Get fast, resilient, and flexible DDI management with Integrity 9.6

Enterprises continue to undertake business transformation at breakneck speed. Meanwhile, network teams must keep up with the demand for core network services of DNS, DHCP, and IP address management (together known as DDI) to be fast, resilient, and flexible.

Indeed, research from Enterprise Management Associates shows that network engineers want a DDI management solution that can automate core networking tasks like discovering network and cloud infrastructure or DNS and DHCP server deployment and configuration.

BlueCat Integrity, now updated to version 9.6, provides centralized control of DDI and provides insight into the relationship between devices, users, and IP addresses across the enterprise. As BlueCat’s core offering, Integrity is comprised of our IP address management (IPAM) application, BlueCat Address Manager (BAM), and authoritative BlueCat DNS and DHCP Servers (BDDSes).

In this post, we’ll highlight three key new features of Integrity 9.6 that offer network teams even more speed, resilience, and flexibility to manage DDI and meet service-level agreements. With Integrity 9.6, network teams can now:

• Change the behavior of DNS resolution at the zone apex with new RFC-supported record types
• Flexibly architect and configure DNS
• Speed up time to access resources by automating IP assignments with dynamic updates of DHCP reservations

The power of new RFC-supported record types

To quickly deliver critical applications and services, network teams must break through the limits of how DNS records are traditionally used by looking at what can be achieved at the zone apex. It all starts with a purpose-built DDI management platform that can support an array of record types.

Integrity 9.6 provides admins with increased support and control over new RFC-supported DNS resource records. These include HTTPS, Uniform Resource Identifier (URI), and SVCB (Service Binding) records. Network admins can now keep up with the fast pace of change and innovation required in their service-level agreements.

Below is a summary of the new RFC-supported record types.

But first, watch this brief overview of Integrity 9.6’s support for additional RFC-supported DNS record types, providing more control and flexibility for network resolution.

Play video

HTTPS DNS records

HTTPS DNS records have become increasingly popular due to growing concerns around cybersecurity. These records allow an HTTP client to obtain more information about the origin of a hostname with fewer round trips before connecting.

In the current scenario, HTTP clients only resolve A and/or AAAA records for the origin hostname, which only provides its IP address. However, if an HTTP client learns more about the origin before connecting, it can upgrade http URLs to the more secure https, enable HTTP/3 or Encrypted Client Hello (ECH), or switch to a more operationally preferable endpoint. Certainly, minimizing the number of lookups required to obtain this additional information is beneficial.

Key benefits of using HTTPS records in your domain’s DNS setup include:

• Confidence in data privacy: Users can trust that their communication with your domain is secure.
• Improve resolution efficiency: Improve the efficiency of communication between clients and servers with fewer lookups required to resolve a DNS query.

URI DNS records

URI records are a DNS functionality that allows domain administrators to specify the exact path to a particular service or content piece within a domain. These records guide user requests with precision. For example, if an API needs to access a file stored on an FTP server, the URI record specifies the location of the file on the server using the FTP protocol. This might look like:

ftp://username:[email protected]/path/to/file.txt

The benefits of using URI DNS records include:

• Traffic management: Get in-depth control over directing requests to specified destinations, aiding in server load management.
• Error mitigation: Reduce user errors by ensuring requests reach the intended target without user-side URL manipulation.

SVCB DNS records

SVCB records are an advanced method to define and promote service attributes. Compared to SRV (service) records, they provide more flexibility and granularity. SVCB records contain a wide range of parameters like port numbers, priorities, and weights that can be used to connect to a service endpoint domain. With SVCB records, you can get detailed information about various ways to connect to the service and specify parameters. This might include the IPv4 hint and port number related to each endpoint.

SVCB records can also be treated like CNAME records at the zone apex, allowing administrators to conduct CNAME flattening. Where only A, AAAA, and MX records are allowed at the top-level domain name or apex, a CNAME-like record at the apex can be useful. This allows organizations to quickly switch cloud providers or direct traffic to a load balancer.

Integrity 9.6 now supports ALIAS mode with SVCB resource records to allow for CNAME flattening. This reduces the number of round trips required to establish a connection with resources.

Key benefits of integrating SVCB records into your domain’s DNS setup include:

• Consistent connection establishment: Direct clients and partners to the correct and most applicable service endpoints.
• Load balancing: Redirect DNS traffic evenly among available servers to improve response times and reliability.

Architect your way with flexible DNS server deployment models

Reliable and efficient service delivery depends on the configuration and deployment of DNS servers. With Integrity 9.6 and the addition of multi-primary DNS, network teams now have options to design and deploy beyond the primary and secondary DNS deployment model. Most importantly, DNS records propagate dynamically across servers in the group. This level of flexibility allows for a customized DNS deployment approach. Admins can tailor specific requirements for record synchronization within regions and across globally distributed networks.

