add-service=dns firewall-cmd --add-port=9000/tcp firewall-cmd --add-port=<listed_port>/<protocol> ... firewall-cmd --runtime-to-permanent