11-14-2018 02:59 PM
We have a small company that is 99% a Microsoft environment and the decision was made to move to Infoblox for DDI. We currently use Microsoft Active Directory integrated DNS, and have already moved DHCP and IPAM to the Infoblox appliance. In Microsoft DNS we have always used the feature that only authenticated devices can perform a secure DDNS update. My plan was to allow the Infoblox DHCP to perform DDNS updates as well as setup the two domain controllers to perform GSS-TSIG updates as well. I can't for the life of me to get that to work correctly!
How dangerous would it be to just restrict the DDNS to only the domain controllers and Infoblox DHCP server? What about allowing all any device to make DDNS updates? (The Infoblox only servers internal domain clients, no guests).
What is the best practice for DDNS when running a Microsoft company fully from an Infoblox DDI?
11-14-2018 10:30 PM
When using Infoblox DHCP to update External Domains, Microsoft DNS in your case, you would have to set up the “Configure DDNS” with the Forward and Reverse mapping zone details as well as the GSS-TSIG key. Please refer to the “Sending Updates for Zones on an External Name Server” section of the NIOS Administrator Guide.
Since your Microsoft DNS is set to accept Secure updates only, you would also have to configure GSS-TSIG in Infoblox DHCP Server, as the Infoblox DHCP server needs the GSS-TSIG keytab to have the DDNS Updates authenticated by Microsoft DNS server. You can refer to the “About GSS-TSIG” section of the NIOS Administrator Guide.
You can also go through the following community article with regards to DDNS GSS-TSIG Updates, it discusses GSS-TSIG Keytabs.
If you have done the above set up and are still unable to get the DDNS Updates through, perhaps you could share with us the Error message that you are receiving in the Syslog of Infoblox DHCP Server? You could also create a ticket with Infoblox Support to expedite resolution.
Ideally, you only need to allow either the DHCP Server to perform the updates or the Clients as there might be potential conflicts that could occur while both the Client and the DHCP Server tries to update the same record. As you are using Secure updates, it would be more convenient to just let the DHCP Server do the updates.
2 weeks ago
Hey, if you need designing for a system you guys working on then we are here to help you in this regard. We are delivering web design services all over the world also we can do designing for such systems. You can get help from us by paying a small amount we are charging to help others in their projects.
2 weeks ago - last edited 2 weeks ago
We have a little organization that is 99% a Microsoft domain and the choice was made to move to Infoblox for DDI. We as of now utilize Microsoft Active Directory incorporated DNS, and have officially moved DHCP and IPAM to the Infoblox machine. In Microsoft DNS we have constantly utilized the component that just verified gadgets can play out a protected DDNS update. My arrangement was to permit the Infoblox DHCP to perform DDNS refreshes just as setup the two space controllers to perform GSS-TSIG refreshes also. I can't for the life of me to get that to work accurately!
How perilous would it be to simply confine the DDNS to just the area controllers and Infoblox DHCP server? Shouldn't something be said about enabling all any gadget to make DDNS refreshes? (The Infoblox just servers inward space customers, no visitors).
What is the best practice for DDNS when running a Microsoft organization completely from an Infoblox DDI?