Secure, cloud-managed network services through DNS


November 6, 2018

The cloud offers a whole new world of flexibility and functionality.  But like every IT system, it comes with some tradeoffs.  For all its advantages and promise, the cloud is yet another system that administrators have to manage and secure. 

Reducing complexity

Decentralized or parallel management of DNS infrastructure between on-prem and cloud environments can result in a situation where the advantages of automation, DevOps, and other high-level functions actually become harder to achieve.  If you’re using a default option for DNS such as Microsoft or BIND, managing resources in the cloud will only result in more custom work-arounds and Rube Goldberg solutions.

Complexity quickly becomes a significant issue when assets and compute are managed across different cloud platforms or between cloud and on-prem environments.  Keeping track of overlapping zones and routing rules in particular can be an operational challenge.  More often than not, administrators create a tangle of pathways to keep DNS up and running in the cloud, even if those pathways come with downsides for compliance or network efficiency. 

That’s why BlueCat has a flexible, intelligent DNS resolution service to manage routing of cloud assets.  Here’s how it works:  within BlueCat’s DNS Edge, each data source is a DNS namespace. When DNS Edge is the first hop, it simply checks each source in whichever order the administrator chooses. If the answer isn’t returned from the first namespace, DNS Edge forwards the query to the next namespace in the priority order – this continues until an answer is found.

Easing integration

Another challenge is finding a solution which integrates well with your cloud provider(s) of choice.  While some DNS companies pick a cloud partner to the exclusion of all others, BlueCat recognizes that most large enterprises use an “all of the above” approach to the cloud.  That’s why our DNS management tools are available and certified on AWS, Azure, and Google Cloud Platform.  We also work with many of the major providers of private clouds, allowing our customers to manage their DNS infrastructure wherever they please.

Implementing security

Security is a paramount concern for any network administrator, and the cloud adds yet another layer of infrastructure to worry about.  Have you ever tried to implement DNSSEC using decentralized management through BIND or Microsoft tools?  It’s not easy.

Implementing DNSSEC in BIND requires a series of onerous command-line changes to configure each server. Generating the DNSSEC keys, attaching them to the relevant machines, and testing the infrastructure takes a lot of time. Then you have to do it for every parent and child server in the network.  When those parent and child servers cross multiple clouds, this can become an enormous task.

In Windows, implementing DNSSEC is similarly work-intensive. First, you sign a zone and verify that the signing scheme is operating correctly. Then you use “trust anchors” to distribute that signing scheme to the child zones. Unfortunately, those “trust anchors” won’t automatically adjust themselves when the parent zone is re-signed, requiring network administrators to constantly re-distribute “trust anchors” to the child zones when the parent signatures change.  Again, doing this across parallel cloud and on-prem assets is very work-intensive.

In contrast, BlueCat’s enterprise approach to DNS makes implementation of DNSSEC ridiculously simple – in the cloud or anywhere else. In BlueCat’s unified DNS Integrity system, you check a box, and the DNSSEC scheme automatically populates throughout the zone. No command lines, manual distribution of trust anchors, or wondering whether it’s actually working.  It just happens for the parent and child zones in one click.

Securing and managing DNS assets from the cloud doesn’t have to be difficult.  With a centralized, automated, secure management platform, DNS can actually become an asset for your cloud deployment rather than a drag on functionality.

Learn more about BlueCat’s approach to DNS in the cloud.

Published in:

An avatar of the author

BlueCat is the Adaptive DNS company. The company’s mission is to help organizations deliver reliable and secure network access from any location and any network environment. To do this, BlueCat re-imagined DNS. The result – Adaptive DNS – is a dynamic, open, secure, scalable, and automated DDI management platform that supports the most challenging digital transformation initiatives, like adoption of hybrid cloud and rapid application development.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more