- As a health-check region where GSS servers are deployed.
- As a client region that will be configured on DNS servers.
- As an answer region that contains service instances for applications managed by GSS.
For more information on regions, refer to Preparing the DNS architecture for the GSS Adaptive Application.
The GSS regions are defined using Tag objects in Address Manager. During the installation of the GSS workflow, the Traffic Steering tag group is created and used for storing GSS configuration information. It also contains a hierarchy of Tag objects created within the group.
- Log in to BlueCat Gateway.
- Under AVAILABLE ACTIONS, click .
- Under Region Name, enter the name of the region.
- Under Region Type, set the following parameters:
- CLIENT REGION—select this option for GSS to create a regional RPZ containing answers for a group of clients.
- ANSWER REGION—select this option to assign answers to this region and include that group of answers in the search order for a client region.
- HEALTH CHECK REGION—select this option to assign GSS servers to this region. A health check region is associated with a set of client regions.
- DEFAULT HEALTH CHECK REGION—select this option
for the region where you will deploy the GSS servers responsible for the
Default search order. This is a health check region and it
can be associated with a set of client regions.Note:
- Do not create the
Default.status.gss.bluecat
zone before assigning the DEFAULT HEALTH CHECK REGION. When this role is assigned to a region, theDefault.status.gss.bluecat
zone will be automatically created. - Only one region can have the DEFAULT HEALTH CHECK REGION role. You cannot configure both HEALTH CHECK REGION and DEFAULT HEALTH CHECK REGION for a single region.
- Do not create the
- SEPARATE VIEW—select this option for client regions where the RPZ will be applied to selected client IP addresses using a DNS view. GSS creates the DNS view, RPZ, and a TSIG key used for the management of this zone.
- Click Add to create a new region. Click
Update to update an existing region or click
Delete to delete the region.Note: You must remove all references to a region from application configurations before proceeding to delete the region.
Once you have created the necessary client regions, add authoritative DNS roles for the associated RPZ zones (Primary, Hidden Primary, Secondary or Stealth Secondary) to the servers where you will be adding RPZ options, and deploy the changes to the relevant servers.
Once you have created the required health check regions, add authoritative DNS roles for the associated Status zones. These roles should match those assigned to the RPZ in the same region.
Assigning client regions to health check regions
Once you have added DNS roles to both the client regions and health check regions, you must assign client regions to the health check region. This configures GSS servers in the health check region to update the RPZ for the assigned client regions.
Client regions are assigned to health check regions by creating a client_region TXT record in the status zone of the health check region. The value of the TXT record is the name of the associated client region. You can have multiple TXT records linking more than one client region to a single health check region.
Where the DNS roles on RPZs match the the roles configured on the associated Status zone and each health check region has a different DNS primary, the GSS Region Management workflow can automatically assign client regions to health check regions.
- Log in to BlueCat Gateway.
- Under AVAILABLE ACTIONS, click .
- Select the health check region to be updated.
- Click Rediscover Region.
If GSS can identify associated client regions, it links them to the health check region by adding the client_region TXT records. If GSS cannot identify the associated client regions, an error is returned.