Creating a site - BlueCat Edge - Service Point v4.x.x

BlueCat Edge User Guide
ft:locale
en-US
Product name
BlueCat Edge
Version
Service Point v4.x.x

  1. In the top navigation bar, click and select Sites.
  2. Click New to add a new site, or select an existing site and click Edit, and complete the following information:
    • Name: Enter the site name.
      Note: If you're configuring a site to use a namespace that's configured for the Cisco Umbrella integration, the site name must not be more than 45 characters in length.
    • Location: Enter the site address, city, and country. This will be converted into longitude and latitude when the site is saved.
    • Service Version: Select the software version that will be operating on service points deployed from this site.
      Note:
      • If you are editing a site, you cannot update the service version.
      • The service version of the site must be v3.0.6 or greater to deploy a service point on AWS or Azure, or deploy to Service Point.
    • Under DNS options, select the following options to modify DNS responses:
      • Add identity information to queries: DNS queries include a mapping of user IDs, in addition to client IP addresses. This information is retrieved by the identity service when Azure Event Hub is configured to use Microsoft Active Directory. This authorization allows requests to extract data from the event logs stored in Azure Event Hub.
        Note: You must have identity services enabled to collect this information. For more information, refer to Identity services.
      • Randomize host record order in Answer section: DNS Resolver Service shuffles responses in the Answer section that match the QTYPE of the query. The shuffled responses are limited to A, AAAA, MX, NS, PTR, and SRV QTYPEs.
      • Custom SOA for Edge-policied responses: Updates the SOA definition for DNS queries that are modified based on a BlueCat Edge policy, such as blocking a query or removing unhealthy answers. When enabled, enter the following information:
        • Authority zone: The FQDN of the DNS zone for which the SOA record is authoritative.
        • Primary name server (MNAME): The FQDN of the primary name server for the zone.
        • Zone admin email (RNAME): The email address of the domain administrator, represented as a domain name. For example, admin.example.com
        • Minimum TTL: (Optional) The minimum TTL value of the zone, in seconds. The value must be between 0 and 86400 seconds inclusively. If left blank, the default value is 300 seconds.
    • Query logging: Select one or multiple query logging options.
      • Edge cloud console: DNS queries are stored in your Edge Cloud Console.
        Note: If the Edge Cloud Console option is not selected, DNS queries will neither be stored nor visible in your Edge Cloud Console.

        For more information on custom logging, refer to Custom Logging.

      • Custom logging endpoint: DNS queries are sent to a custom logging endpoint. If you enable this query logging option, select a logging endpoint in the dropdown.
        Note: You must create at least one logging endpoint to select the Custom logging endpoint option.
    • Namespaces: Type the user-defined, discovered, or recursive namespace you would like attached to the site. When you type the namespace, you will see suggestions of the existing namespaces that match the entered value. The order in which you add a namespace onto a site is the order in which the service points of that site will process queries. To reorder the namespaces of a site, drag and drop the namespaces in the order you desire.

      Starting in DRS v3.7.0, when a query comes in for a namespace where all the configured forwarders are unreachable, it temporarily marks all forwarders as down and skips them for any queries in that namespace until they become available. Health checks are performed on the forwarders every second and after 5 failed attempts to resolve a query, it marks the forwarder as down until a single successful response is received. This accelerates the DNS response time to the client and logs the timed-out queries as a SERVFAIL.

      If SERVFAIL is added as a condition to the Response Code, DRS will try to resolve the query in the next available namespace configured on the site.

      Note:
      • You must configure a site with at least one namespace and the maximum number of namespaces is dependent on Edge licenses.
      • You can override the default forwarder IP addresses by entering a different IP address.
      • To ensure optimal latency in sites using more than three namespaces, BlueCat recommends using Domain Lists to configure appropriate routing criteria.
      Attention: Some namespace features might not be applied as expected on service points within Sites that are running an older service version. BlueCat recommends running the latest service version to ensure that all namespace features function as expected.
    • (Optional) Under GSLB service, enter the GSLB configurations that you would like to add to the site:
      • Health check configurations: enter the name of the health check configurations that the site will use to verify the health of the endpoints.

        For more information on custom logging, refer to Configuring GSLB rules.

      • GSLB rules: enter the name of the GSLB rules that will be used to evaluate incoming queries from the site.

        For more information on custom logging, refer to Configuring GSLB health check configurations.

      • Under Additional GSLB settings, select the following additional GSLB option:
        • Set TTL for DNS response: select this check box to set a maximum TTL for DNS responses sent to clients for queries that match a GSLB rule.

          If you select this check box, enter a custom TTL value in the DNS record TTL field, in seconds. The value must be between 0 and 604800 seconds inclusively. The default value is 5 seconds.

  3. Click Save to save the new site.
  4. To delete a site, select it and click Delete. The delete button is only active if there are no service points configured for the site and no linked policies.