Cloud access requirements - BlueCat DNS Edge

DNS Edge Deployment Guide

prodname
BlueCat DNS Edge

The following section lists out CNAME records and endpoints that the Service Point must be able to resolve and connect to, ensuring that the Service Point can successfully communicate with the DNS Edge Cloud.

The Service Point must be able to lookup and resolve the following CNAME records before it can successfully connect to the DNS Edge Cloud:
  • cwlogs-<customer name>.edge.bluec.at
  • cwmetrics-<customer name>.edge.bluec.at
  • kinesis-<customer name>.edge.bluec.at
  • spm-<customer name>.edge.bluec.at

Where <customer name> is the name of your DNS Edge Cloud instance. For example, if your DNS Edge Cloud instance name is demo, a CNAME record that must be resolvable would be cwlogs-demo.edge.bluec.at.

If your Service Point has direct access to the DNS Edge Cloud, the Service Point must be able to resolve and connect to the following endpoints:
Note: These endpoints change periodically –– you must add them to the allowlist to prevent them from being blocked.
  • *.bluec.at – Used to communicate with the DNS Edge Cloud API and UI.
    Note: The Service Point must be able to resolve records in the *.bluec.at zone without the use of a proxy.
  • *.us-west-2.elb.amazonaws.com – Used to check for changes in the configuration, such as policy and namespace updates.
  • logs.us-west-2.amazonaws.com – Used to send container logs and system-level logs for BlueCat to monitor and troubleshoot.
  • monitoring.us-west-2.amazonaws.com – Used to send various system metrics for BlueCat to monitor and troubleshoot.
  • firehose.us-west-2.amazonaws.com – Used to send all DNS events that flow through the Service Point to the DNS Edge Cloud.
  • *.ecr.us-east-1.amazonaws.com – Used to pull updated docker images during upgrades.
  • public.update.core-os.net – Used by the CoreOS of the Service Point to poll for updates.
  • prod-us-east-1-starport-layer-bucket.s3.us-east-1.amazonaws.com – Used to pull updated docker images during upgrades.
  • update.release.core-os.net – Used by the CoreOS of the Service Point to poll for updates.

If you are using a proxy, the proxy must be able to resolve and connect to the previously mentioned endpoints. Your Service Point must only be able to resolve and connect to your proxy.

Note: If you have requested to have your DNS Edge Cloud deployed in Europe, contact BlueCat Customer Care for assistance with configuring the cloud access requirements.