Disaster Recovery: BlueCat DNS to the Rescue
A BlueCat customer discusses why organizations can’t afford to overlook DNS, DHCP and IPAM when planning for a disaster.
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.The article explains why DNS, DHCP and IP Address Management (IPAM) must be integral to disaster recovery planning, describing a customer’s migration from fragmented Microsoft/BIND implementations and Excel-based IP tracking to a resilient BlueCat architecture. It outlines the operational challenge of geographically dispersed sites and how consolidating primary/secondary DNS, unified DHCP scopes, and centralized IPAM (BlueCat Address Manager) reduced complexity, improved visibility, and enabled automated failover. The outcome: fully tested, redundant services across multiple data centers that maintain connectivity during failover with minimal human intervention, aligning with company disaster recovery objectives.
Why are DNS, DHCP and IPAM often overlooked in disaster recovery plans, and what problems did that cause for the customer in the article?
DNS, DHCP and IPAM tend to be overlooked because teams assume basic server-based implementations (e.g., Microsoft or BIND) and manual spreadsheets are sufficient, and many organizations avoid testing failover scenarios. For the customer, this led to a fragmented environment: DNS running on many domain controllers across sites, DHCP split awkwardly across two servers managing over 100 scopes, and IP addresses tracked in Excel. That configuration increased management complexity, hindered rapid failover, and meant the company’s existing setup would not support a quick, reliable disaster recovery operation.
How did BlueCat’s solution change the customer’s architecture for DNS, DHCP and IPAM?
BlueCat enabled the customer to consolidate and simplify services by deploying primary and secondary DNS servers following BIND standards, reducing the DNS footprint to one server per data center and select geographic locations. IPAM (BlueCat Address Manager) was deployed with primary and failover instances housed in the main data center and the DR site, eliminating Excel-based tracking. DHCP scopes were managed centrally within the Address Manager interface, allowing split scope configurations to be administered as single scopes and enabling DHCP to run on the same servers used for internal DNS, providing unified management and visibility across services.
What operational benefits and outcomes did the customer achieve after implementing BlueCat?
The customer achieved centralized management of DNS, DHCP and IPAM, removing the need for spreadsheets and disparate servers, and gaining an automated view of DNS records and DHCP clients via BlueCat Address Manager. The architecture delivered high resilience and redundancy across multiple data centers, simplified failover (which was fully tested), and eliminated service loss during failover. Monitoring within BlueCat provided automated failover without human interaction, aligning the solution with the company’s disaster recovery goals and giving management confidence that connectivity would be preserved during incidents.
In this post, a BlueCat customer discusses why organizations can’t afford to overlook DNS, DHCP and IPAM when planning for a disaster, and why a resilient architecture matters.
Almost all enterprise-class companies have a disaster recovery plan, and multiple teams and parts of the business have invested many hours working together to come up with the perfect plan. But no company ever wants to put a disaster recovery plan into action, and many companies dislike even the thought of testing that plan. There are two major areas of a disaster recovery plan that are often overlooked – DNS and DHCP core services – and one that is almost never considered – IP Address Management (IPAM) and tracking.
With most out-of-the-box DNS, DHCP and IPAM solutions, options are very limited. Any company moving up from a medium-sized business to a full enterprise either leverages Microsoft or some flavor of BIND for DNS and DHCP. And they typically use an Excel spreadsheet to track the IP addresses. Now fast-forward to a time when disaster recovery planning begins and you and your engineers must plan for the worst-case scenario. In my company’s case, we have sites around the US (including Hawaii), a primary data center, a disaster recovery site, and a third site for the IT staff. This presents a near nightmare for IT.
Initially, our configuration was a Microsoft solution for both DNS and DHCP, and it wasn’t pretty. We leveraged DNS on every domain controller (4 in our main data center, 2 in our backup site, and 4 in various geographically diverse facilities throughout the country. Our DHCP solution was even worse, with simply two servers, and each of 100 plus scopes spread between the two servers. As for IP address management, it was a good ol’ Excel spreadsheet to the rescue (oh yeah, and we backed it up to someone’s cloud storage for good measure).
In planning the conversion to a company-wide disaster recovery plan, we came to the realization that our current setup was not nearly good enough, nor would it allow for a quick failover should we ever be forced to perform one. We evaluated several vendors, but there was one thing BlueCat did particularly well – everything. Through the use of primary and secondary DNS servers adhering to BIND standards, we were able to reduce our service footprint to a single DNS server at each data center, one in our IT staff office, and 2 at our largest facilities which are geographically strategic. With the IPAM management console allowing for primary and failover as well, we are able to house one in our main data center, and one in our DR site. This solution also worked for our external DNS: we have one DNS server at each location for external DNS as well.
With BlueCat, DHCP proved to be an even easier solution than we thought. While the system still splits the DHCP scopes in half, we no longer have to manage them all separately on different servers. We now log in to one interface (BlueCat Address Manager™) and can manage them as single scopes. This allows for us to leverage the same server for DHCP as we do for internal DNS, with one at each site. The added benefit here is we can actually see which clients are leveraging DHCP by way of the Address Manager interface, which ties all of our DNS and DHCP together into one very simple to use management interface.
BlueCat Address Manager gives us the ability to centrally manage our network without Excel spreadsheets, or Access databases. This solution gives us not only an automated way to view our DNS records, or see which clients are using DHCP, but also a highly resilient solution that is in line with our company’s disaster recovery initiatives and fully redundant across multiple data centers.
Not only does BlueCat give our company the protection we require on paper, but the solution works. Not many companies are in a position to put their business connectivity at risk by shutting off their primary DNS and DHCP services, but we have fully tested the implemented solution, and much to management’s surprise, the solution works exactly as architected. We do not lose any service as a result, and failover could not be easier. Everything is monitored within the BlueCat systems and provides the failover with no human interaction, which in the case of disaster recovery is a very good thing.
Published in:
BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.
Related content
How to map your network with user-defined links in Integrity X
Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.
Automate your DDI modernization path by migrating with Micetro
Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.
Your journey to intelligent NetOps begins at Cisco Live
Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.
Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)
Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.