The cloud offers a whole new world of flexibility and functionality. But like every IT system, it comes with some tradeoffs. For all its advantages and promise, the cloud is yet another system that administrators have to manage and secure.
Decentralized or parallel management of DNS infrastructure between on-prem and cloud environments can result in a situation where the advantages of automation, DevOps, and other high-level functions actually become harder to achieve. If you’re using a default option for DNS such as Microsoft or BIND, managing resources in the cloud will only result in more custom work-arounds and Rube Goldberg solutions.
Complexity quickly becomes a significant issue when assets and compute are managed across different cloud platforms or between cloud and on-prem environments. Keeping track of overlapping zones and routing rules in particular can be an operational challenge. More often than not, administrators create a tangle of pathways to keep DNS up and running in the cloud, even if those pathways come with downsides for compliance or network efficiency.
That’s why BlueCat has a flexible, intelligent DNS resolution service to manage routing of cloud assets. Here’s how it works: within BlueCat’s DNS Edge, each data source is a DNS namespace. When DNS Edge is the first hop, it simply checks each source in whichever order the administrator chooses. If the answer isn’t returned from the first namespace, DNS Edge forwards the query to the next namespace in the priority order – this continues until an answer is found.
Another challenge is finding a solution which integrates well with your cloud provider(s) of choice. While some DNS companies pick a cloud partner to the exclusion of all others, BlueCat recognizes that most large enterprises use an “all of the above” approach to the cloud. That’s why our DNS management tools are available and certified on AWS, Azure, and Google Cloud Platform. We also work with many of the major providers of private clouds, allowing our customers to manage their DNS infrastructure wherever they please.
Security is a paramount concern for any network administrator, and the cloud adds yet another layer of infrastructure to worry about. Have you ever tried to implement DNSSEC using decentralized management through BIND or Microsoft tools? It’s not easy.
Implementing DNSSEC in BIND requires a series of onerous command-line changes to configure each server. Generating the DNSSEC keys, attaching them to the relevant machines, and testing the infrastructure takes a lot of time. Then you have to do it for every parent and child server in the network. When those parent and child servers cross multiple clouds, this can become an enormous task.
In Windows, implementing DNSSEC is similarly work-intensive. First, you sign a zone and verify that the signing scheme is operating correctly. Then you use “trust anchors” to distribute that signing scheme to the child zones. Unfortunately, those “trust anchors” won’t automatically adjust themselves when the parent zone is re-signed, requiring network administrators to constantly re-distribute “trust anchors” to the child zones when the parent signatures change. Again, doing this across parallel cloud and on-prem assets is very work-intensive.
In contrast, BlueCat’s enterprise approach to DNS makes implementation of DNSSEC ridiculously simple – in the cloud or anywhere else. In BlueCat’s unified DNS Integrity system, you check a box, and the DNSSEC scheme automatically populates throughout the zone. No command lines, manual distribution of trust anchors, or wondering whether it’s actually working. It just happens for the parent and child zones in one click.
Securing and managing DNS assets from the cloud doesn’t have to be difficult. With a centralized, automated, secure management platform, DNS can actually become an asset for your cloud deployment rather than a drag on functionality.
Learn more about BlueCat’s approach to DNS in the cloud.
8 Network Automation Tasks for Anyone to Get Started
Automating your network can be daunting, but the payoff is huge. Here are eight easy automation tasks to help any network engineer get started.
9.3 Integrity Deep Dive On-Demand Replay
Learn how you can get more security data, ramp up automation, and adopt cloud without compromising performance.
For DNS server caching, what is the ideal TTL?
Many factors affect how to set time to live (TTL) for DNS servers. Learn more, plus how BlueCat Edge’s TTL features can bolster your network.
Comparing AWS, Azure, and GCP cloud DNS services
The public cloud presents major challenges for DNS management. Examine various capabilities and limitations of Azure, AWS, and GCP with BlueCat.