DNS Automation: Internet breakout and SD-WAN domains

All the modular layers of today’s corporate networks – clouds, data centers, branch office connections, and SD-WAN controllers – have their role to play in delivering a functional network.  Yet navigating applications and services through this jumble of environments can be extremely difficult.

When cloud applications, security services, and other network tools try to connect to the services they need, there usually isn’t a single central network directory which can take them to the right place. Since those services are constantly shifting locations, finding a way to keep connections current is critical to maintaining uptime.

Intelligent forwarding with DNS

BlueCat’s uniquely designed intelligent forwarding functions can cut through some of this complexity.  BlueCat Edge acts as the device facing response layer or “first hop” connection.  Network administrators can use BlueCat’s place on the network to optimize internet access to outside services, either through direct connections (an “internet breakout”) or by routing the query back to a home office data center.

This intelligent DNS functionality has a particularly compelling use case for organizations that want to steer service connections away from costly MPLS network backhauls through a local “internet breakout”. This offers a more elegant solution in comparison to the use of deep packet inspection in SD-WAN to direct internet connections.

Administrators can set up routing rules in BlueCat’s platform to resolve directly to trusted external services such as Office 365, Salesforce, or Dropbox.  Rules are also available for internal services as well, routing queries either back to a central datacenter or to regional nodes.  All of these routing controls coordinate with SD-WAN controllers to resolve trusted traffic directly to service providers.

BlueCat delivers consistent policy across internal and external access points. Using the power of service points, these policies can be deployed anywhere, including the Data Center, Campus, or Branch, to deliver sophisticated LAN side services that facilitate internet breakout.

Keeping track of trusted connections

There is one slight operational hitch which needs to be accounted for.  The domains used by cloud services are rarely static.  As the underlying IP addresses are updated, load balanced, and taken offline for maintenance, DNS must adjust so queries resolve and SDWAN routes correctly.

To avoid outages and maintain direct connections to trusted cloud services, BlueCat receives automatic updates as the underlying domains are changed.  Doing this manually would be a significant headache.  Office 365 alone uses over 100 constantly shifting domains.  It would also require constant real-time vigilance, as service providers often switch up domains on the fly with little to no advance notice.

Automation to the rescue

Enter Absorbaroo, an automation workflow designed by BlueCat to maintain direct connections to trusted cloud services.  Here’s how it works:

  • Absorbaroo maintains a constant watch on third party sites for domain change notifications, checking at intervals defined by the network administrator.
  • When services post a notification, Absorbaroo downloads the new domain list automatically
  • The domain list is pushed through a whitelist into the SDWAN system, updating the resolution data for all of the client devices covered by that BlueCat service point.
  • SDWAN sees the resolution on a mutually held white list and allows the connection to be routed directly out to the trusted service.

The example workflow posted on our BlueCat Labs GitHub repository uses Office 365 and Cisco Meraki SD-WAN controllers, but the framework can be adjusted for use with any third-party service where internet traffic needs to be managed.

Want to learn more about how BlueCat enables traffic steering?  Check out our intelligent DNS video.


Published in:


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Micetro 11.1 boosts DHCP management for Cisco Meraki SD-WAN

Learn how BlueCat Micetro 11.1 can help you overcome the limitations of Cisco Meraki SD-WAN devices to manage your distributed DHCP architecture.

Read more
Banner announcing BlueCat's acquisition of LiveAction, displaying both logos and the phrase "We're about to get bigger."

BlueCat acquires LiveAction to drive network modernization and optimization

BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.

Read more

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

BlueCat has acquired LiveAction

It’s official! BlueCat has acquired LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.