BlueCat’s addition of multi-primary DNS gives us preferred flexibility on how we deploy BlueCat DNS servers in a region and is simple to configure in the UI and via API. In the face of any server failure, our mission-critical applications remain accessible.

Watch this overview of Integrity 9.6’s new multi-primary DNS configuration, which can enhance DNS infrastructure’s overall reliability, availability, and resilience.

Play video

No one-size-fits-all deployment model

There is no one-size-fits-all solution for DNS server deployment models. The choice will depend on the unique needs and objectives of your enterprise. Admins should consider potential resource utilization or latency requirements, all while balancing DNS record synchronization.

BlueCat customers can deploy a multi-primary server configuration (up to three servers in a group) to maintain resiliency under high traffic loads (especially dynamic DNS updates).

A BlueCat customer who is an enterprise healthcare provider said, “BlueCat’s addition of multi-primary DNS gives us preferred flexibility on how we deploy BlueCat DNS servers in a region and is simple to configure in the UI and via API. In the face of any server failure, our mission-critical applications remain accessible.”

Here are some questions that might help guide your decision:

• How critical is uptime for a specific regional deployment?
• What kind of traffic loads do you expect your servers to handle?
• How much complexity can your team manage?

Get ahead of failover or sync issues regardless of deployment model

Integrity 9.6 customers can now move beyond a reactive mindset when things go wrong.

The new Integrity 9.6 release features an extended SNMP management information base. Network teams can monitor zone transfer failures as SNMP traps and in a pollable SNMP table on BDDSes for external monitoring.

Additionally, an extended built-in monitoring of Address Manager can now poll the SNMP table of zone transfer failures on BDDS appliances. This allows for logging of events and, optionally, notification events (such as alerts) upon failure.

Furthermore, network teams can enhance their proactive alerting and root-cause analysis workflow by centralizing all infrastructure monitoring into BlueCat LiveAssurance. This allows admins to more rapidly identify and address sync and failover issues before they wreak havoc. For example, LiveAssurance can provide alerts on DNS connections and can extend into DHCP failover connection monitoring. The diagram below illustrates how LiveAssurance works.

Our domain expertise is codified into LiveAssurance. The platform knows what to look for, interrogating your systems to ensure they are healthy. This includes knowledge of the capabilities and features of the BlueCat implementation of DDI and its entire management layer. Learn more about five ways you can avert network downtime with LiveAssurance.

Accelerate IP reservations with automation

As more organizations embrace automation and virtualized computing, managing IP reservations for critical infrastructure has become increasingly complex. IT teams find it challenging to keep up with the ever-growing number of devices entering and leaving the network. The manual nature of this process often leads to delays and errors, making it difficult for IT to move at the speed of business.

Automation is critical for IP address provisioning, allowing us to spin up and down resources onto the network with remarkable speed and ease.

In the past, network teams had to manually pick out an IP address in a designated network. They then had to assign it to a MAC address for a new device and click to deploy the reservation. When the device went offline, it would require repeating these steps. This left admins under an avalanche of manual updates. This process also left the deployed device in limbo until the IP was provisioned, impacting critical service delivery and time–to-revenue.

Dynamic updates of DHCP reservations are a valuable capability that optimizes IP address assignment and improves overall service availability. It reduces the administrative burden on network teams, as they no longer need to manually re-deploy IP addresses to network resources as they come back online. The diagram below illustrates Integrity 9.6’s automated IP address provisioning.

By centralizing and automating the process, dynamic updates of DHCP reservations make network administration more efficient by:

• Minimizing network downtime
• Facilitating faster device connectivity
• Cutting down on manual record-keeping tasks
• Reducing the chances of IP conflicts and other related errors

As the BlueCat customer who is an enterprise healthcare provider noted, “Automation is critical for IP address provisioning, allowing us to spin up and down resources onto the network with remarkable speed and ease.”

Watch how Integrity 9.6’s support for dynamic updates of DHCP reservations helps accelerate access to resources the moment they are stood up.

Play video

Embrace the next level of DDI management with Integrity 9.6

With its new capabilities, Integrity 9.6 further empowers network teams to manage DDI with speed and reliability. It offers more flexibility to alter the behavior of DNS resolution at the zone apex. It allows flexible DNS architecture and configuration unique to your business needs. And it automates IP address assignments to expedite access to resources. Together, Integrity 9.6 addresses network teams’ pressing needs.

Upgrade to Integrity 9.6 today to redefine your approach to DDI management and help your network team accelerate digital transformation.