Secure, cloud-managed network services through DNS

The cloud offers a whole new world of flexibility and functionality.  But like every IT system, it comes with some tradeoffs.  For all its advantages and promise, the cloud is yet another system that administrators have to manage and secure.

Reducing complexity

Decentralized or parallel management of DNS infrastructure between on-prem and cloud environments can result in a situation where the advantages of automation, DevOps, and other high-level functions actually become harder to achieve.  If you’re using a default option for DNS such as Microsoft or BIND, managing resources in the cloud will only result in more custom work-arounds and Rube Goldberg solutions.

Complexity quickly becomes a significant issue when assets and compute are managed across different cloud platforms or between cloud and on-prem environments.  Keeping track of overlapping zones and routing rules in particular can be an operational challenge.  More often than not, administrators create a tangle of pathways to keep DNS up and running in the cloud, even if those pathways come with downsides for compliance or network efficiency.

That’s why BlueCat has a flexible, intelligent DNS resolution service to manage routing of cloud assets.  Here’s how it works:  within BlueCat’s DNS Edge, each data source is a DNS namespace. When DNS Edge is the first hop, it simply checks each source in whichever order the administrator chooses. If the answer isn’t returned from the first namespace, DNS Edge forwards the query to the next namespace in the priority order – this continues until an answer is found.

Easing integration

Another challenge is finding a solution which integrates well with your cloud provider(s) of choice.  While some DNS companies pick a cloud partner to the exclusion of all others, BlueCat recognizes that most large enterprises use an “all of the above” approach to the cloud.  That’s why our DNS management tools are available and certified on AWS, Azure, and Google Cloud Platform.  We also work with many of the major providers of private clouds, allowing our customers to manage their DNS infrastructure wherever they please.

Implementing security

Security is a paramount concern for any network administrator, and the cloud adds yet another layer of infrastructure to worry about.  Have you ever tried to implement DNSSEC using decentralized management through BIND or Microsoft tools?  It’s not easy.

Implementing DNSSEC in BIND requires a series of onerous command-line changes to configure each server. Generating the DNSSEC keys, attaching them to the relevant machines, and testing the infrastructure takes a lot of time. Then you have to do it for every parent and child server in the network.  When those parent and child servers cross multiple clouds, this can become an enormous task.

In Windows, implementing DNSSEC is similarly work-intensive. First, you sign a zone and verify that the signing scheme is operating correctly. Then you use “trust anchors” to distribute that signing scheme to the child zones. Unfortunately, those “trust anchors” won’t automatically adjust themselves when the parent zone is re-signed, requiring network administrators to constantly re-distribute “trust anchors” to the child zones when the parent signatures change.  Again, doing this across parallel cloud and on-prem assets is very work-intensive.

In contrast, BlueCat’s enterprise approach to DNS makes implementation of DNSSEC ridiculously simple – in the cloud or anywhere else. In BlueCat’s unified DNS Integrity system, you check a box, and the DNSSEC scheme automatically populates throughout the zone. No command lines, manual distribution of trust anchors, or wondering whether it’s actually working.  It just happens for the parent and child zones in one click.

Securing and managing DNS assets from the cloud doesn’t have to be difficult.  With a centralized, automated, secure management platform, DNS can actually become an asset for your cloud deployment rather than a drag on functionality.

Learn more about BlueCat’s approach to DNS in the cloud.


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Banner announcing BlueCat's acquisition of LiveAction, displaying both logos and the phrase "We're about to get bigger."

BlueCat acquires LiveAction to drive network modernization and optimization

BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.

Read more

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

BlueCat has acquired LiveAction

It’s official! BlueCat has acquired LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.