Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API & Integration, DevOps,NetOps,SecOps

Reply

DNS Permissions, but only for specific Network Container

Guru
Posts: 26
3290     0

I have an IPV4 Network Container of size /16 defined. This container is not further defined into one or more IPV4 Networks, as there is no nability to provide further IPAM/DHCP objects for the container. There are smaller containers in the parent container.  I can define networks if need be, but would prefer not to.   There is a bulk Host record defined for the entire bloc of IPs in the parent container.

 

The IP space is assigned to my primary internal DNS zone.  I wish to allow a API service account the ability to create and remove Host records for any IP that lives in this Container, but nothing more.

 

I have figured out how to allow access to only the internal DNZ Zone.  I have figured out how to allow RW access to only Host records.  WHat I haven;t been able to figure out is how to add a permission that limits this account /role to internal Host records in the network container. 

Is this possible?

 

Example: 

 

Internal zone: fred.org

Network Container: 172.16.0.0/16

Object Type: IPv4 Host Records

 

 

Re: DNS Permissions, but only for specific Network Container

Moderator
Moderator
Posts: 287
3290     0

Check out the admin guide section “Configuring Permissions for DNS Resources in Networks and Ranges”.

https://docs.infoblox.com/display/nios85/Administrative+Permissions+for+DNS+Resources+with+Associate...

 

Take note of the CLI command "set dns_perm_for_nw" which is required for this to work properly.

 

Once applied, the permissions ought to work the same whether creating records by GUI or by API.

Re: DNS Permissions, but only for specific Network Container

Guru
Posts: 26
3290     0

The solution presented only appears to be valid for v8.5.We're running 8.4.7.  To be honest, I'm having issues understanding the new documentation schema.  The online docs for 8.4 do not seem to be as searchable as previous versions.

 

What is the impact upon the GM and other nodes if this command is applied?

Re: DNS Permissions, but only for specific Network Container

Moderator
Moderator
Posts: 287
3290     0

This is also available in 8.4.  I don't disagree, I used the PDF version of 8.4 docs to search for it.

Re: DNS Permissions, but only for specific Network Container

[ Edited ]
Guru
Posts: 26
3290     0

OK, I'm getting closer.  I found the correct docs and I've been able to alter the grid properties to allow what I want, now I'm attempting to figure out all of the correct permissions. 

 

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You