Amazon Route 53 is a scalable cloud DNS web service hosted in Amazon Web Services (AWS). When Cloud Discovery & Visibility (CDV) imports DNS resource record data into BlueCat Address Manager for Route 53 resources, it creates a private and public Route 53 DNS view in Address Manager. CDV populates those areas with associated zone, subzones, and resource records.
For more details on those restrictions, see Setting up discovery and visibility of HTTPS and SVCB record types below.
If an IP address is associated with an A or AAAA record and the IP address exists within an imported VPC network from AWS, a Host record is created in Address Manager. If the IP address does not exist within an imported VPC network, a Generic record is created in Address Manager.
SSHFP and TLSA records are imported as General records with a value equal to the record's value on AWS.
If a CNAME, SRV, or MX hostname does not exist within Address Manager, CDV creates an external host record sbased on the hostname in Address Manager.
CDV supports resource records that use Traffic Policies. When importing these records into BAM, the Traffic Policy Document Format is stored in the record's Meta data.
For example, say you have an AWS Route 53 private hosted zone with multiple DNS resource records:
When CDV imports those records into Address Manager, it creates a Route 53 private view and populates it with the appropriate Route 53 private hosted zone data.
Setting up discovery and visibility of HTTPS and SVCB record types
Importing of HTTPS and SVCB record types has some additional requirements:
CDV must be importing discovered resources into Address Manager v9.6.0 or greater.
Your deployment of CDV must use Gateway's REST v2 API Client (not the Legacy REST v1 API).
To make sure that the deployment includes the REST v2 API Client, when deploying the
CDV docker container, make sure that the docker run or
podman run command that deploys CDV includes the following
environment variable:
BAM_AUX_API = trueFor more details on deploying CDV, see:
Route 53 alias records
Cloud Discovery & Visibility supports Route 53 alias records, including for HTTPS, SVCB, TLSA, and SSHFP records. Within Address Manager, alias record details are stored in three UDFs:
Alias Record: This UDF stores the record type to which the alias record points, which is itself a separate alias record and
CNAMErecord.Evaluate Target Health: Stores the health of the record.of the alias record as a True or False value.
Zone ID: Stores the ID of the zone.
Alias records themselves are imported into Address Manager using the following naming convention:
_<type>._alias.<zone>If an alias record with the same name but a different alias record type already exists in the CDV database, CDV will not import the duplicate record into BAM, but will still store it internally in the CDV database. Later, if one of the alias records is deleted, the first valid duplicate (based on timestamp) will be imported into BAM in its place.
For example, there are three alias records named alias
record-01.test_private.zone1 in the CDV database, one with an A record,
one with an MX record, and one with a AAAA record, in that timestamp order. The A
record was the first and is the record imported into BAM. Later, the A record is
deleted. CDV will then check the timestamps of the duplicate records, make sure that
the newest one (the MX record) is still valid, and import the MX alias record into
BAM.
The following example illustrates an AWS Cloud with the Route 53 alias,
alias.test.public.
Within Address Manager, these records would appear as follows: