Configuring GSS regions - Adaptive Applications - BlueCat Gateway - 22.1

Global Server Selector Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
22.1
GSS regions are used for the following three purposes:
  1. As a health-check region where GSS servers are deployed.
  2. As a client region that will be configured on DNS servers.
  3. As an answer region that contains service instances for applications managed by GSS.

For more information on regions, refer to Preparing the DNS architecture for the GSS Adaptive Application.

The GSS regions are defined using Tag objects in Address Manager. During the installation of the GSS workflow, the Traffic Steering tag group is created and used for storing GSS configuration information. It also contains a hierarchy of Tag objects created within the group.



To configure GSS regions:
  1. Log in to BlueCat Gateway.
  2. Under AVAILABLE ACTIONS, click DNSTrafficSteering > Region Management.
  3. Under Region Name, enter the name of the region.
  4. Under Region Type, set the following parameters:
    • CLIENT REGION—select this option for GSS to create a regional RPZ containing answers for a group of clients.
    • ANSWER REGION—select this option to assign answers to this region and include that group of answers in the search order for a client region.
    • HEALTH CHECK REGION—select this option to assign GSS servers to this region. A health check region is associated with a set of client regions.
    • DEFAULT HEALTH CHECK REGION—select this option for the region where you will deploy the GSS servers responsible for the Default search order. This is a health check region and it can be associated with a set of client regions.
      Note:
      • Do not create the Default.status.gss.bluecat zone before assigning the DEFAULT HEALTH CHECK REGION. When this role is assigned to a region, the Default.status.gss.bluecat zone will be automatically created.
      • Only one region can have the DEFAULT HEALTH CHECK REGION role. You cannot configure both HEALTH CHECK REGION and DEFAULT HEALTH CHECK REGION for a single region.
    • SEPARATE VIEW—select this option for client regions where the RPZ will be applied to selected client IP addresses using a DNS view. GSS creates the DNS view, RPZ, and a TSIG key used for the management of this zone.
  5. Click Add to create a new region. Click Update to update an existing region or click Delete to delete the region.
    Note: You must remove all references to a region from application configurations before proceeding to delete the region.

Once you have created the necessary client regions, add authoritative DNS roles for the associated RPZ zones (Primary, Hidden Primary, Secondary or Stealth Secondary) to the servers where you will be adding RPZ options, and deploy the changes to the relevant servers.

Once you have created the required health check regions, add authoritative DNS roles for the associated Status zones. These roles should match those assigned to the RPZ in the same region.

Assigning client regions to health check regions

Once you have added DNS roles to both the client regions and health check regions, you must assign client regions to the health check region. This configures GSS servers in the health check region to update the RPZ for the assigned client regions.

Client regions are assigned to health check regions by creating a client_region TXT record in the status zone of the health check region. The value of the TXT record is the name of the associated client region. You can have multiple TXT records linking more than one client region to a single health check region.

Where the DNS roles on RPZs match the the roles configured on the associated Status zone and each health check region has a different DNS primary, the GSS Region Management workflow can automatically assign client regions to health check regions.

To assign client regions to health check regions:
  1. Log in to BlueCat Gateway.
  2. Under AVAILABLE ACTIONS, click DNSTrafficSteering > Region Management.
  3. Select the health check region to be updated.
  4. Click Rediscover Region.

If GSS can identify associated client regions, it links them to the health check region by adding the client_region TXT records. If GSS cannot identify the associated client regions, an error is returned.