Service Point v4 platform change log - BlueCat Edge - Service Point v4.x.x

BlueCat Edge Deployment Guide

Locale
English
Product name
BlueCat Edge
Version
Service Point v4.x.x

The following section outlines changes that have been made between Service Point v4 platform versions:

Attention: Before you deploy a specific version of DNS resolver service, ensure that the version that you are deploying is supported on the Service Point v4 version that you have provisioned. For more information, refer to Software support matrix.

4.7.1

  • Introduces support for BDDS appliances with fiber network configurations.
  • Resolves an issue with the library used to read HTTP proxy environment variables where the Service Point would incorrectly produce empty values for those proxy settings, resulting in communication issues between the Service Point and Edge Cloud.
  • Resolves an issue where the Service Point might time out and fail to pull the DNS Resolver Service image after 2 minutes. The time out has now been increased to 30 minutes.
  • Resolves an issue where the DSR VIP configured on a Service Point would respond to ARP requests, breaking the DSR load balancing with the load balancer.
  • Resolves an issue where a Service Point service could miss a heartbeat interval if the Service Point was under high load, resulting in the service instance job shutdown and a DNS Resolver Service outage.

4.7.0

  • Introduces new capabilities with NTP service. You can now configure NTP servers that the service point will use to synchronize time. Additionally, you can now point end-user devices to the service point as an NTP source.
  • Introduces support for Edge Resolver service.

    Edge Resolver introduces a new discovery service that can be configured to discover DNS forward and reverse lookup zones across multiple Address Manager configurations and DNS views. The zones discovered by the service are then stored in the Cloud Instance where they are then distributed to the DNS Resolver Service (starting in version 3.11.0). This is done through Site configurations containing Discovered Namespaces. The Discovered Namespaces can be further configured to provide granular control over different discovered environments. In the Discovered Namespace, you can also configure fallback forwarders for the DNS Resolver Service to use to recursively resolve queries for all other zones not found by the discovery service.

    The discovery service uses user-supplied configurations to discover one or more DNS spaces across Address Manager. Each DNS zone that is discovered also contains information about the DNS servers that are authoritative for that zone or forwarder of that zone. With this understanding of per-zone forwarders, BlueCat Edge can now perform resolution across these DNS zones without the need to specify forwarders for the namespace.

    Once you have discovered the DNS information, deploy DRS to the service point that provides recursive resolution. DRS evaluates any domains found in the Address Manager list and its internal knowledge of cloud zones to resolve any query needs to follow CNAME chains.

  • Introduces enhancements to troubleshooting scripts.
  • Resolves an issue where ports and port labels might become inconsistent when provisioning Service Point on BlueCat hardware appliances, leading to network connection issues.
  • Resolves an issue where the Service Point installed a version of the OpenSSH package that supported the SHA1 algorithm, which had a serious security vulnerability. This issue has been resolved by upgrading to a newer version of the OpenSSH package which removes support for SHA1.

4.6.3

  • Introduces support for provisioning Service Point v4 on Equinix Network Edge.

4.6.2

  • Introduces support for provisioning Service Point v4 on Nutanix Acropolis v6.5.3.6 LTS or greater.
  • Introduces support for provisioning Service Point v4 on BlueCat hardware appliances.
    Note: You can only provision Service Point v4 on the following BlueCat hardware appliance models:
    • BDDS-25
    • BDDS-50
    • BDDS-75
    • BDDS-125
    • XMB4
  • Introduces a fix for an issue discovered where redeployment of service instances to a Service Point would fail if the service instance was previously deployed to the Service Point and deleted.
  • Includes a fix for CVE-2023-48795: SSH Terrapin vulnerability.

4.6.1

  • Introduces the ability to update the IPv4 and IPv6 addresses of the service point without removing DNS resolver service, reducing service disruption.
  • Introduces a fix for an issue discovered in an earlier version of Service Point where the service point would continue to use an old certificate after it has successfully renewed the certificate.

4.6.0

  • Introduces a fix for an issue discovered in earlier versions of Service Point where new or redeployment of DNS resolver service would be unsuccessful, resulting in an unhealthy DRS status.
  • Introduces a fix for an issue discovered in earlier versions of Service Point where local logging for Edge services can encounter an internal failure. This can result in degraded service point performance due to high resource utilization.

4.5.1

  • Introduces support for Bidirectional Forwarding Detection (BFD) to monitor the link status for fast convergence with BGP and OSPF Anycast protocols. Configuring BFD reduces the amount of time to prompt the router to remove the unhealthy service point from its database, preventing DNS queries from reaching the unhealthy service point and improving resolution resiliency.
  • Introduces a fix for an issue discovered in Service Point v4.5.0 and earlier versions configured with DNS resolver service. Previously, the Anycast service may become unresponsive when the DNS query logging service could not handle excessive DNS query traffic.

    This fix prioritizes DNS resolution and maintains the Anycast service in the event that DNS query logging service becomes unavailable. The Service Point performs a service readiness check of the DNS resolver service every second. If three consecutive checks fail, the Anycast service is temporarily turned off until the DRS service is able to resolve queries.

4.5.0

  • Introduces support for BlueCat Edge ID Proxy.

    The BlueCat Edge Identity service allows you to collect User Principal Name (UPN) information by parsing directory event logs stored in an Azure Event Hub. Once the Identity service has been granted credentials and given details for the appropriate Azure Event Hub where the logs are stored, it collects a map of UPN to IP address information. This information is then embedded in EDNS in DNS queries forwarded to Cisco Umbrella for processing. This enables Cisco Umbrella to enforce user or group policies on queries and is intended to be a replacement for Cisco Virtual Appliances (VA).

  • Introduces support for advanced threat service.

    The advanced threat service introduces enhancements to the existing threat service by augmenting and improving the accuracy of threat detection providing the ability to tune the output of the system. Once the advanced threat service has been configured, the service point evaluates DNS queries and flags any suspicious queries. You can view queries that have been flagged using the advanced threat service by filtering queries in the DNS activity page with the Advanced DGA Threat Indicator.

Attention: Applying Service Point Hotfix v4.4.2 before upgrading to Service Point v4.5.0

Before you upgrade from Service Point v4.4.1 to Service Point v4.5.0, you must first apply Service Point Hotfix v4.4.2 to your Service Point v4 instance.

To apply Service Point Hotfix v4.4.2, run the following command from your console:
ssh [SSH_ARGS] <service-point> sudo -E env "PATH=$PATH:/opt/bluecat/bin/" hotfix sp-4.4.2
Where
  • [SSH_ARGS] represents optional SSH arguments.
  • <service-point> represents the IP address or host name of the Service Point v4 instance.

The Service Point instance applies the hotfix. Once the hotfix has successfully applied, you can perform an upgrade to Service Point v4.5.0

4.4.2

  • Introduces a fix where Service Point v4 upgrades may fail due to insufficient disk space caused by large snapshots. These snapshots are created during the upgrade process for rollback purposes.

4.4.1

  • Introduces support for provisioning a smaller disk version of Service Point v4 instances on Cisco ENCS devices.

4.4.0

  • Initial introduction of support for Service Point v4 instances.