API change log - BlueCat Edge - Service Point v4.x.x

BlueCat Edge v25.3

[GET | POST | PUT] https://api-<BlueCat.edge.url>/v1/api/discoveryConfigs

The discovery configuration API endpoints have been updated to include the useVmAssignedRole parameter. This is used to indicate whether to use VM-assigned roles for discovery authentication when deployed to service points that are provisioned in AWS and Azure environments.

Additionally, Azure discovery configurations have been updated to support Azure Key Vault support. When configuring the clientId and clientSecret parameters, you can now set the type to azure to indicate that you are using credentials stored in Azure Key Vault.

Finally, the discovery configuration APIs have been updated to support the following new Address Manager discovery configuration options:

forwardToOtherDnsServers—when set to true, if the discovery configuration discovers servers within Address Manager with the Other DNS Server role, servers with this role are treated the same way as BlueCat DNS/DHCP Servers and queries will also be forwarded to servers with the Other DNS Server role.
Note: If you set this parameter to true, the delegatedZonesForwardToOtherDnsServers parameter must also be set to true.
discoverHiddenPrimary—when set to true, the discovery configuration also discovers servers within Address Manager with the Hidden primary role and uses those servers for forwarding queries.
discoverStealthSecondary—when set to true, the discovery configuration also discovers servers within Address Manager with the Stealth secondary role and uses those servers for forwarding queries.
delegatedZonesForwardToOtherDnsServers—when set to true, if the discovery configuration discovers a zone with roles only pointing to a server with the Other DNS Server role, treat the zone as a delegation zone and forward queries to it directly from BlueCat Edge.

[GET] https://api-<BlueCat.edge.url>/v3/api/dnsQueryLogs

The DNS query logs APIs have been updated to include information about the GSLB rule that matched the query and the DNS resolver service that the query passed through. You can now filter DNS query logs using the following path parameters:

gslbRuleId—If a GSLB rule ID is provided, only queries that match against the specified GSLB rule ID are returned.
hasGslbRule—If set to true, only queries that match against a GSLB rule are returned.
drsId—If a DNS resolver service ID is provided, only queries that passed through the specified DNS resolver service are returned.

Additionally, the DNS query log response now contains the following information:

gslbRule—the GSLB rule that was enacted on the query. This includes the ID and name of the GSLB rule, and any health checks that the query matched.
drsId—the ID of the DNS resolver service that the query passed through.

[GET | POST] https://api-<BlueCat.edge.url>/v1/list/dns

[GET] https://api-<BlueCat.edge.url>/v1/list/dns/search

[GET | POST | PUT] https://api-<BlueCat.edge.url>/v2/domainLists/

The domain list APIs have been updated with the removal of dynamic domain list configurations.

[GET] https://<us|eu>.fleet.bluec.at/user/api/v1/servicePoints/{id}

[PATCH] https://<us|eu>.fleet.bluec.at/user/api/v1/servicePoints/{id}/settings

The Service Point settings API has been updated to support the configuration of custom internal networks that will be used by docker and nomad services for internal communication and orchestration. The following new parameters have been added:

internalNetworks—the updated custom internal networks that will be used by docker and nomad services for internal communication and orchestration. The internal networks field includes the following:
- dockerBridgeSubnet—the CIDR block that you would like to use for the docker service communication and orchestration.
- nomadBridgeSubnet—the CIDR block that you would like to use for the nomad service communication and orchestration.
Attention:
- The CIDR blocks must be within the private address space.
- You cannot modify the internal network configurations of a service point if there are services deployed to it. Before modifying the internal network configurations, ensure that you have removed any services that have been deployed.

[GET | POST | PATCH] https://api-<BlueCat.edge.url>/v3/api/sites

The sites APIs have been updated to support the following new configuration options:

soaDefinition—updates the SOA definition for DNS queries that are modified based on a BlueCat Edge policy, such as blocking a query or removing unhealthy answers. When enabled, enter the following information:
- authorityZone—the FQDN of the DNS zone for which the SOA record is authoritative.
- mName—the FQDN of the primary name server for the zone.
- rName—the email address of the domain administrator, represented as a domain name. For example, admin.example.com
- minTtl—(Optional) the minimum TTL value of the zone, in seconds. The value must be between 0 and 86400 seconds inclusively. If left blank, the default value is 300 seconds.
gslbTtl—the maximum TTL for DNS responses sent to customers for GSLB, in seconds.

