Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

DNS DHCP IPAM

Reply
Accepted Solution

Delegation Zone now direct client to the auth ns

[ Edited ]
Authority
Posts: 25
329     0

Hi Team,

 

Now i'm having problem in creating delegation zone, this are the detail about the scenario:

 

1. domain abc.co.id

2. Primary ns of abc.co.id is ns1.abc.co.id 192.168.2.3

3. subzone sub.abc.co.id

3. Primary ns of sub.abc.co.id is ns5.abc.co.id 192.168.2.4

 

I've created delegated zone sub.abc.co.id under abc.co.id with targeted ns is ns5.abc.co.id 192.168.2.4

 

after creating the delegated zone, i try to dig a record unde sub.abc.co.id, but the dig result is show like below:

 

dig @192.168.2.3 pc10.sub.abc.co.id

; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> @192.168.2.3 pc10.sub.abc.co.id
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 990
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 54873c4aa8c9483b061804055da77fcb9d6a48c0a47f77de (good)
;; QUESTION SECTION:
;pc10.sub.abc.co.id. IN A

;; AUTHORITY SECTION:
sub.abc.co.id. 28800 IN NS ns5.abc.co.id.

;; ADDITIONAL SECTION:
ns5.abc.co.id. 28800 IN A 192.168.2.4

;; Query time: 1 msec
;; SERVER: 192.168.2.3#53(192.168.2.3)
;; WHEN: Wed Oct 16 20:38:49 DST 2019
;; MSG SIZE rcvd: 109

 

after it resolve the ns ip, the client didnt query to the ns5.

 

Please your advice

 

Thanks

Re: Delegation Zone now direct client to the auth ns

[ Edited ]
Authority
Posts: 25
330     0

I try to enable recursive, and it resolves the pc10.sub.abc.co.id. Is it possible to do delegation without enabling the recursive?

 

Thanks

Re: Delegation Zone now direct client to the auth ns

Moderator braj
Moderator
Posts: 39
330     0

Hello there,

 

When Recursion is not available, Infoblox DNS Server would only be able to provide a Referal to the NS of the Delegated Zone. This is by design. 

 

If you would like to have the DNS Server resolve the Query and not just provide the Referral then you would have to Enable Recursion.

 

Regards.

Re: Delegation Zone now direct client to the auth ns

Authority
Posts: 25
330     0

Hi Braj,

 

So there is no different between forward zone and delegation zone, isn't it? both zone need the recursion to be enabled if we expect the client get the IP of targeted record?

 

Thanks

Re: Delegation Zone now direct client to the auth ns

Moderator braj
Moderator
Posts: 39
330     0

Hello,

 

Forward Zones and Delegations are inherently different and they function in a different way. A Delegation can give NS referals however a Forward Zone can not.  

 

Please refer to this Community Thread which discussed Forwarder vs Delegation which might clear your doubts.

 

Regards.

Showing results for 
Search instead for 
Do you mean 

Recommended for You