07-25-2018 12:06 PM
Ok, here's the latest issue. There are about 12 sites that when going out through one of our specific pipes (3), the traffic does not route back to us hence the sites do not work. We have 3 internet pipes, Atlantech Online, Max (I2) and Century Link. We own a complete Class B set of addresses but have broken them up into 3 slices which give us 3 failovers via IBGP and EBGP. Recently, my organization contracted with Cisco's OPENDNS which geographically identifies the closest content provider and sends the response address back into our networks requesting client.
What we're finding is that traffic destined back "through" the Century Link provider hits a transit network pronounced Zayo and dissappears. Things for us were working absolutely fine before the Use of the Umbrella product and when we point forwarders to general DNS controllers for the 12 sites, regardless of internet pipe on exit, the address is always reachable and the clients stay happy. What I'd like to do is have our controller that forwards to this umbrella product, actually query 18.104.22.168, or 2 or 3 or 4, for the records from these 12 sites and keep those host records on our Infoblox controller mitigating the need for the umbrella service just as it pertains to these sites.
I've tried working with customer ISP's to Zayo to get the routing resolved but that has thus far proven a moot point. I don't know if what I'm asking is possible, but it would be a tremendous advantage if I were in fact able to receive instructions on how to do what I'm asking here if it's Possible.
Anxiously awaiting a miracle....
07-27-2018 08:33 AM
What you are trying to do here is not entirely clear. In the subject for this thread, you mention importing specific records while in the thread itself, forwarding is mentioned.
Regarding zone transfers: Zone transers will pull in all data from the source server. The source server controls the data being transfered and there is no mechanism to limit what records are transfered.
Getting into the details in what you shared here, the following stands out:
What I'd like to do is have our controller that forwards to this umbrella product, actually query 22.214.171.124, or 2 or 3 or 4, for the records from these 12 sites and keep those host records on our Infoblox controller mitigating the need for the umbrella service just as it pertains to these sites.
There may be more than one way of handling this but generally, when you are talking about public DNS servers like the ones you referenced here, you are not the 'owner' of the data being queried so this would limit you to forwarding. If there is a specific zone that you want to go out to a specific server, you would add it as a forward zone. You can forward it to a public DNS server but really, what you should do is allow everything to iterate out without going through Umbrella and then do conditional forwarding to Umbrella so that only the resources that you want to go through there do so.
Hope this helps.