Historically, DNS has had no way of verifying IP addresses' authenticity, which puts users at risk of intentionally being sent to fraudulent pages. DNS Security Extension validation increases U-M security by ensuring the validity of DNS lookup and DNS records.
Phase 2, which we intend to complete by the close of 2021, is DNSSEC Zone Signing, which includes adding digital signatures to all U-M DNS records.
BlueCat Networks is the vendor U-M uses for a consolidated DHCP/DNS/IPAM solution. The university hostmaster provides these services at no additional cost as part of the larger networking services on campus.
These services allow units to assign and track IP addresses for computers, printers, IP phones, or other devices in an easy-to-use web interface via BlueCat Address Manager (BAM, formerly Proteus) and DNS/DHCP (BDDS, formerly Adonis). There is also an Application Programming Interface (API) using JSON/REST or SOAP, available from a variety of programming languages. Contact Hostmaster for more info.
BlueCat Network appliances were built with high availability in mind. There are multiple appliances located in core network locations and university Data Centers that will provide these services in the event of failures.
- Domain Name System (DNS) is an Internet service that translates domain names (e.g., its.umich.edu) into IP addresses.
- Dynamic Host Configuration Protocol (DHCP) is a protocol for automatically assigning IP addresses and other configurations to devices when they connect to a network.
- Internet Protocol Address Management (IPAM) is a database system for planning, tracking, and managing IP address space.
The system is designed to allow each unit to manage their own DNS and DHCP information. Access to BlueCat Address Manager is granted on completion of a short online training course (estimated 30 minutes). This online training course, along with other training documentation, can be found via our Training Google doc.