How Edge Resolver works - BlueCat Edge - Service Point v4.x.x

BlueCat Edge User Guide

Locale
English
Product name
BlueCat Edge
Version
Service Point v4.x.x

Edge components

Edge Resolver works through the interaction of the following Edge components:
  • Discovery configuration: The discovery configuration defines the environment in which you are discovering DNS data. When configuring the discovery configuration, you define the credentials for the environment that you are working with (currently, only Address Manager is supported), the polling interval at which you are receiving DNS data from that environment, and how failures are handled globally or per environment configuration. You can configure a single discovery configuration to poll multiple Address Manager configurations or views within a single Address Manager server.
  • Discovered domain lists: The discovered domain list is automatically created once you have created a discovery configuration. When new DNS data is discovered, the domains are added to the discovered domain list. You can optionally add user-defined domains to the discovered domain list; however, you cannot remove any domains that were added through the discovery process.
  • Discovery instance: The discovery instance is the service that is deployed to a service point. The discovery instance takes one or more discovery configurations, and uses that information to reach out to the environments configured within the discovery configuration and populate the relevant discovered domain lists with the DNS data that it finds.
  • Discovered namespaces: The discovered namespace enables you to define how to resolve DNS queries from the discovered namespaces. When you configure a discovered namespace, you can define one or more discovery configurations to determine how DNS data is resolved from those environments. When you select a discovery configuration, the Domain lists section of the namespace is automatically populated with the discovered domain list that was created for that discovery configuration. Additionally, you can configure fallback forwarders within the discovered namespace to ensure that the DNS Resolver Service can recursively resolve DNS records that link to non-discovered zones, such as CNAME chains.
  • Sites: The discovered namespace can be attached to a site so that any DNS resolver services that are deployed to that site can correctly handle or forward DNS traffic from those discovered DNS zones.
  • DNS Resolver Service: When the DNS Resolver Service is associated to a site that contains a discovered namespace, the DNS Resolver Service has the insight and information that it can use to correctly resolve DNS queries from those discovered domains.
  • Service Point: The service point consumes the discovery instance service to actively discover DNS data from the environment configured, and/or consumes the DNS Resolver Service to intelligently handle the traffic for the discovered domains.

Multi-namespace resolution workflow

Without the discovery service, namespaces and resolution would be configured as follows:
  1. Domain list definition: You must manually create domain lists that contains the DNS zones that you would like to resolve.
  2. Namespace definition: Namespaces are configured in a specific manner with the following set of rules:
    • Each unique set of DNS forwarders are only configured to resolve a specific list of domains.
    • Individual namespaces must be created for each set of DNS forwarders and their specific domain lists.
    • Each DNS forwarder within a namespace must have the same knowledge of all the domains within the domain list. This is to ensure that the responses are consistent from each forwarder within the namespace.
    • Namespaces must be configured for response-based redirection if a query can be answered by more than one namespace.
  3. Resolve: The DNS resolver service would then use the namespace information to evaluate the incoming queries from the client to assess which namespace matched the incoming query, and forward the query to a forwarder for that namespace.

Edge Resolver workflow

Discover service alleviates issues with managing multi-namespaces through the following process:
  1. Discover: When you have discovery configurations created, you can associate one or more discovery configurations to a discovery instance. Once the discovery instance has been deployed a service point, it fetches DNS data from the configured environments. The discovery instance then feeds the DNS zone data into the respective discovered domain lists within the Edge Cloud.
  2. Resolve: The DNS resolver service that contains the discovered namespace information intelligently handles client queries and responses between the discovered DNS zones, reducing the work associated with manually creating forwarding rules that are regularly updated by automated mechanisms or manually as DNS zones scale.