BlueCat's Network VIP Community | Connect with other DDI professionals

Recently active
Categories
Help others

Finding IP Blocks that (might) contain a CIDR block

We are working on a script to read route tables and with some automatic enrichment and human validation, add missing IP Networks (as IP4Network/IP6Network objects) to Integrity. Since creating a network requires providing the parent IP Block ID, I am wondering what the ‘right’ way is to find the parent for a CIDR range that may or may not exist as an IP?Network already in the IPAM database.I have tried the following:filter=range:contains(“204.0.113.0/24”) - which errors (because ‘contains’ doesn’t work with CIDR)filter=range:contains(“204.0.113.0”) - where I just take the lowest IP in the CIDR range. This works but seems sub-optimal to me for some reason. Maybe because I can’t be sure if the block fits the entire CIDR, though that seems unlikely to be a real problem in practice.I have also tried various forms of range:le and range:ge but (as documented) they only match on the prefix length and protocol (determined based on whether the address is v4 or v6), and so is not useful in this

467

2 days ago

NetAdminstatorNetwork VIP Newbie

Micetro

Micetro and Cloudflare

Is there an ETA for integrating Micetro DNS services and Cloudflare? Thanks,Mark

251

12 days ago

moni.veroneseCommunity Manager

Micetro

Upcoming webinar – Unified Branch for Smarter, Simpler Networking with Cisco and BlueCat

Join Cisco to learn about how Micetro works in Meraki environments. In this webinar, you’ll hear:Relatable stories from the field Practical insights on simplifying operations and maximizing ROI Clear answers to common branch networking challengesWhether you manage a handful of sites or thousands, see how Cisco and BlueCat together create a branch networking solution that’s ready for anything.

13 days ago

brian.pfielActive Resolver

Integrity

DDI Multi-primary

We're looking to install another site with recursive and authoritative DNS. I’ve done some looking into the multi-primary function though unsure if this is what we're looking for. The goal is to have this site’s DNS/DHCP intact in a disaster scenario where the primary data center is down or unreachable. I am only finding instructions on how to setup multi-primary roles on new zones without existing primary roles. In my attempt to test this I was not able to use or add a new multi-primary role to existing zone as it complains there is already a primary role. Looks like you would have to remove the existing primary role to add the new role, though not sure of the impact here.Can a multi-primary DNS setup function if the BAM is unreachable? How do you install multi-primary roles on existing zones with little or no impact to clients?

608

14 days ago

tmaestasVerified Resolver

Integrity

Race condition causing duplicate IP assignments via API

We have run into a situation where our virtual compute provisioning stack is experiencing duplicate IP assignments from Bluecat. They are POSTing to the v2 API endpoint /api/v2/networks/{collection}/addresses without specifying an address, allowing BAM to allocate the next available. When multiple requests are submitted in quick succession (within the same second) for the same network, BAM sometimes returns the same IP to both requests with an HTTP 201 code, causing the provisioning automation to assign the same IP to multiple VMs.Other than single-threading the provisioning (which is problematic if different stacks of provisioning automation are provisioning on the same networks) - are there any thoughts of how to avoid this and has anyone else run into it? This is supposedly confirmed as a defect and there was originally a recommendation to use the v1 assignNextAvailableIP4Address call instead - but when I pushed for assurance that this call would not suffer from the same suscepti

372

17 days ago

brian.pfielActive Resolver

General community discussion

API logging - REST v2 Logs

I’ve not had any success in using the compressed files like “restv2-diagnostics.log.9.gz”. The data is nothing like the v1 logs. It looks as though every line that is in the normal file has a folder named after it and another subfolder resulting in thousands of folders and subfolders with an empty file. It’s not usable. Has anyone figured this out?

454

19 days ago

rharoldeDNS/DHCP/IPAM at U of Michigan

Integrity

UDL - User Defined Link

I would be interested in how people are using UDLs in real life. I have not used them yet, but it seems like I probably should somewhere.

583

24 days ago

mark.mikhailProduct Marketing Manager

Integrity

Must-Have or Luxury? The Great DDI Metrics DebateLayer 8 Lounge

Must-Have or Luxury? The Great DDI Metrics DebateWhen it comes to running core network services like DNS, DHCP, and IP address management (DDI), operators are never short on data. Every server, lease, and query leaves behind a trail of metrics: CPU load, query rates, error codes, address utilization, and more. But in practice, not all metrics are created equal.Some teams rely on a small handful of KPIs to keep the lights on. Others build expansive dashboards to capture every detail. And that raises an important question: which DDI analytics are truly essential, and which are just “nice to have”?The metrics that divide opinions• Capacity and forecasting: Some say short-term utilization trends are mission-critical to prevent outages, while others think long-range forecasting is overkill.• Error visibility: NXDOMAINs, SERVFAILs, and other DNS signals can highlight misconfigurations or abuse, but do you need constant monitoring, or just alerts when thresholds are hit?• DHCP insigh

490

1 month ago

dittmanAuthenticated Nodes

Integrity

filter-aaaa-v4 in Integrity 25

I tried filtering AAAA responses per the KI 000016351 by adding this:plugin query "/usr/lib/filter-aaaa.so" { filter-aaaa-on-v4 yes;};I get the following error:root@bdds75a:/var/log# cat check-bind.log Fri Aug 29 14:15:21 UTC 2025/etc/named.conf:32: unknown option 'plugin'If I try without the plugin statement I get this:root@bdds75a:/var/log# cat check-bind.log Fri Aug 29 13:58:23 UTC 2025/etc/named.conf:32: option 'filter-aaaa-on-v4' no longer existsDoes anyone know the new way to do this in Integrity 25?

