Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

DNS DHCP IPAM

Reply
Highlighted

Creating an Authoritative Forward Zone

[ Edited ]
Techie
Posts: 3
8632     0

Noob alert.  Not new to IT, but Inofblox was sort of handed to me.  My background is in another area.  You've all heard the story.

 

We're merging/collapsing two networks into one.  One task that we've received to support an initial phase, is to create dns forwarders so Network1 (our corporate) can query for hosts on Network2 (satellite), using Network2's DNS servers.  All changes are within internal DNS;  I don't wish for any queries of Network2 to reach the internet.

 

I tried a simple dns forwarder, no results.  A peer said, "hey, the new setup should be just like xyz."
I went to xyz, which is an Authoritative Forward Zone, and duplicated its structure in my new object.  Still doesn't work for resolution.  The name servers tab of the new zone reads like this:

 

Name                                    IP Address                  Type                       Stealth       TSIG

Network1 name server         148.x.x.x                       Grid Secondary      No              No

Network2 ns1                       123.x.x.x                       Ext Primary             No

Network2 ns2                       123.x.x.x                       Ext Secondary        Yes

Network2 ns3                       124.x.x.x                       Ext Primary             No

Network2 ns4                       124.x.x.x                       Ext Secondary        Yes

 

When I attempt to resolve 'box1' both my name server and ns1 come back non-existent.  When I query 'box1.Network2' and send it to Network2's ns1, it returns an IP for hte FQDN.

 

I must be missing something very simple, since no errors or warnings come up.  But nothing gets forwarded on its own to Network2 dns servers.  The stealth settings are a complete shot in the dark, I'm sorry to say.

 

Lastly, I believe I followed the Admin Guide in setting this up, so I have gone through.  If you see a glaring mistake, please let me know.

 

S.O.

Highlighted

Re: Creating an Authoritative Forward Zone

Adviser
Posts: 244
8632     0

SoNeil,

 

Welcome to the community.  "Classic" first post.  Appreciate you posting, and let us know how we can help as you dig deeper into the Infoblox deployment.  (I'm sure a few responses are enroute...).

 

Best,

 

Eric

If you appreciate my efforts, please give me a kudo ↓ or Accept as solution to help others find it faster.
Highlighted

Re: Creating an Authoritative Forward Zone

[ Edited ]
Adviser
Posts: 63
8632     0

Hi,

 

I think your are close to it.

 

Please could you make sure zone transfers are allowed between your external primary and the grid secondary ?

 

I suspect this is your issue: the zone exists but is not populated with the external records, hence your NXDOMAIN reply.

 

The "stealth" option simply states that NS records should not be added to the SOA record of the zone for the marked servers.

Highlighted

Re: Creating an Authoritative Forward Zone

Techie
Posts: 3
8632     0

;-)  While I was waiting (for support to validate my customer number), one engineer who has visibility into the satellite's Active Directory DNS, took a snapshot of the unchecked "allow zone transfers" button.

 

We're following up with our opposite numbers on the satellite end.  If we're still not working, I'll check back here tomorrow.

 

Thanks!

S

Highlighted

Re: Creating an Authoritative Forward Zone

Techie
Posts: 3
8633     0

Requestors want to go back to a forwarder only.   Please disregard.

Showing results for 
Search instead for 
Do you mean 

Recommended for You