The GSS workflow uses dynamic DNS updates to perform updates and uses the Address Manager API to retrieve configuration information. If you plan to configure an ACL update schedule in GSS, the GSS application must have valid Address Manager API credentials configured for use with the GSS workflow. The BlueCat Gateway user account must have API access to Address Manager, read access to IPAM data and region tags, and full access to DNS ACLs. This account can be an Administrator account.
When GSS performs updates using dynamic DNS, the updates from GSS are authenticated using
the TSIG key. To enable this, the GSS workflow requires the following:
- GSS must be configured with the correct DNS server IP address of a DNS server
that can resolve the
gss.bluecat
zone. - The clock on the GSS server and Primary DNS server must be synchronized.