CloudDNS

Should you store DNS data in the cloud or data center?

There are tradeoffs to where you store DNS data. Whether in the data center or cloud, BlueCat’s custom logging feature can help you better manage it.

Last updated: September 15, 2025

An avatar of the author
Mark E. Mikhail
Abstract cloud computing background with digital rings symbolizing DNS data storage in cloud vs data center
Key Takeaways
  • Security and risk leaders must balance strict data residency and protection requirements with the performance and agility needs of network and security operations.
  • Exclusively storing enterprise DNS data on-premises or in a private cloud reduces exposure but limits access to cloud-based threat protection capabilities.
  • Gartner recommends evaluating DNS data storage location using five cloud risk domains: agility, compliance, availability, supplier risk, and security.
  • BlueCat custom logging allows organizations to control where DNS query data is stored and how it is transported, supporting enterprise security and privacy policies.
  • With BlueCat custom logging, DNS data can be logged to cloud targets, local data lakes, or both, enabling flexible hybrid storage architectures.

As organizations gain access to seemingly limitless amounts of data, they must mitigate the business and financial risks that come with it. There is a bevy of challenges to address related to storage, data protection, privacy controls, and data threats.

Security and risk management leaders are establishing internal security requirements for where data can be stored. Their intent is to reduce critical data loss and risks to privacy.

However, it can be an internal battle to strike a balance between the competing requirements of protection and speed. Friction can result.

In the case of enterprise DNS data, organizations want the flexibility to both:

  1. Create redundancies between the data center and vendor-supplied cloud; and
  2. Exclusively store DNS data in the data center or private cloud.

This post will explore weighing the risks of storing DNS data in the cloud. Furthermore, it will show how BlueCat’s custom logging feature can help network teams better manage DNS data regardless of where it is stored.

Weighing the risks of cloud storage

Organizations must weigh the opportunity cost of exclusively storing DNS data in a local data center. By doing so, they forgo the agility of cloud-based threat protection for core networking solutions.

When deciding where to store DNS data, Gartner suggests basing cloud decisions around five public cloud risk domains:

  • Agility: ability to support unanticipated future needs
  • Compliance: regulatory and other legal requirements
  • Availability: service disruptions and data loss
  • Supplier: changes in the cloud provider business model of viability
  • Security: confidentiality and data control

BlueCat’s custom logging can help with DNS data storage

Regardless of the strategy for data storage, customers can use BlueCat custom logging to give network teams control over where DNS data is stored and how it’s transported. And you can do so while still adhering to enterprise security requirements. That means real flexibility to log your query data wherever you want: in the cloud, a local data lake, or both.

Below is a demo of creating a logging endpoint in BlueCat Edge:

BlueCat custom logging feature

For additional information on how to configure or set up these new features, please refer to the help section in your DNS Edge Cloud Console.

Why do 72% of enterprises struggle to realize the full value of the cloud? This report by EMA breaks it down.

Published in:

CloudDNS

Published on: October 30, 2020

An avatar of the author

Mark is a Senior Product Marketing Manager at BlueCat Networks.

Related content

Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more
Row of orange industrial robotic arms positioned along an automated conveyor belt in a factory setting
Blog

Automate it all in Integrity with REST v2 API-first DDI management

Discover API-first DDI with Integrity X by using REST v2 to automate DNS, DHCP, and IPAM for scalable, secure network operations.

Read more
Three colleagues at monitors collaborating, overlaid with network, analytics, cloud, and gear icons.
Blog

Agentic AI adoption in network observability propels NetOps teams

Network observability is crucial for today’s networks and even more capable with agentic AI, according to new Omdia and BlueCat research.

Read more

⏳ Cisco Live is almost here. Put BlueCat on your agenda for smarter, more secure networks.

Get the details