06-22-2016 05:53 AM
We have Infoblox DNS and there is a need to have a Windows DNS as well.
Can any one advice, How to integrate the Infoblox DNS with Windows DNS (the windows DNS must be AD integrated)?
06-27-2016 11:48 AM
You could make youre infoblox grid primary DNS and allow DNS updates from your microsoft hosts into the dns zones. Point youre microsoft users to use the infoflox as it's dns servers. And you can make youre MS dns servers secondary(slave) nameservers to your infoblox grid. Doesn't have to be AD integrated as long as allow your domaincontrollers, clusters, exchange, sql to be able to register their resource records into the dns primary zones on your infoblox (allow DDNS updates with or without an acl)
06-27-2016 02:51 PM
As suggested there are many options depending on the specific requirements and desired outcome. My suggestion would be to have a detailed conversation with your Infoblox account team and they can guide you on the best course of action.
Either way, the Infoblox solution is very flexible and can likely accomodate what you need. Ultimately either Infoblox or MS will need to be the authority for the specific domains in question. Which is primary and how to handle updates, changes, etc all depend on the requirements.
09-30-2019 04:41 PM
I am hoping for some clarification on the Windows DNS/on a Domain Controller(s),
Infoblox DNS, and DDNS. We are not using DHCP. We are using the DC(s) for DNS on our Windows domain.
We are using DNS in infoblox for other devices in our network.
I have discovered that if I enable DDNS updates on infoblox, and add the ip for the ACE, the client will register in infoblos DNS as Dynamic. So far so good.
But the main goal is to have boxes on our windows network, that are currently using DNS on the Windows domain controller(s) [Primary and Secondary] register via DDNS in infoblox.
I did add both domain controllers as secodary External DNS to infoblox, but this broke the DNS for our non-windows environment.
Did I miss a setting? Or is this not possible without obtaining the Infoblox AD Microsoft Managment License?
Thanks for a great resource,
10-01-2019 04:48 AM - edited 10-01-2019 04:50 AM
For any specific zone, updates are handled by the DNS primary for that zone. The DNS primary of a zone must be on Microsoft or on Infoblox, not both. If you have a primary on both, they will be separate databases for that zone, holding separate records. And you will have a lot of problems!
Either keep the primary on Microsoft, or migrate the primary to Infoblox. Migrating is not a task to be taken lightly, I don't reccomend it for someone just getting started with DNS.
10-01-2019 08:15 AM
Thanks for the reply. It seems that I cannot do what "they" want. Your statement about the primary DNS, and you can/should only have one (1) makes sense.
Here is a description of our situation (hope this is the correct forum? maybe IPAM/DNS/DDNS).
We have two PDCs, a primary and a secondary. These DCs allow domain access to testnet.net.
This is for Windows computer login.
I inherited this configuration - and do not now the reasoning behind the way things are set up.
We have two Infoblox servers. They are members of the grid, and ddi-one.testnet.net is primary grid master, and
ddi-two.testnet.net is grid secondary.
The infoblox servers are not used for Windows domain DNS, but used as DNS for other devices - we have routers, switches, firewalls, ASA, etc that are added to IPAM as static IP addresses, via the "Containter,Network,Subnet"
So from what you say - we already have two Zone databases, one for windows, and one for the nios appliances.
We have the Windows DCS registered in infoblox with static addressing (I would guess they do not need to be there). We have no exteranl secondaries.
I can configure infoblox for DDNS - and use an ACE for an IP - and get DDNS updates from that IP, whether or not the machine is in the domain (testnet.net). Is there any value in this? If someone wanted to use infoblox for DNS for windows clients - would the best route be the Microsoft AD integration license?
So you can see my confusion here! I am open to insults or assistance.
10-01-2019 08:38 AM
You said open to insults : Oh dear. You replied to a 3+ year old thread, in the API forum, for a DNS / IPAM question. Yes, it is is better suited for the DNS/DHCP/IPAM forum but even that's a stretch. If you do post over there, I would recommend starting a new thread. Use example versions of your zone names and such, for clarity. Describe which zones are running in Windows and which are running on Infoblox. Okay, end of insults
Do you have an Infoblox account team? I would reccomend reaching out to them for assistance, this sort of work is more complicated and required more in-depth than a web forum allows. This is the same advice SSalo gave to the original poster.