08-01-2016 10:25 AM
New user to Infoblox, and DDI in general really. Previous employer had a heavy Bluecat implementation but I was not involved in the install. Currently in the process of deploying Infoblox. Our target setup is as follows, and I'm wondering whether there are many people out there running the same kind of thing.
-IPAM and DHCP 100% Infoblox Managed
-DNS Remains in AD on MS servers but with dynamic update capability for DHCP hosts
-Ability to reserve IPs in IB but create A and PTR Records in AD DNS at the same time, preferably through use of IB host records (eventually via API for server guys)
I've run across the notification that you can't create hosts in non-IB managed zones so I'm wondering what the best way around this is and what others are doing. I can't imagine we're the first/only company to want to deploy it this way so I'm hoping someone won't mind offering their experience in this regard.
Solved! Go to Solution.
08-01-2016 01:22 PM
We have a similar setup, but with a mix of DNS zones hosted on AD with DDNS and hosted on Infoblox that are both static and DDNS GSS-TSIG updatable.
The answer is, Infoblox makes this kind of environment easier to manage but there is still a good deal of logic that you either need to build into a front end API or will need to stay with the Admin’s that are making the assignments.
There is no easy way around the fact when an IP is assigned out of IPAM something has to make the decision if an A and PTR, only A, only PTR or a host record needs to be created. There is no magic logic button to help with matching the record types depending on where the different DNS zones are hosted. Some bad attempts will error out but most will happily go into IPAM and not be what is really needed.
The Microsoft management license allows you to manage all the zones through one API \ GUI but from what I’ve seen bringing a “new guy” onto the team recently, it actually adds to the confusion of what record types are needed when. With the Microsoft license, all the zones appear the same and there is a good deal of frustration as to why this host record can be created and why this one cannot.
It sounds like in your environment the decision points are fewer than ours so a front end API call that creates the IPAM record (host, fixed address reservation) and creates the A and PTR in your other zones would be the way to go.
08-02-2016 05:59 AM
thanks for your reply, and that makes a lot of sense. I mentioned that we want to use the IB Host records but in actuality you hit the nail on the head, it doesn't necessarily need to be a real IB Host record per se, I just need the same functionality.
I am the primary admin that will be making the assignments, along with one or two others. The other members that will eventually be making their own assignments are the server guys who will be writing to the API anyway so the GUI really isn't much concern to them. Because of this, I can already accomplish what I'm looking for manually, but I'd like to somehow get it wrapped into one fell swoop to reduce the number of mouse clicks needed to get it done. The primary reason for this purchase was automation and time savings.
We do have the MS Management license, but the architecture around how to set up my grid to play nicely with my existing AD environment still isn't 100% clear to me. I guess I've got some Admin Guide reading ahead of me.
I haven't even come close to playing with the API yet. I'm very much a network guy that has had this responsibility shifted to me, and far from a software/server guy. Though that dynamic seems to be changing lately.
08-04-2016 10:14 PM
Host records are an Infoblox proprietary... While using the MS license you can add the MS DC's running DNS to Infoblox which are capable enough to sync the DNS or DHCP data from the DC. ONce this is setup and in read/write mode you can create A records in Infoblox which will create the PTR if checked which will be synched with DC... This is will help in one management through the Infoblox Gui and the IPAM get updated too.
08-09-2016 08:46 AM
That's looking like the way it's going to have to be. I would imagine then the right way to do it would be for each record, add an IPv4 reservation (to take care of the IPAM portion) and then add an A and the corresponding PTR record afterward. Obviously setting up an API call to do all 3 in one shot would be nice, but I'd be satisfied with even manually adding so long as it worked properly.
08-10-2016 10:50 AM
Or, do I even need the reservation? It looks like simply having the A and PTR record marks the address as used in the IPAM section...so it shouldn't be necessary I guess...
08-10-2016 10:54 AM
08-10-2016 11:15 AM
And if you add a DNS record or a DHCP reservation, but set the record as 'disabled' or 'not enabled for DNS' etc, it will also flag the address as 'used'
08-11-2016 12:11 PM
Interesting...so just by virtue of adding the A record, which can automatically add the PTR as well, the IPAM reservation is made with no additional effort.
That information quite accidentally seems to have fixed all the issues I have so far haha. Thanks again guys.