Creating recursive namespaces - BlueCat Edge - Service Point v4.x.x

BlueCat Edge Deployment Guide
ft:locale
en-US
Product name
BlueCat Edge
Version
Service Point v4.x.x

Create a namespace that can be used to perform external recursive functions.

  1. In the top navigation bar, click and select Namespaces.
  2. To add a new namespace, click New and select Recursive.
  3. Enter the name and description.
  4. Select Set TTL for DNS records to override the TTL of the DNS response. In the Maximum TTL field, enter the TTL of the response in seconds. The value must be between 0 and 2147483647 inclusively.
  5. Select Set TTL for negative responses to serve DNS responses that return NXDOMAIN based on the defined TTL. In the Negative Cache TTL field, enter the maximum TTL applied to responses that return NXDOMAIN responses, in seconds. The value must be between 0 and 2147483647 inclusively.
  6. Select EDNS Client Subnet to configure the EDNS Client Subnet (ECS) option. The ECS option allows the namespace to forward the subnet information in DNS queries to downstream servers for geographical evaluation. In the IPv4 Source Prefix field, enter a number between 0-32 of the IPv4 prefix of the subnet. In the IPv6 Source Prefix field, enter a number between 0-128 of the IPv6 prefix of the subnet.

    If you select Override, the namespace applies the specified IPv4 or IPv6 prefix as the ECS value, overriding any existing ECS value of incoming DNS queries. On the response, the inbound ECS value will be restored.

    If Override is not selected, the existing ECS value is forwarded in queries and responses if the value is present on the incoming query. For queries that do not contain an ECS value, one will be added using the specified IPv4 Source Prefix or IPv6 Source Prefix. On the response, the inbound ECS value will be restored.

    If you do not configure the EDNS Client Subnet fields, the ECS value is removed from incoming DNS queries before they are forwarded, but is restored on the response.

  7. The Serve Expired Queries from cache option allows you to get answers from cache expired responses when responses would be SERVFAIL, or answers cannot be retrieved and generate SERVFAIL for various reasons, such as timeout. Select one of the following options:
    • Do not serve expired queries from cache
    • Serve expired queries from cache for a period of 1 hour from time of expiry (Default)
    • Serve expired queries from cache for a period of 24 hours from time of expiry
  8. Under DNSSEC, select Enable validation to enable DNSSEC validation and validate the authenticity of the DNS responses form the resolvers.
  9. (Optional) Under Root hints, select one of the following options:
    • Use internal root hints: Select this option to use internet root hint servers.
    • Use custom root hints: Select this option to use a custom root hint server. If you select this option, enter the following additional information:
      • TTL: The TTL value of the cache, in seconds. The default value is 86400 seconds (24 hours).
      • Server: The FQDN of the root server.
      • IP addresses: The IP address of the root server.
        Note: You must include at least one valid IPv4 address.
      Note: If you select Use custom root hints, you cannot select Enable validation.
  10. For Response Codes, enter one or more DNS query response codes. The DNS query response code can be one of the following:
    • NOERROR
    • NODATA
    • FORMERR
    • SERVFAIL
    • NXDOMAIN
    • NOTIMP
    • REFUSED
    • YXDOMAIN
    • YXRRSET
    • NXRRSET
    • NOTAUTH
    • NOTZONE
    • DSOTYPENI
    • BADVERS
    • BADSIG
    • BADKEY
    • BADTIME
    • BADMODE
    • BADNAME
    • BADALG
    • BADTRUNC
    • BADCOOKIE

    If any of the configured DNS query responses are returned to this namespace, the next namespace within a site will attempt to resolve the DNS queries. By default, NXDOMAIN is configured.

    Note: NODATA is a specific case of the NOERROR DNS response code that occurs when a query receives a response with no record matching the query type. If you configure the NODATA response code, Edge uses the next namespace within a site to attempt DNS query resolution.
    Note: This only applies to sites configured with more than one namespace.
  11. Add domain lists (optional):
    • Under Match List, enter the domain list(s) you want this forwarder to be used for. If there is no match list, then this namespace will be used for all queries, except any exceptions.

      If you are configuring a Discovered namespace, under Additional match list, enter the additional IP list(s) that you want this forwarder to be used for. If there is no match list, then this namespace will be used for all queries matching the Discovered match list.

    • Under Exception List, add any domain list(s) that contain exceptions, if applicable.
    In total, you can add up to 20 domain lists, each with a maximum of 100,000 domains. Also, there is a 100 MB limit to the combined size of all domain lists associated with all of the namespaces.
    • If match lists are added, the namespace applies to queries matching the domains in the list.
    • If a query is in both the match list and the exception list, the exception applies.
    • If no match lists are added, the namespace applies to all queries other than those in exception lists.
  12. Add IP lists (optional):
    • Under Match List, enter the IP list(s) you want this forwarder to be used for. If there is no match list, then this namespace will be used for all queries, except any exceptions.
    • Under Exception List, add any IP list(s) that contain exceptions, if applicable.
  13. Click Save.
  14. To delete a namespace, select it and click Delete. If the namespace is active and associated with one or more sites, you can't delete the namespace unless you deactivate it.