BlueCat's Network VIP Community | Connect with other DDI professionals

Recently active
Categories
Help others

mark.mikhailProduct Marketing Manager

Must-Have or Luxury? The Great DDI Metrics DebateLayer 8 Lounge

Must-Have or Luxury? The Great DDI Metrics DebateWhen it comes to running core network services like DNS, DHCP, and IP address management (DDI), operators are never short on data. Every server, lease, and query leaves behind a trail of metrics: CPU load, query rates, error codes, address utilization, and more. But in practice, not all metrics are created equal.Some teams rely on a small handful of KPIs to keep the lights on. Others build expansive dashboards to capture every detail. And that raises an important question: which DDI analytics are truly essential, and which are just “nice to have”?The metrics that divide opinions• Capacity and forecasting: Some say short-term utilization trends are mission-critical to prevent outages, while others think long-range forecasting is overkill.• Error visibility: NXDOMAINs, SERVFAILs, and other DNS signals can highlight misconfigurations or abuse, but do you need constant monitoring, or just alerts when thresholds are hit?• DHCP insigh

110

23 hours ago

brian.pfielActive Resolver

General community discussion

API logging - REST v2 Logs

I’ve not had any success in using the compressed files like “restv2-diagnostics.log.9.gz”. The data is nothing like the v1 logs. It looks as though every line that is in the normal file has a folder named after it and another subfolder resulting in thousands of folders and subfolders with an empty file. It’s not usable. Has anyone figured this out?

203

7 days ago

dittmanAuthenticated Nodes

Integrity

filter-aaaa-v4 in Integrity 25

I tried filtering AAAA responses per the KI 000016351 by adding this:plugin query "/usr/lib/filter-aaaa.so" { filter-aaaa-on-v4 yes;};I get the following error:root@bdds75a:/var/log# cat check-bind.log Fri Aug 29 14:15:21 UTC 2025/etc/named.conf:32: unknown option 'plugin'If I try without the plugin statement I get this:root@bdds75a:/var/log# cat check-bind.log Fri Aug 29 13:58:23 UTC 2025/etc/named.conf:32: option 'filter-aaaa-on-v4' no longer existsDoes anyone know the new way to do this in Integrity 25?

192

18 days ago

dittmanAuthenticated Nodes

Integrity

Let's Encrypt Certs in 25.1 vs. 9.6.1

I’ve upgraded my lab to 25.1 and have found that the Let’s Encrypt certs aren’t working as expected. I don’t see errors in Firefox or Chrome but code to check the certs are failing against 25.1 with the error “ Certificate validation error: FQDN-25.1 [unable to get local issuer certificate]” which lead me to test with curl.I’m wondering if anyone else is seeing the same issue or is this something I’m doing wrong.This is the error I see with “curl -v https://FQDN/”:root@bam:~# curl -v https://FQDN/* Trying 10.0.10.26:443...* Connected to FQDN (10.0.10.26) port 443 (#0)* ALPN: offers h2,http/1.1* TLSv1.3 (OUT), TLS handshake, Client hello (1):* CAfile: /etc/ssl/certs/ca-certificates.crt* CApath: /etc/ssl/certs* TLSv1.3 (IN), TLS handshake, Server hello (2):* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):* TLSv1.3 (IN), TLS handshake, Certificate (11):* TLSv1.3 (OUT), TLS alert, unknown CA (560):* SSL certificate problem: unable to get local issuer certificate* Closing connec

5213

26 days ago

massodecProvisioned Rookie

Integrity

replicate in API v2 the behaviour of 'excludeDHCPRange=false' from v1 API

Hello,We are migrating our "legacy" v1 API scripts for BAM 9.6.1 to v2 API.In one of those tools, we use v1 "POST /Services/REST/v1/assignNextAvailableIP4Address" to look for a free static IP address. This endpoint provides parameter 'excludeDHCPRange=false' to easily avoid assigning static IP addresses from DHCP Ranges.To achieve the same outcome in v2 API, we should use v2 "POST /api/v2/networks/{collectionId}/addresses" with the 'x-bcn-excluded-addresses' header.But that header is not a Boolean but a list of IPRanges.We're thinking on populating that 'x-bcn-excluded-addresses' header with the output of another API call to "GET /api/v2/networks/{collectionId}/ranges".But even this approach is pretty straight-forward, it feels we are over complicating the process.Are we missing something? Is there any easier way to achieve in v2 API the same behaviour from v1 'excludeDHCPRange=false' ?Thank you very much.

