Solution brief
Edge

Edge DNS Global Service Load Balancing

Intelligent, flexible load balancing at the DNS layer

Request a demo
Download as PDF
Abstract isometric UI showing network ranges, usage bars, region names (EMEA/APAC), and a purple "Deploy" button
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article describes BlueCat Edge DNS Global Server Load Balancing (GSLB), a DNS-layer solution that brings intelligent, policy-driven traffic control to first-hop recursive resolvers. It addresses the real-world problem of siloed GSLB ownership and expensive appliances by enabling DDI teams to deploy scalable, low-latency, zero-TTL traffic steering based on real-time endpoint health and network topology. The outcome is lower cost, simplified management, improved availability for multi-region disaster recovery and application-aware routing, and restored control of DNS GSLB to the teams that own DNS resolution.

How does BlueCat Edge DNS GSLB make failover faster than traditional GSLB solutions?

BlueCat Edge DNS GSLB operates as a first-hop recursive DNS resolver that makes per-query routing decisions using real-time health checks (ICMP, HTTP/S, TCP) and network topology awareness. Because it can evaluate endpoint health and apply policy at query time with zero-TTL responses, it excludes unavailable endpoints instantly without waiting for DNS propagation or manual intervention. This enables immediate full or partial failover—rerouting traffic to alternate subnets or regions as soon as a primary endpoint is detected as down—and automatic rebalance when health checks confirm recovery.

What mechanisms allow administrators to create different routing behaviors for multiple applications in the same network?

Administrators use network-based policies and domain-level exceptions to craft precise routing. Rules are organized at the network/subnet level using IP address lists that represent logical segments (regions, departments, etc.), and domain-specific overrides can be applied so a particular application resolves to a different subnet than the default for its consumer network. The user interface supports configuring and prioritizing responses, enabling per-application multinetwork delivery, where different services in the same IP block can route to distinct subnets based on performance, compliance, or business logic.

What are the primary operational and cost benefits of deploying Edge DNS GSLB instead of appliance-based GSLB?

Deploying Edge DNS GSLB reduces reliance on costly GSLB appliances by enabling cost-effective Edge service points close to clients, covering enterprise footprints without heavy application load-balancing infrastructure. Operationally, it simplifies management by allowing rules at the network level with domain exceptions, centralizes control under the DDI teams that own resolution, and enforces routing policies during outages to reduce downtime and compliance gaps. Together these benefits lower total cost of ownership, improve availability and performance, and restore control of DNS GSLB to the teams managing DNS.

Challenge

Application GSLB keeps control
locked in siloed teams and
expensive appliances, limiting
agility, increasing costs, and
making it hard to extend smart
traffic steering to where users
and applications live.

Solution

BlueCat Edge DNS GSLB
introduces intelligent, policy-
driven traffic control into the
DNS layer, providing DDI teams
with real-time, scalable, and
cost-effective control over how
users access applications.

Benefits

  • Route traffic based on
    real-time health and network
    typology
  • Lower cost and deploy
    anywhere — no need for
    costly GSLB appliances
  • Enforce DNS policies without
    relying on external teams

Bring back DNS GSLB to the teams that own DNS resolution

BlueCat Edge DNS Global Server Load Balancing (GSLB) orchestrates DNS response delivery with precision by dynamically prioritizing answers based on real-time health status and network topology. This step ensures reliable application delivery and optimal traffic routing across multiple network segments and geolocations.

In large enterprises, DNS GSLB management is often decentralized. For instance, it may fall under the purview of teams managing F5 load balancers, rather than the DNS, DHCP, IPAM (DDI) team. This decentralization can create challenges for the DDI team when implementing changes at scale, particularly in disaster recovery situations.

DDI teams can regain control of DNS GSLB by leveraging capabilities within a DNS proxy or first-hop DNS resolver solution such as BlueCat Edge, which has DNS GSLB capabilities built in.

Solution overview: What is BlueCat Edge DNS GSLB?

As the first-hop recursive DNS resolver in the query path, BlueCat Edge offers DNS GSLB capabilities that use customizable rules to automate load-balancing optimization and disaster recovery. By deploying cost-effective and highly available Edge service points closer to clients and endpoints, network teams can cover the entire enterprise footprint—without relying on costly application load-balancing infrastructure.

This approach enables zero-TTL, decision-time DNS GSLB services that streamline, stabilize, and reduce the cost of traffic distribution for enterprises currently using expensive or less advanced GSLB solutions for DNS resolution.

How does it work?

Operating close to the client as a first-hop resolver, Edge DNS GSLB delivers low-latency, tailored responses at query time—either standalone or in conjunction with existing GSLB investments. Used as a smart policy engine, it can refine responses from on-path GSLB solutions.

