DDI enhancements that give your network an edge

Bring additional IP forwarding, discovery, resolution, and security capabilities to standard DDI infrastructure to make multicloud complexity feel simple, safe, and reliable.

Modern networks have outpaced network standards

DNS is one of the oldest and most successful protocols on the internet.

But multicloud complexity is evolving quickly, creating exceptions and fringe cases that don’t comply with the DNS RFC standards that traditional DNS, DHCP, and IP address management (together known as DDI) are built around.

BlueCat Edge brings advanced capabilities to DDI infrastructure for requirements that exist beyond the standards governed by DNS RFCs, in three areas:

Edge for networking

Intelligent automation for complex forwarding requirements

Learn more

Edge for security

Advanced threat detection and policy enforcement

Learn more

Edge for cloud

Tame the complexity of cloud DNS by simplifying resolution

Learn more

What is BlueCat Edge?

BlueCat Edge is a lightweight, cloud-managed software solution that delivers advanced DNS capabilities via service points deployed across the edge of your network.

Service points are first hop DNS resolvers that intelligently apply security policies and forwarding rules to every query, ensuring DNS traffic moves safely and optimally.

Deploy anywhere

Deploy service points on BlueCat hardware, in virtual environments, and in cloud (AWS, Azure, and Google Cloud) environments to handle any client load.

Increase visibility

Capture and log any internal and external queries from any client, branch, or user globally.

Complete control

Control all DNS resolution paths while detecting malicious behavior and restricting access to critical internal resources.

Edge for networking

In a multicloud world, DNS queries can potentially resolve to multiple duplicate locations.

Services, apps, and data might reside simultaneously in different clouds and regions across different internal and external zones. How do you know which resolution pathway is best?

Instead of manually maintaining reams of conditional forwarding rules across multiple authoritative DNS servers, Edge uses intelligent forwarding via service points to set conditions and direct queries to the right destination.

Read the Edge admin guides

View the demo

Optimize DNS resolution

Edge provides multiple DNS query resolution paths while simplifying the segmentation of DNS data.

Improved network performance

Reduce network congestion using Edge as both a caching and forwarding server.

Direct Internet Access

Use a cloud-managed solution to enable Direct Internet Access for remote branch locations.

Edge for security

Most traditional DDI approaches secure the network the same way: They maintain a list of malicious domains using threat protection feeds and use response policy zones to block the response of any queries to them.

The problem is that sometimes, the query itself can be a threat vector—by giving attackers exploitable network information for future attacks.

BlueCat Edge provides advanced threat protection that also blocks malicious queries—so threats never get close to your critical systems.

View the demo

Spot more threats

Eliminate DNS as a threat vector and reduce your attack surface by applying policies to DNS traffic, limiting access to sensitive data while locking down critical systems.

Identify and respond faster

Use smart analytics to find and halt data exfiltration tactics like beaconing to command-and-control servers via DNS tunneling or poisoning, or domain generation algorithms.

Simplify compliance

Easily configure, deploy, and enforce advanced DNS policies across your network to meet corporate compliance standards and security and regulatory requirements.

Threat protection

Your DDI security is only as good as the threat intelligence you feed it. With BlueCat Edge, you get cutting-edge threat data from industry leaders like CrowdStrike and Cisco—with the flexibility to supplement with your own threat feeds.

Get the Threat Protection data sheet

Learn about our Cisco Umbrella integration


Uncover hidden threats

Get a continuously updated security feed to spot and block threats as they emerge with the most active, comprehensive threat repository on the market.

Get security expertise on tap

Enrich your DNS data with insights from CrowdStrike’s elite team of threat analysts and security researchers.

Eliminate security blindspots

Join up your analysis of your security posture by integrating with popular security technologies and SIEMs, Cisco Umbrella, and Splunk to find and respond to threats faster.

Additional security features

Reduce attack surface

Eliminate DNS as a threat vector by setting policies to limit access to sensitive data and lock down critical systems.

Detect malicious behavior

Use smart analytics to find and kill data exfiltration tactics like tunneling, beaconing to command-and-control servers, or domain generation algorithms.

Set security policies

Administrators can configure each security feed with individual actions (redirect, blacklist, do not respond, log, etc.).

Identity-based security

Link identities to IP addresses to tie DNS behavior to individuals rather than devices.

Logging and visibility

Log matches to determine which devices have attempted to access known malicious content.


Gain a complete view of response policy activity with respect to threat category, source of threat, and targets.

Integration with Integrity

Centrally manage and orchestrate threat protection through Integrity’s BlueCat Address Manager.

Agentless deployment

Provide visibility, protection, and control to any DNS-leveraging device, without the need to deploy and manage agents on those devices.

Edge for cloud

With Edge, network teams can resolve DNS queries across complex cloud deployments with ease, using Cloud Resolver.

Cloud Resolver

Multicloud DNS quickly gets mind-bendingly complex. Providers have different (and sometimes conflicting) mechanisms for handling multiple DNS authorities, and there’s no nameserver interoperability for managing zone data between providers.

BlueCat Cloud Resolver acts as an authoritative DNS server across multiple cloud providers—so you can confidently manage any combination of cloud DNS.

Learn more about Cloud Resolver

Related content

Data sheet

BlueCat Edge for security

BlueCat Edge allows security teams to leverage the DNS data that it captures for another layer of security intelligence and protection.

Read more
Data sheet

BlueCat Edge for networking

Edge adds a much-needed layer of visibility, control, and detection for corporate DNS. Edge gives network and IT teams unprecedented access to DNS…

Read more

BlueCat announces new capabilities to help organizations modernize their network infrastructure

Enhanced products and expanded portfolio offerings provide flexibility and control to manage, secure, and build complex, multicloud networks.

Read more

Enhance DNS control with BlueCat Edge SPv4

With a multi-service architecture, BlueCat Edge SPv4 now supports simultaneous add-on modules for security, networking, cloud, and branch offices.

Read more
Technical resources

Ready to dive deeper? Explore our technical resources.

Want to speak to someone?

Let’s talk about how our solutions can make your network faster and more secure.

Contact us