Deploy to Azure - BlueCat DNS Edge

DNS Edge User Guide

English (United States)
Product name
BlueCat DNS Edge

This section gives detailed instructions for deploying a DNS Edge service point to Azure.


The following prerequisites must be met before you begin:
  • You need a configuration file for a service point. Don't include spaces in the service point configuration file name.
  • You need a valid Azure subscription.
Note: The IDs for these resources are referenced during the service point deployment, so before you begin, collect these IDs.
Attention: The service point version of the site must be v3.0.6 or greater to deploy a service point on Azure.
Deploying the service point to Azure using BlueCat DNS Edge Service Point:
  1. Log in to the Azure portal.
  2. Click Create a resource.
  3. Search for BlueCat, and select BlueCat DNS Edge Service Point. Optionally, you can open the Marketplace blade from your Dashboard to search.
  4. Click Create.
  5. In the Basics tab, complete the following required settings:
    • Subscription: Select your subscription.
    • Resource Group: Create a new resource group or select an existing resource group.
    • Virtual machine name: Enter a name for the VM.
    • Region: Choose your Azure region. BlueCat recommends that you choose an Azure region where the BlueCat recommended default instance size of Standard F2s is available.
    • Authentication type: Select SSH public key.
    • Username: Enter core as the username.
    • SSH public key: Enter the RSA public key for SSH access.
  6. In the Disks tab, complete the following required settings:
    • OS disk type: Select your preferred disk type.
  7. In the Networking tab, complete the following required settings:
    • Virtual network: Select your virtual network.
    • Subnet: Select the subnet for your virtual network.
    • Public IP: Optionally, you can also add a public IP address.
    • Configure Network Security Group: Enter the network security group ID. By default, the BlueCat network security group ID is selected and contains all required inbound port rules. If you create a new security group, you must make sure inbound and outbound access is configured per the requirements listed in BlueCat DNS Edge User Guide system setup.
    Note: You must configure your network so that the service point has internet connectivity to the DNS Edge Cloud Endpoints as outlined in the BlueCat DNS Edge User Guide system setup.
  8. In the Management tab, you can configure optional monitoring and management options for your VM. For most environments, BlueCat recommends that you keep the default system settings values when possible. Only change these settings where your environment requires it.
  9. In the Advanced tab, paste the content of the decoded cloud configuration file into the Custom data field.
    • You must download the service point configuration file from the Sites details page. For more information, refer to Sites.
    • The service point configuration file is a Base64 file. You must decode the file using any Base64 decoding tool.
    • The config file is only valid for 48 hours. If you deploy a service point on Azure more than 48 hours after the initial config file was downloaded, you must download a new config file to use during the deployment.
  10. In the Tags tab, you can configure optional tags to which your VM will be associated.
  11. When you are done, click Review + create to start the validation process. When validation is complete, you can start the VM or download the template.
Attention: Once you have deployed a service point, use the service point diagnostics API to verify that the service point has successfully registered. The registrationStatus field within the service point diagnostics API response returns a value of SUCCESSFUL when the service point has successfully registered with the DNS Edge Cloud. If the value is not SUCCESSFUL, this may indicate that there is an issue with the service point deployment and the service point may not operate as intended.

For more information on the service point diagnostics API, refer to Service point diagnostics API.

Deploying behind a native load balancer

After you've deployed service points in Azure, you might want to configure a native load balancer.
  1. Create a load balancing following the Microsoft Azure instructions.
  2. Create a backend pool associated to the availability set.
  3. Create a health probe on HTTP, port 80, path "/v1/status/health".
    Note: Each time the health check API is called by the load balancer, a query will be logged in the UI for the TXT record "version.bind".
  4. Configure two load balancer rules; one for TCP and one for UDP, both on port 53 and using the backend pool and the health check probe.