Extend SD-WAN benefits with enterprise-grade DNS

The centralized, automated controls of SD-WAN bring huge time- and cost-savings to network management.

Yet SD-WAN doesn’t exist in a vacuum. To reap the full benefits of SD-WAN, you need consolidated and automated core network infrastructure on the back end.

Specifically, SD-WAN platforms use virtual appliances that have to reach back into the network for DNS namespaces, IP addresses, and DHCP scopes. When they do so, they need fast and precise data. A DNS enterprise management tool helps make that speed and accuracy possible.

In this post, we’ll first cover the SD-WAN basics. Next, we’ll examine the important role that a DNS enterprise management tool plays in implementation. Finally, we’ll look at how the unique features of the BlueCat platform can help.

What is SD-WAN?

SD-WAN is an acronym for a software-defined wide-area network.

Traditionally, global WANs use thousands of routers that talk to each other over long distances. Each one of those routers with a WAN connection is configured manually in its physical location by network admins. This work takes time and is error-prone.

By using a software-defined approach to wide-area networks, SD-WAN simplifies router configuration. One admin, using a central management portal, can implement business rules or changes. And they can be instantly applied across the entire WAN.

Typically, routers simply route traffic based on IP addresses and access control lists. However, SD-WAN routes traffic based on centrally managed priorities, security requirements, and business rules. The result is more intelligent network routing. But, as we’ll discuss more in a moment, it requires an automated way to provision and control those IP addresses.

What is SD-WAN?

Zero-touch provisioning

Zero-touch provisioning of DNSDHCP, and IPAM resources is critical to the success of any SD-WAN initiative. By using zero-touch provisioning, admins can configure new router devices centrally and efficiently. Software and configuration tools are downloaded automatically when a router is physically installed.

Working with cloud and transport services

Traditional WAN technologies are not cloud friendly. They tend to use a hub-and-spoke model for routing traffic to the cloud. Queries are sent from branch offices through the network core.

That extra transporting—called backhauling—degrades network performance and results in poor user experience. Plus, it usually involves costly leased MPLS (Multi-Protocol Label Switching) lines.

On the other hand, an SD-WAN solution can securely and efficiently connect application traffic using connections optimized to reduce latency. It doesn’t matter whether applications are hosted in a data center or a private or public cloud.

Furthermore, SD-WAN operates across a multitude of transport services, including LTE and broadband internet. Hybrid WAN solutions can also allow enterprises to hang on to older—but often more expensive—routing techniques, like MPLS.

Enterprise DNS management is fundamental to SD-WAN

DDI integrates the three core networking components of DNS, DHCP, and IPAM into one management solution. You can build the foundation of your SD-WAN initiative with a centralized and automated DDI system.

But why should you do so?

Get answers at machine speed

Firstly, a DDI solution delivers the automated, self-service provisioning that SD-WAN needs to operate at its designed speed.

It’s not enough just to be accurate. SD-WAN requires automated answers—not answers that come at the speed of a help desk. The database of IP addresses and DHCP scope has to be fast. (DHCP scope means the range of IP addresses available for assigning or leasing to client devices on a subnet.)

Unlike Microsoft DNS and BIND, BlueCat DDI offers full support for automation. Our systems run at machine speed. We won’t slow down your SD-WAN by running it through a manual back-office support system.

A single source of truth

Secondly, an enterprise DNS platform provides a single, authoritative source of truth for IP addresses and DHCP scopes. It avoids the inevitable errors and overlapping spaces that result from decentralized management. Or worse, from trying to map it with an IP address spreadsheet.

Direct control of traffic patterns

Thirdly, leading SD-WAN solutions often add a proxy layer. As a result, network administrators can’t fully control and optimize traffic patterns. Using DNS to steer traffic reduces the complexity, network latency, and business risk associated with many of these solutions.

Therefore, traffic steering with an enterprise tool puts network admins back in direct control. It eliminates the need for a proxy layer to resolve DNS queries.

How BlueCat can help with SD-WAN

To be sure, we’re not an SD-WAN solution vendor. But the BlueCat platform optimizes your core network infrastructure for implementing SD-WAN. (By the way, this is also true for other IT transformation initiatives, like cloud migration or automation.)

Traffic steering cuts through the complexity

The unique traffic steering capability of the BlueCat platform can help reduce SD-WAN complexity for internet breakouts.

Our platform acts as the device-facing response layer or “first-hop” connection. Network admins can use BlueCat’s place on the network to optimize internet access to outside services. You can do it through direct connections or by routing the query back to a central data center or home office.


Our Intelligent Forwarding feature allows enterprises to steer service connections away from costly MPLS backhauls through a local internet breakout. BlueCat offers a more elegant approach compared to using deep packet inspection in SD-WAN to direct internet connections.

Admins can set up routing rules in BlueCat’s platform to resolve directly to trusted cloud and SaaS applications. Rules can also be made for internal services, routing queries back to a central data center or regional nodes.

All of these routing controls coordinate with SD-WAN controllers to resolve trusted traffic directly to service providers.

Additionally, BlueCat integrations with Cisco tools like Cisco Umbrella allow security admins to deploy consistent security policies across SD-WAN controllers. It’s no matter whether the access points are internal or external. Service points can deploy these policies anywhere to deliver LAN-side services that facilitate internet breakout.

Furthermore, we’ve even accounted for cloud services’ constantly changing domains with an automation workflow available on our GitHub lab. It downloads new Office 365 domain whitelists and syncs them to the BlueCat platform and Cisco Meraki SD-WAN.

Get your network optimally primed

Undoubtedly, the benefits of WAN optimization are clear. Software-defined WAN brings admins agility through simpler and centralized networking configuration and policy management. It works with the cloud and multiple transport services, increasing network performance. Not to mention that it lowers IT costs overall.

Consider this metaphor: Adopting a healthy diet is a fundamental underpinning to meet that lifelong goal of running a marathon. Could you forgo it and forge ahead without it, sticking with your tried-and-true pizza and burger habit? Probably.

But what happens if you opt for veggies and lean proteins instead? Does that put you in a much better position to more smoothly and easily meet your end goal? Absolutely.

BlueCat’s DDI management tool is the veggies and lean protein of your network. With BlueCat, you can get your network optimally primed for any number of big network improvement goals. Including SD-WAN.

An avatar of the author

Rebekah Taylor is a former journalist turned freelance writer and editor who has been translating technical speak into prose for more than two decades. Her first job in the early 2000s was at a small start-up called VMware. She holds degrees from Cornell University and Columbia University’s Graduate School of Journalism.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more