So many companies that I have worked for and been involved with manage DNS in a way that I think a lot of us can be familiar with. Here’s a scenario: Windows Server environment managing internal DNS based off of DHCP and a few static entries in there too. Anything else gets forwarded to an external DNS server. Simple setup that has worked for a long time. Fast forward to today and think of the world of networking that we live in and you’ll realize the old way of doing things just might not be cutting it. You’d be right. That’s where I think BlueCat Networks is focusing themselves and they are raising some great points.
When I think about these things I break them down into two buckets in my head. There are the things that make my network more secure and improve performance. The other bucket is around making MY life better from an administrator’s viewpoint. We can’t forget about that now can we? Here are a couple of those things that make up these groups of thoughts and how valuable they are.
Threat protection. That’s a phrase we’ve all heard a lot about. Malware protection on endpoints and edge protection at the firewall level are the common things people think about. The usual process of a user getting their device infected for instance could be them clicking a malicious link for a file download. Instead of waiting for the download to reach your firewall or even the endpoint, maybe you could kill this threat even faster. BlueCat offers users that option. When that user clicked the download link for the infected file from this known malware website, the DNS request could have been intercepted and redirected to prevent the file download from even beginning. This technology is based on a real-time cloud database of threats that are monitored within your network.
Think of the “old way” of doing things I described above. That DNS setup would have let the file download begin without even taking a second look at the traffic. Zero protection from threats and malware at the DNS level.
Single Source of Truth
This is a concept that is not a crazy, extreme idea by any means, but something that I think we take for granted a lot of times. This thought I am talking about is the idea (and hope!) that all of your systems share matching data and there are no discrepancies. Back to our example environment with Windows DHCP and DNS. Once the device gets an IP address and DNS is notified, that’s where the communication ends. Add this on top of other static records you have made and some static IP addresses you have handed out. Some old A or PTR records may be present, some may be missing, or some may have never been created. Take a non-domain device or server that you forgot to make DNS records for, it may not be anywhere in DNS at all! With DNS, DHCP, and IPAM being three separate but important systems, we need to make sure they are all sharing the same data.
Sharing the same data is a great thought and I would be willing to bet a lot of administrators believe their environment is up to date and accurate. The problem is, there is a wide range of ways this data could become out of date or incorrect. With a solution like what BlueCat is able to offer, the goal can be a reality now because all three systems are tied together. Here’s an example. An IP is reserved for a new server that will be installed. It is marked off in the IPAM system, DNS entries are created, and that IP is excluded from the DHCP pool. Three steps, three systems, and more time than what has to be spent on such an easy task. With the BlueCat API and toolset, an IP could be reserved from the IPAM at the same time DNS records are made and that IP is blocked from being handed out by DHCP to another host. One step, that’s it.
It’s no surprise that BlueCat does place a lot of focus on DNS. I think by now you can see some of the reasons why. The overall theme is that DNS can be used for more than just a client presenting a hostname and the DNS server returning an IP. BlueCat Networks offers a chance to setup specific policies based on criteria that you find important. These can be things like how the system will respond when the following occurrences are detected:
- DNS Tunneling
- A “protected” server makes a request
- A request is made for a site or server in certain, specified countries.
The fact is that instead of DNS just happening, BlueCat made a system that gives the end user more control over the where, what, and why certain requests are being made.
I have been looking into BlueCat a good bit lately after initially seeing them at NetworkFieldDay19. You could tell from their presentation they put a lot of stock in an organization’s DNS and how they could be improved (as well as DHCP and IPAM). If you want to view this presentation and a demo of BlueCat Edge, take a look below. Be sure to also visit BlueCat Networks at https://www.bluecatnetworks.com as well!