Locking DNS records from deletion
We have a cname that many other cnames are pointing to that was deleted recently. Is there a way to lock specific records from deletion, even by admins/superusers or at least have a prompt to unlock before deletion? Looking to prevent this from happening in the future for a select few records.
Thanks
Answers
-
You can't stop a superuser from deleting that record. You could put a warning text in the comment field, but that is about it I believe.
You can stop any other admin from deleting that record though. I just created a user in my lab with the default role 'DNS Admin'. In the permission profile I added an object permission on a specific CNAME with permission read-only. This administrator was able to make any change to the zone, except for editing / deleting this CNAME record.
In your case, a solution would be to create a role with every permission on read-write, except for this one specific object permission. Then change your superuses from superuser to this role.
I would advise to keep one superuser account with a long and secure password and put it in a vault
0
Categories
- All Categories
- 5K Forums
- 4.6K Critical Network Services
- 463 Security
- Visibility and Insights
- Ideas Portal
- Webinars & Events
- 265 Resources
- 265 News & Announcements
- Knowledge Base Articles
- Infoblox Documentation Portal
- Infoblox Blog
- Support Portal
- 4 Members Hub
- 4 Getting Started with Community
- Community Support