Once you have configured the DNS settings in Address Manager, you can proceed to configure the GSS workflow. When you first install GSS, the GSS installation workflow proposes and applies the required configuration in Address Manager.
- Log in to BlueCat Gateway.
- In the left navigation, click .
- GSS adds the following two User-Defined Fields (UDFs) to the Address Manager
object schema:
- Tag Object data—the data optional text field is added to the Tag object type. GSS uses this UDF to store the type of region, such as client, answer or both, on the tag objects that represent health-check regions.
- Resource Record GSS—the GSS workflow link
field is added to the Resource Record object type. This field adds an
optional cross-launch link to the DNS resource record objects that
launches the GSS application user interface, and selects between
standard GSS functionality and the more limited NAT workflow.Note: The base URL of the GSS installation page is used as the base URL of the cross-launch link. BlueCat recommends accessing GSS using the preferred name when creating the UDFs.
If the required UDFs do not exist, the GSS installation workflow offers to add them.
Click OK to add the required UDFs.
- GSS is used in a single configuration with a selected default DNS view in
Address Manager. If you have not selected the configuration and DNS view that
GSS is used in, the GSS installation workflow offers to configure them.
- Under Configuration, select the Address Manager configuration that GSS will use.
- Under View, select the DNS view that GSS will use.
Click OK to confirm the selection.
GSS creates and links tag objects Configuration to the selected Address Manager configuration and View to the selected DNS view.
- Where GSS uses separate DNS views to provide different answers based on client
IP address, these views are configured to share a single cache for DNS
resolution. To ensure consistent policy configuration between these views, you
must configure the same maximum cache size for all of these views. GSS allows
you to set a fixed maximum cache size for all views by adding a DNS deployment
option at the Configuration level in Address Manager.
- Select the Set maximum cache size option on configuration level checkbox to configure a maximum cache size.
- Under Value, enter the maximum cache size value
in MB. By default, the maximum cache size is 2048 MB.Note: Setting the value to 0 indicates that there is no limit on the cache size.
Click OK to confirm the selection.
- GSS uses a locally configured shared TSIG key to authenticate communication with
authoritative DNS servers. If multiple DNS views are configured, multiple TSIG
keys are generated for the configured TSIG key.
If no local TSIG key has been configured, GSS offers to configure one. If TSIG keys are found in Address Manager, you can a TSIG key that is compatible with GSS. If no TSIG keys are found in Address Manager, GSS offers to create a new key named gss-key.
Select the TSIG key that you would like to use and click OK.
The selected key is linked to a TSIG key tag in Address Manager and will automatically be selected when installing further instances of GSS. GSS adds view-level DNS options Allow Dynamic Update and Allow Zone Transfer to enable GSS to perform dynamic updates and zone transfers with this TSIG key, but only when these options have not yet been configured at the view level.
- From the GSS installation, you can create and select a health-check region to
install. Under GSS Region, enter the health-check region
to install.
If the required zones have not been created in Address Manager, the GSS installation workflow automatically creates the
status.gss.bluecat
andrpz.gss.bluecat
zones for the health-check region configured.Click OK to confirm the selection.
- If the required GSS zones have not been deployed, you can perform a manual
deployment to the required DNS/DHCP Servers from the GSS installation
workflow.
Click OK to confirm the deployment.
Once the required settings have been configured, the standard GSS installation workflow is displayed. For more information on the standard GSS installation workflow, refer to Setting up the GSS workflow.
Each instance of GSS belongs to a health-check region. While the configuration is shared
and global, health-checks are performed and the state is maintained separately in each
health-check region. Each health-check region manages the DNS response for a different
set of client regions. You can deploy the GSS application in multiple regions to provide
region survivability for the GSS health-check service. Each health-check region
corresponds to a health-check zone in DNS name
<region>.status.gss.bluecat
.
A special health-check region named Default is responsible for updating the standard DNS response given where either no client region is configured, or the configured client region has no available servers. If you would like to update GSS to update the standard DNS response for your applications, choose one of your health-check regions that will perform this function and select the name Default for this health-check region.
If a health-check region has not yet been selected, you must select one. You can either select one from existing health-check regions or enter the name of a new region.
If you enter the name of a region that does not exist, a new health-check region is created through the creation of the relevant health-check zone.
When there are no DNS roles defined at the zone level for the selected health-check zone, the GSS workflow can add them. This is optional if appropriate roles are inherited but can be useful where a regional DNS primary server has been selected to provide regional survivability for the GSS service.