The Domain Name System (DNS) is the backbone of the Internet. As one of the most crucial parts of a network’s architecture, it is important for companies to enable seamless and efficient centralization, automation, and management of a DNS to significantly increase their network performance and business value.
One company that empowers businesses and IT teams to achieve successful digital transformation by offering innovative Enterprise DNS solutions and services is BlueCat. As a trusted provider of Enterprise DNS solutions for the world’s largest and most advanced organizations, BlueCat provides the foundation for open, adaptive, and flexible networks that meet the demands of today’s complex and heterogeneous infrastructures.
SourceForge recently caught up with Noel Reynolds, the Director of Solution Architects at BlueCat Networks, to discuss DNS trends and best practices. Reynolds also highlights the benefits of using BlueCat DNS Integrity and DNS Edge and shares how their cutting-edge Enterprise DNS solutions help increase network control, compliance, and security.
Q: Can you please tell us more about BlueCat. How and when did the company get its start? Who are the brains behind BlueCat?
Noel Reynolds, the Director of Solution Architects at BlueCat
A: BlueCat has been in the Domain Name System (DNS) business for almost two decades. We provide Enterprise DNS solutions for some of the world’s largest organizations, as an antidote to the chaotically disparate set of DNS, Dynamic Host Configuration Protocol (DHCP), and IP Address Management (IPAM) ecosystems that hold back digital transformation.
Q: What industries do you serve and what expertise do you provide?
A: BlueCat works with IT networking and cybersecurity teams at organizations representing many verticals, including financial services, higher education, manufacturing, retail, healthcare, and more.
Q: As the leader in Enterprise DNS, how is BlueCat transforming network infrastructures and empowering organizations across the world by tapping the power of DNS?
A: Providing an Enterprise DNS solution means we work with customers to purposefully architect a system of relationships between servers, resolvers, and network clients that centralizes DNS management and monitoring.
Enterprise DNS elevates today’s DDI market into something that is secure, expandable, and consistently automatable in structure even when scaling to many millions of records. This is different from the status quo of disparate systems of DNS, DHCP, and IPAM solutions that some organizations are currently juggling. This lack of integration ultimately holds back digital transformation initiatives like the move to cloud, automation, and complete network visibility and control.
Q: DNS is one of the most critical components of the networking infrastructure; hence, it should be resilient and secure enough to withstand distributed denial of service (DDoS) attacks. As DNS experts, what best practices and/or critical steps should organizations take to ensure the protection and resilience of their DNS infrastructure and avoid security pitfalls?
A: In our view, protecting against denial of service attacks is not something that should be done on a DNS server. DNS servers should focus on delivering query responses with the least amount of latency, and vendors that claim their DNS servers can also stop or prevent denial of service attacks on a DNS server are actually taking advantage of customers who don’t understand how a denial of service attack works. In many cases, the network flooding alone from an attack like that will take down the access to the DNS server (long before the DNS server itself becomes unable to respond to queries).
Many BlueCat customers have concerns about the resiliency of their public DNS presence. Some of our more global, large-scale enterprise customers outsource their external DNS to external DNS providers such as Dyn, Akamai, Verisign, etc. We also offer our own global, anycast network for public DNS resiliency. In both cases, our customers are able to manage their DNS presence through BlueCat’s management platform or via API calls and take advantage of our simplified management, visibility, and control over public DNS records.
Q: In what ways can DNS accelerate digital transformation initiatives like the move to cloud, full-network visibility, automation, IoT device management, and thoughtful and precise policy control?
A: To empower all the initiatives mentioned, enterprises need to bring their DNS operations to the same level of efficiency and automation as the rest of their IT operations. At BlueCat, we help organizations by pulling together disjointed DNS systems into enterprise-capable ones.
This means we help:
- Minimize the complexity of DNS configuration by reducing the need for coding;
- Reduce the risk of mistakes at all skill levels;
- Allow non-experts to get what they need without constantly turning to an expert;
- Automate everyday IPAM tasks and DNS operations involved in standing up networks or adding devices; and
- Provide cross-team visibility to DNS data without bulky processes.
Q: We’ve heard that you recently launched a new version of DNS Integrity and DNS Edge. How’s the response of your users and customers so far?
A: Integrity and Edge are both components of BlueCat’s overall Enterprise DNS offering. Recent releases have included features that continue to evolve to match our customer’s needs to improve speed and ease of automation, simplify DNS integration between cloud and on-premises resources, reduce complexity, and increase visibility from both a management 
and security perspective.
We work closely with our customers from feature inception, through development and release. As a result, we’ve seen rapid adoption of new capabilities by many customers, and user feedback has been overwhelmingly positive.
Q: Can you please tell us more about DNS Integrity and Edge. What are their standout features and enhancements?
A: Integrity maps to the traditional DDI offering of highly-scalable, centralized management of data (IPAM) and the distributed delivery of services (DNS & DHCP). It also addresses needs around automation by providing application program interfaces (APIs) for interaction and data retrieval.
DNS Edge is designed as a first-hop DNS resolver and provides an extensive security and visibility feature-set by logging all DNS queries and responses, detecting DNS anomalies such as exfiltration or domain generation algorithms, and integrating a threat intelligence feed curated by BlueCat. Deployed close to the endpoint device as possible, Edge provides complete visibility into all of the enterprises DNS traffic, not just DNS traffic to the internet. This allows for additional functionalities like policy enforcement, and data analytics with requests and responses, all of which can be exported to a SIEM for analysis.
DNS Edge also supports Namespaces. Namespaces is a unique functionality to BlueCat that handles DNS traffic steering, enabling resolution based on context from different DNS servers as well as the ability to add a list of servers to try in the case of a negative response from the primary system.
Today’s age of digital data and networking requires a sophisticated approach, in which simple feature- and functionality-based approaches are not enough. Our goal is to map our solutions to business drivers and technology initiatives by leveraging Enterprise DNS products like Edge and Integrity.
Q: Looking in the future, what trends, technologies, and market movements do you think will likely shape the future of DNS? And how is BlueCat meeting these head-on?
A: From a technological standpoint, the business requirements for automation, virtualization, and containerization. They demand that DNS be well-architected, scalable, and compatible across a dizzying amount of geographies, zones, and sites. They’re unforgiving of disparate DNS systems.
Also, given today’s evolving cybersecurity landscape, cybersecurity teams need to be able to get access to DNS data in a way that isn’t clunky. Plus, they also need to be able to control DNS query resolution at the first hop for additional protection.
About BlueCat Networks
BlueCat is a trusted Enterprise DNS company that delivers software-based DNS, DHCP, and IP Address Management (DDI) solutions. Established in 2001, BlueCat helps organizations and their customers build and manage their most complex network infrastructure to maintain a competitive edge. Headquartered in Ontario, Canada and with offices worldwide, BlueCat specializes in network security, DNS security, cloud, enterprise DNS, managed DNS, virtualization, and more.