Reply
Accepted Solution

Automated Host record vs A and PTR creations

Jest4kicks
Techie
Posts: 2
6264     0

Hey All,  we're deploying a private cloud automation solution (vmware vRA) and we're using a workflow that will auto-create records within Infoblox.

 

Currently, vRA creates a Host record in IB, but the VMs are still configured to register themselves in DNS (and the range in IB is configured to allow this).  You might know where this is going; the Host record is getting replaced with respective A and PTR records when the DDNS registration from the VM occurs.

 

As I see it, I can either turn off DDNS updates (either in the VM or for the entire range), or I can abandon the idea of using Host records for these systems.

 

Has anyone else dealt with this?  Either option has its downsides, and I'm not sure that I prefer one of the other.

Re: Automated Host record vs A and PTR creations

Expert
Posts: 227
6265     0

Try enabling DNS record protection, from the admin guide....

 

Restricting Updates to Static Records
This method prevents updates to all RRsets containing static records at once in the Grid, DNS view, or zone. To prevent updates to specific static records, see Restricting Updates to Protected Records on page 989.
To restrict updates to all static records in the Grid, DNS view, or zone:
1. In the Grid DNS, view, or zone properties, click Updates -> Advanced.
2. To override the inherited properties, click Override.
3. Under Secure Dynamic Updates, select Prevent dynamic updates to RRsets containing static records.
4. Click Save & Close.

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE

Re: Automated Host record vs A and PTR creations

Jest4kicks
Techie
Posts: 2
6265     0

I like this idea, though I'm wondering if there's any way to do it on a smaller scope than an entire DNS zone.  The systems we are auto-provisioning are all going in a specific set of VLANs.  Is there any way to scope this kind of protection at that level?

Re: Automated Host record vs A and PTR creations

Adviser
Posts: 200
6265     0
If you assign a MAC address to a host object, that will stop it from breaking into an A and PTR when an update is attempted but it will not stop additional A records from being added (for example, if a client decides that it wants to add a second A record due to another IP on another interface). The MAC address just has to contain data (even all 0’s will work).

Re: Automated Host record vs A and PTR creations

Expert
Posts: 227
6265     0

Restricting Updates to Protected Records
You can restrict updates to the records of your choice, by marking them as protected. You can do this for both static and dynamic records. The Resource Record Viewer displays the protection status of the records in the Protected column: Yes or No.
You can protect the following record types:
• A record
• AAAA record
• CNAME record
• DNAME record
• MX record
• NAPTR record
• PTR record
• SRV record
• TXT record
• Host record
For all the above mentioned records except the host record, you can change the type from static to dynamic and back, if required.
To restrict updates to protected records:
1. In the DNS Resource Records viewer, select a record or multiple records.
2. In the Toolbar, select Protect Records -> Enable Protection.
Or
In the properties dialog for a record, click Updates, select the Protected check box, and then click Save & Close.
3. Enable updates prevention at the corresponding level:
a. In the Grid DNS, view, or zone properties, click Updates -> Advanced.
b. If necessary, click Override to override the inherited properties.
c. Select Prevent dynamic updates to RRsets containing protected records.
d. Click Save & Close.

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Showing results for 
Search instead for 
Do you mean 

Recommended for You