Configuring continuous visibility of DNS records - Adaptive Applications - BlueCat Gateway - 22.7

BlueCat Overlay for Microsoft

Locale
English
Product name
BlueCat Gateway
Version
22.7

Continuous visibility of DNS records occurs using the Secondary Zone Notification deployment option on DNS/DHCP Server. For more information on configuring the Secondary Zone Notification deployment option, refer to Secondary Zone Notifications deployment option.

Prerequisites

Before you begin, ensure that the following prerequisites are met:
  • You have a DNS/DHCP Server under Address Manager control. This will be used to monitor the zone.
  • You have a Windows DNS server that is authoritative for the zone. This will be configured to send notifies and zone transfer to the DNS/DHCP Server.
Note: Only a single Primary server can be configured, and it must be a single server and not a load balancer. Although Active Directory DNS supports multiple Primary DNS servers, different servers can have inconsistent versions of the zone but the same serial number. The DNS/DHCP Server will request an incremental zone transfer of differences based on the serial number of the last version of the zone. It is important that this request is made to the same Primary DNS server as the previous request.
To configure continuous visibility of DNS records
  1. Within the Configure Sync (Read) workflow, select the Secondary Zone Notifications Enabled? option under the Additional Settings section.
  2. Configure the Windows DNS server to allow zone transfers to the DNS/DHCP Server and to send DNS notifications to this server.
    For example, where you are not using zone transfers with other servers, configure the zone using the following command on the Windows DNS server:
    PS C:\> Set-DnsServerPrimaryZone -Name "western.contoso.com" -Secondaries 192.61.100.12 -NotifyServers 198.51.100.12 
    -SecureSecondaries "TransferToSecureServers" -Notify "NotifyServers" -PassThru

    Where the zone is "western.contoso.com" and the IP address of your BlueCat DNS/DHCP Server is 198.51.100.12.

    You can also configure these options using the Manage DNS Zone workflow by configuring the following DNS options:
    • Notify: set to Explicit.
    • Notify Additional Servers: set to the IP address of the BlueCat DNS/DHCP Server. For example, 192.51.100.12.
    • Allow Zone Transfer: set to the IP address of the BlueCat DNS/DHCP Server. For example, 192.51.100.12.
  3. Add a Primary role for the Windows DNS server in the zone in Address Manager.
  4. Add a Secondary role for the DNS/DHCP Server in the zone in Address Manager.
  5. Add a deployment option to enable the Secondary Zone Notifications for the DNS/DHCP Server.
  6. Deploy the DNS role to the DNS/DHCP Server.

The DNS/DHCP Server performs a zone transfer and the current contents of the zone will be imported into Address Manager. Subsequent changes within the zone are updated in Address Manager once they have been received by the DNS/DHCP Server.