Yes, networking can extend DNS control into the cloud

When cloud and on-premises DNS are separate, enterprise-wide control is out of reach. Learn how BlueCat can provide a single source of truth for DNS.

Maintaining centralized visibility and control over core infrastructure resources is critical to error-free, rapid delivery of network services across the enterprise.

But when DevOps and cloud teams create autonomous areas in the public cloud that have their own cloud DNS, the centralized system erodes.

The result is conflicts that slow the network or bring it down altogether. Adding insult to injury, cloud and DevOps teams emerge unscathed while network teams get the blame.

Setting up cloud and on-premises infrastructure as separate entities prevents centralized control and management of enterprise-wide DDI. (DNS, DHCP, and IPAM are together known as DDI.)

This post will explore some of the outcomes observed when siloed cloud compute erodes central control. It will also delve into how BlueCat’s platform can provide a single source of truth and control for DNS and IP records, regardless of where or how those records are assigned on the network.

This post is part of a blog series exploring some of the challenges network teams experience in the face of enterprise cloud adoption—and how BlueCat can help solve them.

Why centralized DNS is necessary

At global enterprises, few cloud-native applications and services can operate unfettered from legacy on-premises or hosted data systems. They contain critical customer, financial, or product information. Even cloud-first solutions must often go back to the data center to complete transactions. In the end, everything must traverse fractured DNS resolution paths.

How control over DNS becomes–and stays–fractured

Imposing change controls on application developers doesn’t work. Even asking these teams to simply document their rapid changes and feed these back to teams responsible for network infrastructure is viewed as archaic and bureaucratic. After all, the cloud logs this stuff for its own purposes (just not somewhere network teams can usually access). So, why should the cloud teams take on extra work?

The impacts of siloed DNS across hybrid cloud environments

Again, correctly plugging compute in the cloud into on-premises DNS takes skill and knowledge of the network. The inevitable result of this is that service delivery becomes delayed. This often sparks shadow IT, and unnecessary or unknown cloud expense. Orchestrating or automating changes that straddle both cloud and on-premises infrastructure becomes nearly impossible. Governing cloud provisioning activity is a lost cause. Costs climb, as simply locating the source of an issue becomes harder. Security controls enforcement is inconsistent.

In the end, the promise of the cloud—speed, scalability, cost efficiency—becomes difficult to realize. The broader impacts of inadequate integration offset local gains at the developer level.

Who’s to blame?

Too often, IT teams are left holding the bag. Their plans to properly manage IP space across single clouds or hybrid cloud environments become impossible to implement. When the lack of a centralized authority for DNS resolution results in data conflicts that bring down the network, the cloud and DevOps teams somehow avoid the blame.

Developers rarely have to wait. Instead, fault assignment goes to network teams for “slowing things down.” It’s a classic problem of network admins having all the responsibility but only some of the authority over the network infrastructure.

The antidote: establish a consistent, centralized platform for DDI

Gaining visibility into cloud DNS, for purposes like reconciliation of cloud provisioned IP and DNS records, is certainly a big step forward for network teams struggling to keep up with application development and deployment in the cloud. However, it is only the first step. Why settle for visibility when IT staff can gain control and management of DNS services in the cloud equal to what is done on-premises? And if they can do so without sacrificing the speed and agility that DevOps teams crave?

BlueCat ensures that its address management system reflects any change to network infrastructure made in the cloud. This ranges from cloud assignment of a single IP address to the creation of entire networks via orchestration tools. It allows application and cloud teams to operate unfettered in hybrid environments while ensuring that infrastructure teams can see, and get out ahead of, potential IP conflicts. These conflicts may cause errors that pose serious risks to business continuity.

Screenshot of BlueCat address manager IP space workflow

Extending on-premises DDI management capabilities to cloud environments allows administrators to provide consistent, localized, secure services to those locations, resulting in several key benefits for cloud teams.

Improved DNS performance

By providing local DNS services from a centrally managed platform, DNS administrators can ensure that cloud applications and services have local access to the DNS data that they require to operate. Instead of sending recursive DNS queries to the data center to find the authoritative information required to process a user request, it retrieves local data instantly to service the need.

Consistent automation

Cloud experts demand as much automation as possible for the everyday tasks required to build and maintain services. This allows them to focus on delivering value to customers. Extending DDI to cloud environments is a critical step in automating DNS tasks since many automation requirements must extend beyond a cloud-native DNS platform in order to be fully effective. Providing a local automation endpoint that can span multi-cloud and on-premises environments builds automation once and applies it globally. Integrations with cloud orchestration solutions such as Terraform allow cloud teams to work in tools that they are familiar with. Meanwhile, it ensures back-end consistency and visibility into their changes.

Centralized control

Cloud teams routinely utilize multiple cloud platforms, multiple instances, and hundreds or thousands of individual networks. Managing all of the various DNS and IPAM capabilities that those environments may require can slow down the real work of the cloud team. With BlueCat, network teams can manage centralized control on a common platform from a single point. But it also has the flexibility to delegate management of cloud-facing data to the right consumers. This allows for speed and flexibility while maintaining control and consistency across all locations.

Upcoming blog posts will explore the biggest hybrid cloud challenges for DDI. And they will highlight the solutions that BlueCat offers to alleviate them. In the meantime, read the Using BlueCat Adaptive DNS in the Cloud whitepaper.

Thinking about moving to the cloud?

See how Adaptive DNS helps organizations embrace a hybrid cloud solution.

Learn more

Read more

9.3 Integrity Deep Dive On-Demand Replay

Learn how you can get more security data, ramp up automation, and adopt cloud without compromising performance.

Read more
For DNS server caching, what is the ideal TTL?

Many factors affect how to set time to live (TTL) for DNS servers. Learn more, plus how BlueCat Edge’s TTL features can bolster your network.

Read more
Comparing AWS, Azure, and GCP cloud DNS services

The public cloud presents major challenges for DNS management. Examine various capabilities and limitations of Azure, AWS, and GCP with BlueCat.

Read more
Five network pros’ manual error horror stories

Members of BlueCat’s Network VIP community detail the errors they committed, the resulting fallout, and what important lessons they learned.

Read more

Products and Services

From Core Network Services to multicloud management, BlueCat has everything you need to build the network you need.

Learn more