BlueCat Distributed DDNS - Adaptive Applications - BlueCat Gateway - 23.2.4

BlueCat Distributed DDNS Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
23.2.4

BlueCat Adaptive Applications are licensed, out-of-the-box applications that provide you with advanced DDI functionality with minimal configurations. Adaptive Applications extend the functionality of the BlueCat core Adaptive DNS platform, DNS Integrity, in specific areas to drive increased customer value and competitive differentiation.

DDNS is a vital feature of modern enterprise networks that needs to be highly reliable, performant, secure, and manageable. BlueCat Distributed DDNS provides a distributed entry point for all Dynamic DNS registrations, sitting as close as possible to the client. It provides a secure interface for all dynamic DNS Updates. In addition, BlueCat Distributed DDNS provides Anycast deployment capabilities and is fully integrated with the BlueCat Adaptive DNS Stack.

BlueCat Distributed DDNS consists of three components:
  • Distributed DDNS Data Node: The Data Node is a multi-primary database cluster that stores DDNS update and Distributed DDNS configuration information. Information can be replicated across multiple Distributed DDNS Data Nodes.

  • Distributed DDNS Service Node: The Service Node processes and validates DDNS updates.

    DDNS updates are sent to the closest Anycast-enabled Distributed DDNS Service Node for processing and evaluation. The Service Node validates and securely forwards updates to the Primary DNS server using TSIG.

  • Distributed DDNS Application Node: The Application Node connects to Address Manager and includes an administrative UI to manage configuration of Distributed DDNS Service Nodes.

The following architecture diagram illustrates how these components interact.



Through these components, BlueCat Distributed DDNS provides the following functionality:

  • If the primary DNS Server fails, Distributed DDNS Service nodes queue ongoing updates in a pending list. Updates automatically resume when the primary DNS server is operational.

  • BlueCat Distributed DDNS fully supports all common cryptographic signature methods used in DDNS updates. GSS-TSIG negotiation and enforcement are supported for reverse DNS, including forward DNS. Cryptographic signatures are supported across multiple Active Directory domains. Access control is provided for cases where unsigned updates are needed.

  • Each Distributed DDNS Service Node processes GSS-TSIG signatures asynchronously with improved performance over standard BIND name servers. Multiple Distributed DDNS Service Nodes can be used together using Anycast or load balancing. In this configuration, Distributed DDNS acts as a GSS-TSIG offloading engine for BlueCat DNS Integrity.

  • Distributed DDNS simplifies DDNS permission management, replacing BIND's update policy statement with an intelligently designed rules system that is both more capable and easier to manage.