07-01-2020 07:15 AM
We have created 2 separate view for INTERNAL and EXTERNAL DNS. The 2 views have the same zone but DIFFERENT Infoblox appliances are authorative for each.
For e.g., zone abc.com exists in both Internal and External views.
In 'Internal DNS' view, NIOS appliance X is authorative for it.
In 'External DNS' view, NIOS appliance Y is authorative for it.
- Do I need to still set up 'match clients' for each view even though the zone is mapped to different appliances in each view?
- For some reason, all my grid appliances (even the ones serving external DNS) are mapped to the 'Internal DNS' view ( may be because it was the default view and we renamed it and added the second view later).How can I dissociate the external DNS appliances from the internal view and associate them to the external view? Is there a need to do so?
07-15-2020 06:06 AM
I have the same scenario and created two different DNS-Views.
You need to sort the DNS-Views manually on the Grid-members that should host them.
You only need match clients if you host multiple DNS-Views on a single member.
The external dns servers shouldn't be able to do recrusive queries, otherwise your dns-servers might be used by any client out there in the internet.
07-28-2020 03:39 AM
Thank you for responding.
Do you have any experience with the second issue I mentioned :
- For some reason, all my grid appliances (even the ones serving external DNS) are mapped to the 'Internal DNS' view ( may be because it was the default view and we renamed it and added the second view later).How can I dissociate the external DNS appliances from the internal view and associate them to the external view?
07-30-2020 09:38 AM
Regarding the match-clients/match-destination config, this is not required if each server/member is using only one view. But there are scenarios where it would come in handy.
Regarding appliances serving multiple views-
If you assign a zone in a particular view to a member- that view will be served by that member; that is what we'd expect. However, if no zones from a view are assigned to a member, the member can still serve that view if recursion is enabled. See if you can remove it from [ Data management -> DNS -> members -> edit member (member DNS properties) -> "Recursive views assigned to this member" (advanced mode should be enabled to see this tab) ]
Not only that, if match-clients/match-destination is not configured and a member is serving more than one view, all queries will fall in the first view (refer same page as aboe, section "Order of DNS views" or review config file)