The following new endpoint has been added to support clearing specific domains from the site cache:

[POST] https://api-<BlueCat.edge.url>/v4/api/sites/{siteId}/clearCache

With the removal of dynamic domain lists, the following APIs have been deprecated and are no longer supported:

[POST] https://api-<BlueCat.edge.url>/v1/api/list/dns/{domainListId}/sourceConfiguration
[POST] https://api-<BlueCat.edge.url>/v1/api/list/dns/{domainListId}/sourceConfiguration/update

BlueCat Edge v25.2.1

[GET] https://<us|eu>.fleet.bluec.at/user/api/v1/servicePoints/images

The GET Service Point images API response has been updated to include the new KVM image.

New endpoints have been added to support the tracking of unique IP address usage within the Edge CI. The following new APIs have been added:

[GET] https://api-<BlueCat.edge.url>/v1/api/licences/dailyUniqueIps
[GET] https://api-<BlueCat.edge.url>/v1/api/licences/peakUniqueIps
[GET] https://api-<BlueCat.edge.url>/v1/api/licences/uniqueIps
[GET] https://api-<BlueCat.edge.url>/v1/api/licences/ipQueryCounts

BlueCat Edge v25.2

[GET | POST | PUT] https://api-<BlueCat.edge.url>/v3/api/sites

The Sites API endpoints have been updated to support the following new parameters:

randomizeAddresses—indicates whether DNS Resolver Service shuffles responses in the Answer section that match the QTYPE of the query. The shuffled responses are limited to A, AAAA, MX, NS, PTR, and SRV QTYPES.
healthCheckIds—a list of health check configuration IDs that the site will use to verify the health of the endpoints.
gslbRuleIds—a list of GSLB rule IDs that will be used to evaluate incoming queries from the site.

[GET | POST | PUT] https://api-<BlueCat.edge.url>/v1/api/namespaces

The /v1/api/namespaces API has been updated to support the new RECURSIVE namespace type. Recursive namespaces support the following new additional parameters:

enableDnsSec—indicates whether to enable DNSSEC validation and validate the authenticity of the DNS responses form the resolvers.
customRootHints—configures custom root hint servers to use instead of public root servers. If you do not include this field, public root servers are used.

New endpoints have been added to support the new Global Server Load Balancing (GSLB) feature. The following new APIs have been added:

[GET | POST | PUT | DELETE] https://api-<BlueCat.edge.url>/v1/api/gslbRules
[GET | POST | PUT | DELETE] https://api-<BlueCat.edge.url>/v1/api/healthChecks
[GET | POST | PUT | DELETE] https://api-<BlueCat.edge.url>/v1/api/healthStatuses

[GET] https://<us|eu>.fleet.bluec.at/user/api/v1/servicePoints

The GET Service Point API response has been updated to include a new warningConditions section that contains a list of warning conditions if there are issues with the Service Point. The following checks are performed and indicate warnings when thresholds are reached:

Disk utilization
- If one or more partitions are between 75% to 85% usage, this triggers a warning.
- If one or more partitions are greater than 85% usage, this triggers an alert.
NTP status
- If NTP is not synced, this triggers a warning.
If Anycast is enabled but not connected/peered with a connected router, this triggers a warning.
If the Service Point is provisioned on an unsupported or unknown platform, this triggers a warning.
DNS server
- If only one DNS server is specified is specified, this triggers a warning.
- If more than one DNS server is specified, if some DNS server checks are failing but at least one DNS server is available, this triggers a warning.
- If more than one DNS server is specified and only one DNS server is available, this triggers an alert.

BlueCat Edge v25.1

GET http://<spv4_ip_address>:2021/v2/diagnostics

DNS Resolver Service v4.0.0 introduces the following changes to the response of the diagnostics endpoint:

All containers now display a memory section within resources that displays the amount of memory allocated to the container. The memory dynamically changes based on the resources available on the service point.
Within the sp-controller-service:
- serviceVersion has been deprecated as of DRS v3.11.x.
- certificates has been removed and is no longer applicable as of DRS v3.11.x
Within parclo-logging:
- Under resources, the logging-endpoint-settings, firehose-settings, and local-persistence sections have been added, and the memory section has been updated. These fields are now dynamic and change based on the resources available on the service point.
Within dns-gateway-service:
- The memory and cache-settings have been added within resources and dynamically change based on the resources available on the service point.

[GET | POST | PUT] https://api-<BlueCat.edge.url>/v1/api/discoveryConfigs

The /v1/api/discoveryConfigs APIs have been updated to support AWS, Azure, and GCP discovery configurations. Additionally, the Address Manager discovery configuration has been updated to support HashiCorp Vault key storage.