Service Point v4 platform change log - BlueCat Edge - Service Point v4.x.x

BlueCat Edge Deployment Guide

Product name
BlueCat Edge
Service Point v4.x.x

The following section outlines changes that have been made between Service Point v4 platform versions:

Attention: Before you deploy a specific version of DNS resolver service, ensure that the version that you are deploying is supported on the Service Point v4 version that you have provisioned. For more information, refer to Software support matrix.


  • Introduces support for provisioning Service Point v4 on Nutanix Acropolis v6.5.3.6 LTS or greater.
  • Introduces support for provisioning Service Point v4 on BlueCat hardware appliances.
    Note: You can only provision Service Point v4 on the following BlueCat hardware appliance models:
    • BDDS-25
    • BDDS-50
    • BDDS-75
    • BDDS-125
    • XMB4
  • Introduces a fix for an issue discovered where redeployment of service instances to a Service Point would fail if the service instance was previously deployed to the Service Point and deleted.
  • Includes a fix for CVE-2023-48795: SSH Terrapin vulnerability.


  • Introduces the ability update the IPv4 and IPv6 addresses of the service point without removing DNS resolver service, reducing service disruption.
  • Introduces a fix for an issue discovered in an earlier version of Service Point where the service point would continue to use an old certificate after it has successfully renewed the certificate.


  • Introduces a fix for an issue discovered in earlier versions of Service Point where new or redeployment of DNS resolver service would be unsuccessful, resulting in an unhealthy DRS status.
  • Introduces a fix for an issue discovered in earlier versions of Service Point where local logging for Edge services can encounter an internal failure. This can result in degraded service point performance due to high resource utilization.


  • Introduces support for Bidirectional Forwarding Detection (BFD) to monitor the link status for fast convergence with BGP and OSPF Anycast protocols. Configuring BFD reduces the amount of time to prompt the router to remove the unhealthy service point from its database, preventing DNS queries from reaching the unhealthy service point and improving resolution resiliency.
  • Introduces a fix for an issue discovered in Service Point v4.5.0 and earlier versions configured with DNS resolver service. Previously, the Anycast service may become unresponsive when the DNS query logging service could not handle excessive DNS query traffic.

    This fix prioritizes DNS resolution and maintains the Anycast service in the event that DNS query logging service becomes unavailable. The Service Point performs a service readiness check of the DNS resolver service every second. If three consecutive checks fail, the Anycast service is temporarily turned off until the DRS service is able to resolve queries.


  • Introduces support for BlueCat Edge ID Proxy.

    The BlueCat Edge Identity service allows you to collect User Principal Name (UPN) information by parsing directory event logs stored in an Azure Event Hub. Once the Identity service has been granted credentials and given details for the appropriate Azure Event Hub where the logs are stored, it collects a map of UPN to IP address information. This information is then embedded in EDNS in DNS queries forwarded to Cisco Umbrella for processing. This enables Cisco Umbrella to enforce user or group policies on queries and is intended to be a replacement for Cisco Virtual Appliances (VA).

  • Introduces support for advanced threat service.

    The advanced threat service introduces enhancements to the existing threat service by augmenting and improving the accuracy of threat detection providing the ability to tune the output of the system. Once the advanced threat service has been configured, the service point evaluates DNS queries and flags any suspicious queries. You can view queries that have been flagged using the advanced threat service by filtering queries in the DNS activity page with the Advanced DGA Threat Indicator.

Attention: Applying Service Point Hotfix v4.4.2 before upgrading to Service Point v4.5.0

Before you upgrade from Service Point v4.4.1 to Service Point v4.5.0, you must first apply Service Point Hotfix v4.4.2 to your Service Point v4 instance.

To apply Service Point Hotfix v4.4.2, run the following command from your console:
ssh [SSH_ARGS] <service-point> sudo -E env "PATH=$PATH:/opt/bluecat/bin/" hotfix sp-4.4.2
  • [SSH_ARGS] represents optional SSH arguments.
  • <service-point> represents the IP address or host name of the Service Point v4 instance.

The Service Point instance applies the hotfix. Once the hotfix has successfully applied, you can perform an upgrade to Service Point v4.5.0


  • Introduces a fix where Service Point v4 upgrades may fail due to insufficient disk space caused by large snapshots. These snapshots are created during the upgrade process for rollback purposes.


  • Introduces support for provisioning a smaller disk version of Service Point v4 instances on Cisco ENCS devices.


  • Initial introduction of support for Service Point v4 instances.