Prerequisites - BlueCat Cloud Resolver - 1.5.0

BlueCat Cloud Resolver Administration Guide

Locale
English
Product name
BlueCat Cloud Resolver
Version
1.5.0

Before installing Cloud Resolver, ensure that the following requirements are met:

Environment requirements

In addition to installing Cloud Resolver, you must also have the following environments:
  • You must have a valid Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) subscription.
  • You must have a BlueCat Edge environment.
Cloud Resolver uses the default system DNS resolver to access the API endpoints of Cloud Service Providers (CSPs). For Linux installations, it uses the /etc/resolv.conf file and for Docker installations, it uses the Docker network settings.
  • When Cloud Resolver is deployed in Azure, the default DNS resolver is the Azure DNS IP address of 168.63.129.16.
  • When Cloud Resolver is deployed in AWS, the default DNS resolver is the .2 IP address of the VPC.

Platform requirements

Cloud Resolver can be deployed on one of the following platforms:
  • One of the following Linux-based server operating system:
    • Debian 10 (Buster) or later
    • Ubuntu 20.04 LTS or later
    • RedHat Enterprise Linux (RHEL) 7 or later
    • CentOS 7 or later
    Note: The platform can be physical, virtual, or cloud-based, such as an EC2 instance or VM.
  • Any platform that supports the deployment of Docker containers.

The host machine must have at least 2 CPU cores, 4 GB of RAM, and 20 GB of disk space.

If Cloud Resolver is running systemd-resolved or any other service that listens on port 53, you must disable and stop that service. To disable and stop the systemd-resolved service, run the following commands:
sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved

Installation requirements

The platform that has Cloud Resolver installed must have the following:
  • It must be capable of resolving and routing traffic to the cloud provider API endpoints. Endpoints vary based on the Cloud Service Provider and can be accessible through a proxy.
  • It must be capable of resolving and routing to public internet locations. These can be accessible through a proxy.
  • The Linux platform must allow for the installation of an OS-appropriate installation package as root. The installation packages are as follows:
    • .deb package for Debian/Ubuntu
    • .rpm package for RHEL/CentOS
  • The Docker container platform must allow for the retrieval of a Docker image from a public Docker registry.

Network requirements

Ensure that the following ports are open on the host machine or firewall to Cloud Resolver:

Source Destination Source Port Destination Port Protocol Notes
BlueCat Cloud Resolver Cloud DNS server Ephemeral port 53 TCP and UDP For outbound DNS traffic.
Cloud DNS server BlueCat Cloud Resolver Ephemeral port 53 TCP and UDP For inbound DNS traffic.
BlueCat Cloud Resolver Cloud APIs Ephemeral port 443 TCP For API access to the Cloud environment, such as AWS, Azure, or GCP, and API access to BlueCat DNS Edge.
Client device BlueCat Cloud Resolver Ephemeral port 8080 TCP For simple TCP checks to determine whether the service is live.
Client device BlueCat Cloud Resolver Ephemeral port 8090 TCP For verifying whether Kubernetes service is ready.
Client device BlueCat Cloud Resolver Ephemeral port 9000 TCP For accessing the Cloud Resolver web delivered diagnostics. For more information on Cloud Resolver diagnostics, refer to Viewing the Cloud Resolver diagnostics endpoint.
Client device BlueCat Cloud Resolver Ephemeral port 9050 TCP For creating a snapshot of the current DNS zone and resource record information, and configuration information of Cloud Resolver. For more information on snapshots, refer to Creating a snapshot.
Client device BlueCat Cloud Resolver Ephemeral port 9090 TCP For pulling data to Prometheus.
If you are using RHEL, you must allow the ports listed through the local firewall by modifying the firewalld service. To allow services and ports on the local firewall, run the following commands:
firewall-cmd --add-service=dns
firewall-cmd --add-port=9000/tcp
firewall-cmd --add-port=<listed_port>/<protocol>
...
firewall-cmd --runtime-to-permanent