02-15-2018 06:22 AM
Hi, I am trying to set up AXFR of several zones to a 3rd party DNS provider to act as a secondary dns provider. Ive allowed Zone transfer to in the zone on the Dashboard to the ip given to me by the provider as a Set of ACE's. Ive also added all of my infoblox ns records to the 3rd party as a primary source. that does not work. Ive also added the providers IP as allowed querie from in the Set of ACE's btu that does nto work either. I added my local machines IP using the same steps to access the same using dig commands, does not work. What needs to happen to do a simple AXFR?
02-20-2018 11:04 AM
The name servers that will be pulling the zone data should be configured as External Secondary name servers within the Name Servers section in the properties for the zone. Your Infoblox server(s) should be assigned as a Grid Primary. Be sure to restart services once any changes being made are complete.
The allow-transfers ACL will be automatically updated so no further changes are required on the Infoblox side, though you may want to make sure that your firewall is not restricting port 53 on UDP and TCP. Zone transfers are done across port 53.
Your DNS provider would then need to configure their name servers to point at your Infoblox server(s), setting the Infoblox servers as the primary/master for the zones in question. Once properly setup, their servers will first query out for the zone in question and this will go out across UDP port 53. Assuming that things are working properly, their name servers would then attempt a zone transfer and this will use TCP port 53.
Everything will be initiated by their name servers, not yours. If you never see any attempts from their servers, then either a firewall is blocking the attempts, or their servers are not setup properly. You can track attempts for zone transfers (AXFR and IXFR) through the system logs on your Infoblox server which is assigned as the primary in the Name Servers configuration for the zone. If you know when they are attempting zone transfers, you may also be able to use the Traffic Capture tool to capture the packets in real time.