262

26 days ago

moni.veroneseCommunity Manager

Integrity

Notes from the Integrity X community discussion posted in the group

Posting here for anybody subscribed to the Integrity channel The notes have been posted in the Layer 8 Lounge Group: Join the Layer 8 Lounge group to keep up to date with future events and notes from the calls👉 https://community.bluecatnetworks.com/groups/layer-8-lounge-43

28 days ago

moni.veroneseCommunity Manager

Integrity

Integrity X Videos: RESTful API Automation, New UI, Metrics & Visualization and TaggingTutorial

New Integrity X Videos We’ve published 4 new videos to walk you through some of whats new in Integrity X.Each video covers a different theme: Automation with RESTful APIs New UI Tagging Metrics and Visualization A new UI, built for the way you work Integrity X introduces a fully modern, accessible, and intuitive interface — purpose-built to empower every user. Whether you’re provisioning DHCP, managing IP space, or investigating DNS issues, the UI puts the power of the platform at your fingertips without the noise or clutter. Designed for speed, optimized for clarity, and compliant with WCAG 2.2 AA — it’s a UI every team can work with confidence.Watch the 2-minute UI walkthrough Automation-first. API-Powered.If you can do it in the UI, you can automate it. Integrity X is built entirely on a RESTful API, which also powers the product itself. Use the UI to bootstrap API calls, explore parameters via OpenAPI spec, and even kickstart AI-assisted provisioning. Whether you're build

420

28 days ago

christopher.nielsenNetwork VIP Newbie

Integrity

V2 API create wildcard host record via address API /api/v2/networks/{collection-id}/addresses

I’m attempting to do a POST to /api/v2/networks/{collection-id}/addresses to grab an IP address and put a DNS name on it. This is working find except when I attempt to add a wildcard DNS entry like the following:{ "name": "*.example.net", ← This puts a name on the IPv4 address object "type": "IPv4Address", "state": "STATIC", "userDefinedFields": { "mnemonic": "OCP" }, "resourceRecords": [ { "type": "HostRecord", "absoluteName": "*.example.net", ← This should put a host record into the example.net zone "views": [ { "id": "93864" } ], "userDefinedFields": { "mnemonic": "OCP" } } ]} { "status": 400, "reason": "Bad Request", "code": "InvalidFullyQualifiedDomainName", "message": "The value for resource field 'resourceRecords[0].absoluteName' is not a valid fully quali

302

1 month ago

moni.veroneseCommunity Manager

Integrity

Introducing BlueCat Integrity XNew Release

We are thrilled to unveil the latest updates in our product lineup: BlueCat Integrity X, 25.1. This release represents a transformative step forward in our DNS, DHCP, and IP address management solutions. It empowers IT teams seeking a single platform for complete visibility and control over critical network services.What’s new with Integrity X?At BlueCat, we are committed to creating a unified, intuitive DDI management platform built for the future. Integrity X represents a monumental leap forward in our DDI partnership with customers: it is an innovative release that highlights our unwavering commitment to developing resilient and future-proof solutions that scaleWe’re not just here to help complete manual DDI tasks; we’re here to ignite a visionary transformation, enabling our customers to reimagine how they accomplish work with remarkable speed and efficiency using automation. We’re proud to deliver a release that provides a UI/UX that bridges the gap between manual DDI management a

1793

1 month ago

tmaestasActive Endpoint

Integrity

Integrity GSSTSIG support

Since ISC has announced the deprecation of the tkey-gssapi-credential and tkey-domain configuration statements in BIND, both of which are used by Integrity’s current GSSTSIG implementation, can we PLEASE use the refactoring opportunity to get better support for multi-realm GSSTSIG and keytab management? We currently have to use postDeploy.sh scripting to get the resulting configuration that we want (jettisoning the BAM-generated single-realm keytab and substituting our own, commenting out the BAM-generated tkey-gssapi-credential and tkey-domain statements, and substituting a tkey-gssapi-keytab statement). Ideally BAM should either A) natively support generating a keytab that contains the needed principals and referencing it via the tkey-gssapi-keytab configuration statement (which is ISC’s go-forward requirement) or B) allow the user to import their own keytab and reference that (as other competing products do).I’m sure I have a feature-request for multi-realm support floating around

100

1 month ago

Community Overview

Welcome to the community overview section. Here you can find news, welcome resources and introduce yourself.

