BlueCat Distributed DDNS

BlueCat Distributed DDNS provides more control, scalability, and resilience of dynamic DNS updates across large and distributed networks.

What is it?

BlueCat Distributed DDNS simplifies automated dynamic DNS updates across large or distributed networks. It evaluates incoming DDNS updates, checks permissions, forwards accepted updates to the primary DNS server, and cleans up stale records by leveraging DDNS service nodes backed by a distributed database and the BlueCat DDNS scavenging service.

The challenge

  • To configure and process GSS-TSIG updates, many DNS solutions require a complex manual process.
  • Network admins want to easily control and secure dynamic DNS across the enterprise.
  • Without a scalable validation engine for dynamic DNS, network teams can’t maintain resiliency, performance, and security for updates across their large or distributed networks. That means risking network security and uptime on business-critical services and applications.

Secure management

Simplify how update permissions or multiple zones are organized for a single zone.

Highly scalable

Remove bottlenecks and accelerate updates by offloading the work to a distributed web of proxy servers.

No service disruption

Ensure that dynamic updates are delivered reliably and efficiently.

Boost data integrity

Always-on record cleanup that reduces connection time-outs, optimizes storage, and simplifies migration.


  • Domain support: Readily supports over 50 Active Directory domains on a single cluster.
  • Permission management: Permissions are simplified and more powerful than the next-best solution.
  • Encryption options: Permissions can be set for both GSS-TSIG, regular TSIG, and unsigned updates for the same zone.
  • Load balancing: Anycast or load balancer deployment abilities for resiliency and scalability.
  • Design: Distributed design over large networks enables resilient deployment.
  • Path optimization: Short path to the DNS infrastructure entry point.
  • Redundancy data store: Support for redundant deployment options with multiple backend servers.
  • Reliable delivery: Incoming updates are queued using a first-in-first-out update order to any designated primary DNS server.
  • Failover detection: Auto-detect failover of primary DNS servers and deliver queued DDNS updates.
  • Service nodes: Hundreds of service nodes can be deployed, offloading GSS-TSIG processing.
  • Primary DNS: Updates are sent to primary DNS from service nodes via TSIG. The primary DNS server can handle TSIG updates much faster than with GSS-TSIG.
  • DDNS scavenging: Using a rules engine, build business logic that governs record removal based on time-of-update, while also having the ability to revert record deletion.
  • Reporting: Generate reports on source, name, update type, encryption method, and time stamps.