Configuring Response Policies on DNS servers - Adaptive Applications - BlueCat Gateway - 24.1

Global Server Selector Administration Guide

Product name
BlueCat Gateway

DNS servers are configured to check a GSS RPZ zone before responding to queries. If an answer is found in the RPZ zone, the answer is returned instead of the standard response.

GSS updates a RPZ zone for each client region. A DNS server is typically configured with only one of these RPZ zones. If you are using DNS views with GSS, configure one RPZ zone per view and the relevant DNS roles for the RPZ zone must be assigned in the relevant view. The RPZ option workflow adds the required DNS roles to RPZ zones where these roles are not yet defined.

RPZ zone options are added at the View level. There are separate options for each server or group of servers.

Before you begin

Before proceeding to configure the response policy zones on DNS servers, verify that the GSS installation completed successfully and that the required client regions have been defined. For more information on verifying the GSS installation status, refer to Verifying the GSS installation.

To add a response policy option:
  1. In the left navigation, click DNSTrafficSteering > RPZ Option.
  2. Click Add to add a new RPZ.
  3. Under Server Type, select either Server or Server Group.
  4. Under Server, select the name of the server or server group.
  5. Under Region, select the client region that will be presented on this view and server.
  6. Click Save to add the response policy option or click Delete to delete the response policy option.

Once you click add, the response policy option is added to the view where the selected RPZ zone is located. The RPZ zone must be deployed to the selected servers.

The required DNS roles are added to the zones that do not have DNS roles defined. These roles are also added at the view level for client regions with a separate view. Authoritative roles are copied from the linked health-check zone and the primary role is set if no existing primary role is configured. For servers without existing roles, the Stealth Secondary role is added for the selected server or server group.