Configure the DNS suffix

Configure the DNS suffix

BlastShield runs its own DNS service. This allows you to access protected Endpoints and Agents using a hostname as well as by IP address. The Orchestrator is configured with a default DNS suffix, which in releases prior to release 1.2.0 was "blastshield.int" and in releases after 1.2.0 is "blastshield.io". The DNS suffix is configurable to give you the flexibility to configure it according to your preferred hostname. You can configure one or multiple DNS suffixes.

Pre-requisites

  • If you want to configure multiple DNS suffixes then you must use firmware release 1.2.0 or higher.
  • To be able to access endpoints using a secondary DNS suffix requires that the Client or Agent software to be upgraded to the 1.2.0 release.
  • Learn about how to check what version firmware you are using here and learn about how to upgrade your Orchestrator here
  • You must have Read/Write access to the Orchestrator. You can verify this on your user profile in the Orchestrator.

Summary

  • The process is simple. The suffix(es) you wish to use are entered into the DNS suffix setting on the Orchestrator. If using more than one DNS suffix, enter them as a comma separated list.
  • Upload the certificate for your hostname.
  • You must then configure the corresponding DNS name on your endpoints

Step 1: Navigate to the Network Settings

Performed by the BlastShield Orchestrator Administrator
  • Login to the Orchestrator and click the Network Settings button on the left hand menu. The Network Settings window will open, as shown below. This Orchestrator is using the default DNS suffix of "blastshield.io".

Step 2: Enter the DNS suffix(es)

  • Enter the DNS suffix(es) you want to use into the DNS suffix box in the settings.
  • If you are using more than one DNS suffix then enter the additional suffixes into the Additional DNS Suffixes box. To configure multiple DNS suffixes you must be using release 1.2.0 or later.
  • Note that if you enter multiple DNS suffixes then the first suffix in the list will be your primary DNS suffix and the others will be secondary suffixes. The Orchestrator will always use the primary DNS suffix.
  • Click Save changes to save the DNS suffix settings .

In this example, the primary DNS suffix is 'blastshield.io', which is the default value, and a secondary DNS suffix of 'myothersuffix.io' has been configured in the Additional DNS Suffixes box.

Step 3: Upload the certificate(s) for your hostnames

  • In the Orchestrator Certificate Dialogue box in the Network settings, upload either a signed certificate for a previously downloaded signing request, or a zip archive containing both a private key and a matching certificate. Refer to the following article for details.

Step 4: Configure DNS names for your Endpoints and Agents

Performed by the BlastShield Orchestrator Administrator
  • Navigate to the Agent menu to open the Agent Settings page.
  • In the DNS Hostnames box, enter the desired hostname.
  • When you configure an Endpoint's or Agent's DNS name you can either set it to a short name i.e "foo". Then you can resolve it as usual with foo.blastshield.io (if blastshield.io is your primary DNS suffix)
  • If you want to use one of your additional suffixes you must type in the full name i.e foo.myothersuffix.io
  • You can also make an endpoint appear in both suffixes by using a comma separated list of names such as "foo, foo.myothersuffix.io".

In the example above, the Agent will have two DNS hostname. These are 'syslog.<primary-DNS-suffix>' and 'syslog.myothersuffix.io' where 'myothersuffix.io' is a secondary DNS suffix.

Your Endpoints and Agents should now be reachable by both the configured DNS hostnames and by IP address, however do make sure that you are using the 1.2.0 release Client and Agent software if you wish to to access endpoints using a secondary DNS suffix.


Please remember that if you configure multiple DNS suffixes then the first suffix will be your primary DNS suffix and the others will be secondary suffixes. The Orchestrator will always use the primary DNS suffix. To configure multiple DNS suffixes you must be using release 1.2.0 or later.  To be able to access endpoints using a secondary DNS suffix requires that the client or agent software to be upgraded to the 1.2.0 release.