Enhance DNS control with BlueCat Edge SPv4

With a multi-service architecture, BlueCat Edge SPv4 now supports simultaneous add-on modules for security, networking, cloud, and branch offices.

Since its inception, BlueCat Edge has revolutionized DNS visibility and control at the network edge.

With unprecedented access to DNS query and response data, network teams can establish smarter network policies, optimize traffic, and meet stringent compliance and logging requirements.

Now, a new version of Edge, called Service Points 4, or SPv4, significantly enhances Edge’s capabilities. It offers a multi-service architecture that supports simultaneous deployment of add-on modules, customizable to your enterprise’s needs.

This post will first touch on the core offerings of BlueCat Edge. Then, it will explore Edge’s new multi-service, single platform architecture with SPv4 and the four add-on services currently available. Finally, it will look at the broader benefits of this architecture approach and how you can get started with SPv4 at your organization.

Screenshot of the BlueCat Edge user interface depicting an overview of network IP activity

Service Points: The foundation of advanced DNS visibility and control

As the first hop of any DNS query, Edge uses client-facing Service Points to intelligently direct DNS traffic, tame conditional forwarding rules, block malicious DNS queries, and help monitor and collect DNS query and response data for diagnostics and investigations.

Diagram of how BlueCat Edge Service Points work

Network teams can improve performance with optimized DNS resolution paths, prevent downtime by centralizing resolution, simplify migrations from legacy systems using Intelligent Forwarding, deploy on physical or virtual appliances or in the cloud, and log complete contextual information.

Edge has also supported add-on services like security intelligence feeds or branch office management. But versions 3.x and earlier were built on a single-service architecture. Edge performed its core capabilities with the ability to support only a single add-on, which limited what network teams could do.

Four add-on services now available with SPv4

BlueCat’s reengineered Edge deployment is divided into two components:

    1. The upgraded Service Point platform; and
    2. The services that you choose deploy onto it

Screenshot of the BlueCat Edge Service Points 4 (SPv4) user interface

With SPv4, you can use the Edge management console to deploy add-on modules. And with SPv4’s multi-service architecture, you can employ those modules simultaneously.

The BlueCat Edge base offering provides core features as a DNS resolver. But additional modules—available for security, networking, cloud, and Branch DDI—have transformed Edge into a multi-service, single-platform solution that provides unprecedented visibility and control of DNS traffic to optimize and secure your network.

Now, the multi-platform flexibility of SPv4 allows network teams to, for example, deploy one Service Point for DNS and security while using another for cloud resolution. With little effort, your DNS service delivery plans can be highly strategic and regionalized.

Below are more details about the four add-on service modules currently available.

Security and identity

With the security and identity add-on, you get:

  • Machine learning to better protect your network and detect DNS anomalies, such as domain generation algorithms (DGAs)
  • The ability to obtain user identity information from Active Directory for both internal and external DNS queries, including the identity of potential attack sources, and view it in the Edge UI (external DNS identity information is aided by integration with Cisco Umbrella)
  • Enhanced policy enforcement and management to block, redirect, or monitor DNS requests based on client devices and resources accessed
  • Advanced analytics and forensics of DNS traffic to allow for faster remediation
  • 14 days of DNS log data, stored in the cloud, to detect suspicious patterns and activity and support breach investigations, with longer periods available for additional cost
  • Integration with your existing Security Information and Event Management tool


With the networking add-on, you get:

  • Unlimited DNS namespaces
  • The ability to retry namespaces in the event of downstream resolver failures
  • Seven days of DNS log data, stored in the cloud, with longer periods available for additional cost


With the cloud add-on, called Cloud Resolver, you get:

  • Our cloud-native DNS resolver, which can provide immediate resolution to and across any cloud and on-premises network
  • Discovery of all DNS zones in the cloud and creation of one BlueCat Edge namespace for any endpoint in the cloud to resolve against
  • Compatibility with major cloud service providers, ensuring that endpoints can resolve across AWS, Azure, and Google Cloud Platform

Branch DDI

With the Branch DDI add-on, you get:

  • Our solution for multiple brick-and-mortar branch locations that can deploy secure and compliant local DNS on existing branch network infrastructure, extending resiliency
  • Local internet breakout
  • A cloud-based console for IP address management, including granular endpoint and geo-analysis of all onsite traffic
  • 30 days of DNS log data, stored in the cloud, with longer periods available for additional cost
  • Deployment to branch hardware, including the Cisco ENCS 5000 Series
  • Coming in a future release: The ability to deploy secure and compliance local DHCP on existing branch network infrastructure, in addition to DNS

In addition, Edge’s multi-service, single-platform design can support additional service modules that may be released in the future.

The benefits of a multi-service platform

Orchestrating various modules using a multi-service platform architecture offers several benefits to enterprises.

  1. Scalability and flexibility: You can avoid over- or under-provisioning by making regional adjustments to DNS services to improve efficiency. Swapping out individual services improves response times for changing user and endpoint requirements and decreases the time needed to re-architect and re-deploy.
  2. Cost savings: You can deploy DNS services independently or concurrently with other services. This can reduce costs and accelerate deployments. Test individual DNS services separately and then combine them, all without having to manually manage deployment and communication between them.
  3. Resilience: You can use native DNS platform load balancing to handle multiple services and potential failures based on demand. Automatically direct traffic to healthy services and isolate unhealthy ones.
  4. Security: You can foster a zero-trust DNS environment that enhances network security and bolsters the trustworthiness of your network. Keep malicious domains at bay with domain control lists and real-time threat updates. Enforce policies with Intelligent Forwarding and traffic steering. Ward off DNS tunneling, find your most compromised network endpoints, and detect DGA attacks.

Ultimately, investing in a multi-service platform such as Edge allows network teams to focus on driving optimization. In turn, your entire enterprise can innovate faster in an era of rapid change.

Ready for BlueCat Edge with SPv4?

If you’re ready for BlueCat Edge with SPv4, refer to the table below to learn what your next steps should be.

If you are new to and interested in Edge: If you are a current BlueCat Edge customer: If you are a Cisco customer:
Learn more about BlueCat Edge or dig deeper into Service Points via our DNS Edge User Guide. Contact your account representative or Customer Success Manager, or email our support team, to learn how you can upgrade to v4. BlueCat is a SolutionsPlus partner and our solutions are available on Cisco’s Global Price List. Inquire about Edge through your organization’s Cisco fulfillment chain.

An avatar of the author

Scott Penney has been immersed in security technologies and strategies for the last 25 years. As BlueCat’s Senior Director for Edge Product Management, his current focus is driving new and innovative resolution and security capabilities for DNS as customers embrace hybrid and multi-cloud strategies.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more