Getting started

9 topics

Introduce yourself

1 topic

Discuss anything

Here is your space for discussion on anything - especially if not related directly to BlueCat or BlueCat products. Ask away!

General community discussion

6 topics

Ask a network pro

2 topics

Community fun

2 topics

Discuss BlueCat products

Find a dedicated community space for any BlueCat product you use. Find answers, start conversations, help others and get to know your fellow product users.

Integrity

25 topics

Micetro

3 topics

Gateway & Adaptive Apps

2 topics

BlueCat Infrastructure Assurance

1 topic

Edge

2 topics

LiveAction

0 topics

dittmanAuthenticated Nodes

Integrity

Let's Encrypt Certs in 25.1 vs. 9.6.1

5213

26 days ago

william.myers1Network VIP Newbie

Integrity

Looking for advice and inspiration for DHCP DNS & DDNS Domain Configuration

Greetings,I’m looking for recommendations and best practices regarding DHCP-scoped DNS domain assignment across different segments of our environment.Specifically, I’d appreciate guidance on configuring the following DHCP options: Domain Name DDNS Domain Name Domain Search For those of you managing medium to large environments: are you using the same values across internal LAN, Wi-Fi, Guest, and IoT networks? Or do you define zone-specific values like wifi.contoso.com, internal.contoso.com, guest.contoso.com, iot.contoso.com, etc.?Currently, our global DHCP configuration looks like this: Domain Name: contoso.com DDNS Domain Name: mydomain.contoso.com Domain Search: undefined My assumption is that the Domain Name and DDNS Domain Name should ideally match—or at the very least, both should be included in the Domain Search (Option 119) if they differ.I’m also assuming that BYOD and guest networks should ideally have their own distinct DDNS zones, separate from the Active Directory

671

1 month ago

dittmanAuthenticated Nodes

Gateway & Adaptive Apps

BSUS and service overrides

For anyone out there using BSUS, how many services do you have in override mode and of those, are you managing them using scripts or manually?

713

1 month ago

dominik.krausNetwork VIP Newbie

Gateway & Adaptive Apps

Global Server Selector Custom Healtchecks

Hi Community, we are planning to implement the Global Server Selector and as of now i’m wondering how the custom healthchecks are working. We can archive what we need we the onboard healthchecks but I’m curious how the custom healthchecks are working since it is no where described how to really implement one. Has anybody already implemented a custom healthcheck and can share more insights on them? Thx

865

3 months ago

dittmanAuthenticated Nodes

BlueCat Infrastructure Assurance

New to BCIA

We are going to roll out BCIA, so if anyone has any good tips I’d love to hear them.

552

4 months ago

Welcome to the BlueCat Network VIP Community

Featured Topics

Get started

Ask a question

Join a group

Community Overview

Getting started

Introduce yourself

Discuss anything

General community discussion

Ask a network pro

Community fun

Discuss BlueCat products

Integrity

Micetro

Gateway & Adaptive Apps

BlueCat Infrastructure Assurance

Edge

LiveAction

Unanswered questions

Here for a specific product? Jump right into posting

Click on the product you'd like to start a conversation or ask a question

Integrity

Micetro

LiveAssurance

Edge

Gateway

LiveWire

LiveNX

LiveSP

Recent activity

It's great to have you

Welcome to the BlueCat Network VIP Community

Featured Topics

Unanswered questions

Here for a specific product? Jump right into posting

Click on the product you'd like to start a conversation or ask a question

Recent activity

It's great to have you

Sign up

Login or Create an Account:

Login to the community

Login or Create an Account:

Scanning file for viruses.

This file cannot be downloaded