Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Dhcp ddns option and dns grid properties updates option

Authority
Posts: 13
28872     0
We have grid master running dns and dhcp. I added DC ip in updates section in dns grid properties and the logs was appearing as denied from all the client machines and the dynamic records was not updated . Once i set the updates acl to any then the updates was working and can see the dynamic records in dns .

M confused between the two options i.e ddns updates in dhcp option n dns update option in dns grid properties.

Should we keep the dns update option as any or i have to enable ddns update in dhcp option as well as the permanent solution....

The zone transfer is configured and added DC IP but forwarding is not enabled ... also on DC the zone is not enabled and now it is secondary zone and we cannot see any dynamic records in secondary DNS i.e Microsoft dns

Plz advise what is the best option to configure to get the ddns .. can the client itself provide the dns updates the ways it is configured now will that work ?? As we have plan to remove dns server on Microsoft and only keep infoblox as dns

Re: Dhcp ddns option and dns grid properties updates option

Moderator
Moderator
Posts: 36
28872     0

Hello there,

 

"IPv4 DDNS" tab in the DHCP Properties is used when the Infoblox DHCP Server needs to send DNS Updates to the DNS Server.

 

Whereas, the "Updates" tab in the DNS Properties is used to specify the Clients that are allowed to update the DNS Server.

 

Based on the information provided by you, the current configuration seems to be that the Client machines are the ones that are updating the DNS Server and not the DHCP Server.

 

In this case, you would have to allow the Client machines that are trying to update the DNS records in the Allow Updates ACL (in Updates section of DNS Properties), which could be tedious.

 

If all your Clients are getting IP address from the Infoblox DHCP Server, then the ideal solution would be to consider allowing the DHCP Server to perform the DDNS Updates on behalf of the Clients instead. You can do this by configuring the “IPv4 DDNS Updates” section of Grid / Network / Range DHCP Properties.

 

For a DHCP server running in your Grid, this is allowed to update the DNS by default and uses a TSIG key for a level of security, which you can see in your DNS configuration file. This way you would not have to worry about adding numerous IPv4 Address or Networks to the Allow Updates ACL.

 

You can refer to “Enabling DDNS for IPv4 and IPv6 DHCP Clients” section of the NIOS Administrator Guide for detailed steps on configuring the DHCP Server to send DDNS Updates to the DNS Server.

 

If you choose to go this route, you can use ISC Transitional as the TXT record handling method for the time being as useful during migrations from systems that do not support the TXT record to systems that are ISC-based. The section titled "Configuring DDNS Update Verification" in the NIOS Administrators Guide covers how this works in detail so consider checking it out.

 

Hope this helps.

 

Regards.

Re: Dhcp ddns option and dns grid properties updates option

Authority
Posts: 13
28872     0

Hi braj

 

Thank you for the clarification , when you say For a DHCP server running in your Grid, this is allowed to update the DNS by default and uses a TSIG key for a level of security, which you can see in your DNS configuration file. This way you would not have to worry about adding numerous IPv4 Address or Networks to the Allow Updates ACL.......i have DHCP Server running on grid master who is running DNS server as well..i.e. same appliance so this is also the same you have mentioned in the GRID right or you are referring to another appliance in the Grid .....

 

In My case DNS and DHCP server is running on Grid master so do i have to still configure the DHCP option for DDNS update ? or this is by default allowed as you have mentioned...

Re: Dhcp ddns option and dns grid properties updates option

Authority
Posts: 13
28872     0

now the issue is some of the client pcs PTR dynamic record is not getting added but foreward dyanmic record is showing , 

 

i have not abled the DDNS updates options yet as the other dynamic records got updated automatically from cleint itself .... should i enabled the DDNS updates option for DHCP server even though the DHCP server is running on same member i.e. grid master to fix this issue....

Re: Dhcp ddns option and dns grid properties updates option

Adviser
Posts: 109
28872     0

This whole process can be a bit confusing because even though it you might only have one server involved, there are multiple processes with their own configurations involved. If the DHCP client (not recommended) is doing the dynamic updates, then you must make sure that updates are allowed for that client on both the forward and reverse mapping zones.

 

If you are not seeing updates for the reverse take place, the most likely cause is that the reverse mapping zone does not exist, has not been enabled (no primary name server is assigned), or updates are not allowed for the client or network where the updates are coming from.

Note: When the DHCP server is sending the dynamic updates, it is considered a client in that perspective.

 

The other side of this equation is with enabling DDNS updates in the DHCP properties on your DHCP server. This is a separate configuration and is generally considered a best practice to employ, as DHCP clients are not generally considered reliable and you will frequently end up with stale records in DNS as a result. When Infoblox is both the DHCP and DNS server, this makes the configuration fairly simple as all you need to do is enable this option and it will update DNS using its built-in TSIG key. Then, updates to zones would only be allowed for statically configured or special clients (think AD Domain Controllers and other servers), and all others would be denied. This will allow the DHCP server to reliably update both the forward and reverse mapping zones and is easier to setup

 

If you are not sure how to proceed, the best practice would be to enable DDNS updates in your DHCP configuration and allow the DHCP server to update DNS on behalf of DHCP clients, and (excluding exceptions) deny all else.

 

Regards,

Tony

Re: Dhcp ddns option and dns grid properties updates option

Authority
Posts: 13
28873     0

For now the clients are updating the DNS records and things are working but few of the client machines are not able to update only the PTR record . 

 

i have checked in the logs and it shows the A record was created only and no PTR record and this is only for few clientss....was wondering by enabling DHCP DDNS updates will it fix the issue ..

Re: Dhcp ddns option and dns grid properties updates option

Adviser
Posts: 109
28873     0

@rameshwar wrote:

For now the clients are updating the DNS records and things are working but few of the client machines are not able to update only the PTR record . 

 

i have checked in the logs and it shows the A record was created only and no PTR record and this is only for few clientss....was wondering by enabling DHCP DDNS updates will it fix the issue ..


Those are two different concepts altogether. One is with having the client perform the updates, while the other has the DHCP server take over for them. If the client is supposed to be performing the updates (not best practice) but you are finding that some are never attempting to do the reverse, there might be an issue with the settings on the clients themselves. The DNS and DHCP servers have no control over the client in forcing it to do the updates, they only do what the client asks for.

 

Regards,

Tony

Re: Dhcp ddns option and dns grid properties updates option

[ Edited ]
New Member
Posts: 1
28873     0

@rameshwar wrote:
We have grid master running dns and dhcp. I added DC ip in updates section in dns grid properties and the logs was appearing as denied from all the client machines and the dynamic records was not updated . Once i set the updates acl to any then the updates was working and can see the dynamic records in dns .

M confused between the two options i.e ddns updates in dhcp option n dns update option in dns grid properties. Official Website

Should we keep the dns update option as any or i have to enable ddns update in dhcp option as well as the permanent solution....

The zone transfer is configured and added DC IP but forwarding is not enabled ... also on DC the zone is not enabled and now it is secondary zone and we cannot see any dynamic records in secondary DNS i.e Microsoft dns

Plz advise what is the best option to configure to get the ddns .. can the client itself provide the dns updates the ways it is configured now will that work ?? As we have plan to remove dns server on Microsoft and only keep infoblox as dns

A record was created only and no PTR record and this is only for few clientss....was wondering by enabling DHCP DDNS updates will it fix the issue.

Re: Dhcp ddns option and dns grid properties updates option

New Member
Posts: 1
28873     0

i have not abled the DDNS updates options yet as the other dynamic records got updated automatically from cleint itself ....

Showing results for 
Search instead for 
Did you mean: 

Recommended for You