Teams can maintain the order of preferred IP addresses within high-priority networks or exclude unnecessary responses to minimize exposure risk while safeguarding existing infrastructure. Administrators can configure and prioritize responses via a user-friendly interface, creating unique resolution paths with rules and exceptions for segmented devices, applications, and services.

The brains behind the balancing: a rules-based order that starts at the network/subnet level

Organizing sites using DNS segmentation and zero-trust DNS methods provides critical controls for handling traffic and implementing security policies suited to different client types (e.g., IoT). Segmentation enhances routing, enforces access controls, and safeguards against malicious activity. Zero-trust DNS verifies that devices communicate only with authorized endpoints, enabling real-time threat identification and proactive policy enforcement.

Migration is easy. NetOps teams with existing DNS business logic organized by site, country, region, city, or other breakout typologies can transfer that logic to Edge DNS GSLB. Rules are implemented at the network level to base distribution on subnets, with domain-level exceptions as needed.



Figure 1. DNS GSLB network/subnet methodology fits any existing network typology


Figure 1. DNS GSLB network/subnet methodology fits any existing network typology

Mechanisms and strategies

  • Network-based policies.

    Define intelligent routing rules based on client (consumer) and application (producer) network groupings. Use IP address lists to represent logical network segments—such as regional data centers, departments, or business units—to craft dynamic, policy-driven routing tailored to organizational and geographic needs. Policies can be applied globally, per domain, or in combination.


    Example: Direct traffic from EMEA-based users to EMEA data center endpoints by matching source IP addresses to an EMEA list and applying prioritized routing logic.


  • Real-time, health-aware routing.

    Continuously assess endpoint health via customizable checks (e.g., ICMP, HTTP/S, TCP) and make per-query routing decisions so clients receive answers pointing to available, responsive services—without waiting for DNS propagation or manual refreshes. If an endpoint becomes unavailable, it is instantly excluded from responses at query time.


Use cases

1. Multiregion disaster recovery

Ensure availability for critical services (e.g., app.example.local) across regions with routing that adapts to network conditions. Define resolution logic based on consumer and producer subnet groupings to match current infrastructure.


Figure 2. Normal operations with primary endpoints online

During normal operations, consumer networks (e.g., Subnet A and Subnet B) resolve to healthy primary production networks (Subnet M and Subnet N). Responses are optimized and distributed based on business-aligned policies (geographic affinity, capacity, performance).

Figure 3. Full failover triggered by outage in primary subnets

If Subnet M and Subnet N become unavailable (e.g., outage, DDoS), DNS GSLB dynamically reroutes traffic to Subnet O in another city or cloud region—without waiting for TTLs or manual reconfiguration.

Figure 4. Partial failover and load redistribution

For partial failures (e.g., only Subnet N down), traffic shifts to Subnet M immediately. Once health checks confirm recovery, traffic rebalances according to the original priority logic—no manual adjustments required.

A single gateway or shared service fronting multiple applications can be health-checked and governed by a single GSLB rule to redirect all dependent applications if the gateway becomes unavailable.

2. Per-application multinetwork delivery

Define precise, domain-specific routing policies for each application—even within the same consumer network block—so different applications can use distinct network paths and priorities without extra infrastructure.

Figure 5. Multinetwork delivery with applied exceptions for a specific domain

Example: All queries from IP Block A route to Subnet M by default, but app.example.local is overridden to Subnet P.

Figure 6. Application-aware routing across multiple internal services

Example: In IP Block A, dev.example.local routes to Subnet P (performance/proximity), while hr.example.local routes to Subnet M (compliance/data residency).

This enables nuanced, application-level routing across shared environments with centralized visibility and control.

Key differentiators

Simplified management

Apply rules at the network level to reduce DNS configuration complexity. Create subnet-level rules with domain exceptions where needed.

Enhanced performance and availability

Distribute traffic across multiple servers (with response randomization), reinforced by health checks and prioritization.

Flexibility

Adjust rules and priorities as business logic, network conditions, or requirements evolve.

Solution benefits

Lower costs

Deploy scalable DNS GSLB to regions and sites that cannot justify costly load balancers.

Reduce risk

Enforce routing rules that keep traffic aligned with policies—even during outages—to minimize downtime, misrouting, and compliance gaps.

Complete control

Bring DNS GSLB under the tools and teams that own resolution and traffic policies at the source.

Delight users

Deliver reliable, performant, localized service every time users open their browser.

Next steps

Discover how Edge DNS GSLB enhances the performance, reliability, and scalability of DNS response delivery.

Learn more about BlueCat Edge

BlueCat’s Intelligent Network Operations (NetOps)

BlueCat’s Intelligent NetOps solutions provide the analytics and intelligence needed to enable, optimize, and secure the network to achieve business goals. With an Intelligent NetOps suite, organizations can more easily change and modernize the network as business requirements demand.

Discover the Intelligent Network
Isometric blue UI tiles showing gear, shield, chip, and magnifying glass icons on a grid background