492

1 month ago

dittmanAuthenticated Nodes

Integrity

Let's Encrypt Certs in 25.1 vs. 9.6.1

I’ve upgraded my lab to 25.1 and have found that the Let’s Encrypt certs aren’t working as expected. I don’t see errors in Firefox or Chrome but code to check the certs are failing against 25.1 with the error “ Certificate validation error: FQDN-25.1 [unable to get local issuer certificate]” which lead me to test with curl.I’m wondering if anyone else is seeing the same issue or is this something I’m doing wrong.This is the error I see with “curl -v https://FQDN/”:root@bam:~# curl -v https://FQDN/* Trying 10.0.10.26:443...* Connected to FQDN (10.0.10.26) port 443 (#0)* ALPN: offers h2,http/1.1* TLSv1.3 (OUT), TLS handshake, Client hello (1):* CAfile: /etc/ssl/certs/ca-certificates.crt* CApath: /etc/ssl/certs* TLSv1.3 (IN), TLS handshake, Server hello (2):* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):* TLSv1.3 (IN), TLS handshake, Certificate (11):* TLSv1.3 (OUT), TLS alert, unknown CA (560):* SSL certificate problem: unable to get local issuer certificate* Closing connec

6913

1 month ago

Community Overview

Welcome to the community overview section. Here you can find news, welcome resources and introduce yourself.

Getting started

9 topics

Introduce yourself

1 topic

Discuss anything

Here is your space for discussion on anything - especially if not related directly to BlueCat or BlueCat products. Ask away!

General community discussion

6 topics

Ask a network pro

2 topics

Community fun

2 topics

Discuss BlueCat products

Find a dedicated community space for any BlueCat product you use. Find answers, start conversations, help others and get to know your fellow product users.

Integrity

28 topics

Micetro

5 topics

Gateway & Adaptive Apps

2 topics

BlueCat Infrastructure Assurance

1 topic

Edge

2 topics

LiveAction

0 topics

brian.pfielActive Resolver

tmaestasVerified Resolver

Integrity

Race condition causing duplicate IP assignments via API

372

17 days ago

dittmanAuthenticated Nodes

Integrity

Let's Encrypt Certs in 25.1 vs. 9.6.1

6913

1 month ago

william.myers1Network VIP Newbie

Integrity

Looking for advice and inspiration for DHCP DNS & DDNS Domain Configuration

Greetings,I’m looking for recommendations and best practices regarding DHCP-scoped DNS domain assignment across different segments of our environment.Specifically, I’d appreciate guidance on configuring the following DHCP options: Domain Name DDNS Domain Name Domain Search For those of you managing medium to large environments: are you using the same values across internal LAN, Wi-Fi, Guest, and IoT networks? Or do you define zone-specific values like wifi.contoso.com, internal.contoso.com, guest.contoso.com, iot.contoso.com, etc.?Currently, our global DHCP configuration looks like this: Domain Name: contoso.com DDNS Domain Name: mydomain.contoso.com Domain Search: undefined My assumption is that the Domain Name and DDNS Domain Name should ideally match—or at the very least, both should be included in the Domain Search (Option 119) if they differ.I’m also assuming that BYOD and guest networks should ideally have their own distinct DDNS zones, separate from the Active Directory

731

2 months ago

dittmanAuthenticated Nodes

Gateway & Adaptive Apps

BSUS and service overrides

For anyone out there using BSUS, how many services do you have in override mode and of those, are you managing them using scripts or manually?

723

2 months ago

dominik.krausNetwork VIP Newbie

Gateway & Adaptive Apps

Global Server Selector Custom Healtchecks

Hi Community, we are planning to implement the Global Server Selector and as of now i’m wondering how the custom healthchecks are working. We can archive what we need we the onboard healthchecks but I’m curious how the custom healthchecks are working since it is no where described how to really implement one. Has anybody already implemented a custom healthcheck and can share more insights on them? Thx

895

4 months ago

dittmanAuthenticated Nodes

BlueCat Infrastructure Assurance

New to BCIA

We are going to roll out BCIA, so if anyone has any good tips I’d love to hear them.

562

5 months ago

Welcome to the BlueCat Network VIP Community

Featured Topics

Get started

Ask a question

Join a group

Community Overview

Getting started

Introduce yourself

Discuss anything

General community discussion

Ask a network pro

Community fun

Discuss BlueCat products

Integrity

Micetro

Gateway & Adaptive Apps

BlueCat Infrastructure Assurance

Edge

LiveAction

Unanswered questions

Here for a specific product? Jump right into posting

Click on the product you'd like to start a conversation or ask a question

Integrity

Micetro

LiveAssurance

Edge

Gateway

LiveWire

LiveNX

LiveSP

Recent activity

It's great to have you

Welcome to the BlueCat Network VIP Community

Featured Topics

Unanswered questions

Here for a specific product? Jump right into posting

Click on the product you'd like to start a conversation or ask a question

Recent activity

It's great to have you

Sign up

Login or Create an Account:

Login to the community

Login or Create an Account:

Scanning file for viruses.

This file cannot be downloaded