Noob alert. Not new to IT, but Inofblox was sort of handed to me. My background is in another area. You've all heard the story.
We're merging/collapsing two networks into one. One task that we've received to support an initial phase, is to create dns forwarders so Network1 (our corporate) can query for hosts on Network2 (satellite), using Network2's DNS servers. All changes are within internal DNS; I don't wish for any queries of Network2 to reach the internet.
I tried a simple dns forwarder, no results. A peer said, "hey, the new setup should be just like xyz."
I went to xyz, which is an Authoritative Forward Zone, and duplicated its structure in my new object. Still doesn't work for resolution. The name servers tab of the new zone reads like this:
Name IP Address Type Stealth TSIG
Network1 name server 148.x.x.x Grid Secondary No No
Network2 ns1 123.x.x.x Ext Primary No
Network2 ns2 123.x.x.x Ext Secondary Yes
Network2 ns3 124.x.x.x Ext Primary No
Network2 ns4 124.x.x.x Ext Secondary Yes
When I attempt to resolve 'box1' both my name server and ns1 come back non-existent. When I query 'box1.Network2' and send it to Network2's ns1, it returns an IP for hte FQDN.
I must be missing something very simple, since no errors or warnings come up. But nothing gets forwarded on its own to Network2 dns servers. The stealth settings are a complete shot in the dark, I'm sorry to say.
Lastly, I believe I followed the Admin Guide in setting this up, so I have gone through. If you see a glaring mistake, please let me know.
11-02-2015 12:09 PM
Welcome to the community. "Classic" first post. Appreciate you posting, and let us know how we can help as you dig deeper into the Infoblox deployment. (I'm sure a few responses are enroute...).
11-02-2015 01:18 PM - edited 11-02-2015 01:23 PM
I think your are close to it.
Please could you make sure zone transfers are allowed between your external primary and the grid secondary ?
I suspect this is your issue: the zone exists but is not populated with the external records, hence your NXDOMAIN reply.
The "stealth" option simply states that NS records should not be added to the SOA record of the zone for the marked servers.
11-02-2015 01:52 PM
;-) While I was waiting (for support to validate my customer number), one engineer who has visibility into the satellite's Active Directory DNS, took a snapshot of the unchecked "allow zone transfers" button.
We're following up with our opposite numbers on the satellite end. If we're still not working, I'll check back here tomorrow.