Before installing Cloud Resolver, ensure that the following requirements are met:
Environment requirements
In addition to installing Cloud Resolver, you must also have the following
environments:
- You must have a valid Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) subscription.
- You must have a BlueCat Edge environment.
Cloud Resolver uses the default system DNS resolver to access the API endpoints of Cloud Service Providers (CSPs). For Linux installations, it uses the /etc/resolv.conf file and for Docker installations, it uses the Docker network settings.
Platform requirements
Cloud Resolver can be deployed on one of the following platforms:
- One of the following Linux-based server operating system:
- Debian 10 (Buster) or later
- Ubuntu 20.04 LTS or later
- RedHat Enterprise Linux (RHEL) 7 or later
- CentOS 7 or later
Note: The platform can be physical, virtual, or cloud-based, such as an EC2 instance or VM. - Any platform that supports the deployment of Docker containers.
The host machine must have at least 2 CPU cores, 4 GB of RAM, and 20 GB of disk space.
If Cloud Resolver is running
systemd-resolved
or any other service
that listens on port 53, you must disable and stop that service. To disable and stop
the systemd-resolved
service, run the following
commands:sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved
Installation requirements
The platform that has Cloud Resolver installed must have the following:
- It must be capable of resolving and routing traffic to the cloud provider API endpoints. Endpoints vary based on the Cloud Service Provider and can be accessible through a proxy.
- It must be capable of resolving and routing to public internet locations. These can be accessible through a proxy.
- The Linux platform must allow for the installation of an OS-appropriate
installation package as root. The installation packages are as follows:
.deb
package for Debian/Ubuntu.rpm
package for RHEL/CentOS
- The Docker container platform must allow for the retrieval of a Docker image from a public Docker registry.
Network requirements
Ensure that the following ports are open on the host machine or firewall to Cloud Resolver:
Source | Destination | Source Port | Destination Port | Protocol | Notes |
---|---|---|---|---|---|
BlueCat Cloud Resolver | Cloud DNS server | Ephemeral port | 53 | TCP and UDP | For outbound DNS traffic. |
Cloud DNS server | BlueCat Cloud Resolver | Ephemeral port | 53 | TCP and UDP | For inbound DNS traffic. |
BlueCat Cloud Resolver | Cloud APIs | Ephemeral port | 443 | TCP | For API access to the Cloud environment, such as AWS, Azure, or GCP, and API access to BlueCat DNS Edge. |
Client device | BlueCat Cloud Resolver | Ephemeral port | 8080 | TCP | For simple TCP checks to determine whether the service is live. |
Client device | BlueCat Cloud Resolver | Ephemeral port | 8090 | TCP | For verifying whether Kubernetes service is ready. |
Client device | BlueCat Cloud Resolver | Ephemeral port | 9000 | TCP | For accessing the Cloud Resolver web delivered diagnostics. For more information on Cloud Resolver diagnostics, refer to Viewing the Cloud Resolver diagnostics endpoint. |
Client device | BlueCat Cloud Resolver | Ephemeral port | 9050 | TCP | For creating a snapshot of the current DNS zone and resource record information, and configuration information of Cloud Resolver. For more information on snapshots, refer to Creating a snapshot. |
Client device | BlueCat Cloud Resolver | Ephemeral port | 9090 | TCP | For pulling data to Prometheus. |
If you are using RHEL, you must allow the ports listed through the local firewall by
modifying the
firewalld
service. To allow services and ports on the
local firewall, run the following
commands:firewall-cmd --add-service=dns
firewall-cmd --add-port=9000/tcp
firewall-cmd --add-port=<listed_port>/<protocol>
...
firewall-cmd --runtime-to-permanent