Configuring Response Policies on DNS Cache servers - Adaptive Applications - BlueCat Gateway - 21.1

Global Server Selector Administration Guide

Product name
BlueCat Gateway

DNS Cache servers are configured to check a GSS RPZ zone before responding to queries. If an answer is found in the RPZ zone, the answer is returned instead of the standard response.

GSS updates a RPZ zone for each region. A DNS Cache server is typically configured with only one of these RPZ zones.

RPZ zone options are added at the View level. There are separate options for each server or group of servers. If required, it is possible to use multiple views with different RPZ zone options configured on a single server; however, this creates a complex configuration and the relevant RPZ zone must be made available in each view.

Before you begin

Before proceeding to add the response policy items, verify that the regional zones (<region>.rpz.gss.bluecat) have been deployed to their respective servers.

To add a response policy option:
  1. Select the DNS tab.
  2. Select the name of the view where the GSS Adaptive Application will interact with Address Manager.
  3. Select the Deployment Options tab.
  4. Under Deployment Options, select New > DNS Raw Option.
  5. In the Value field, enter the following Raw Option:
    response-policy {zone "<region>.rpz.gss.bluecat";} recursive-only no max-policy-ttl 60 break-dnssec no qname-wait-recurse no; 

    Where <region>.rpz.gss.bluecat represents the regional RPZ zone that you will be deploying to.

    The configured servers must have Secondary DNS roles for the <region>.rpz.gss.bluecat zone before deploying the Raw Option.

  6. Under Servers, click Specific Server and select the specific server that the regional RPZ zone is deployed to.
  7. Click Add to add the DNS Raw Option.

Create DNS Raw Options for each regional RPZ zone that you have configured. Once you have created the DNS Raw Options for each region, perform a deployment to the specified servers.