11-25-2015 10:31 PM
I need your expertise for a blocking point of our infrastructure.
We have a standard installation with three gridmember to resolve all the domain under "toto.fr"
Member 1: Master + Primary DNS
Member 2: Slave + Secondary DNS
Member 3: Slave + Secondary DNS
We want to forward the request for the domain "toto.com" at the IP address 10.5.5.5 which is connected only to the Member 2. It is a DNS server configured with BIND
I configured the Member 2 to have a forwarder at 10.5.5.5.
DNS -> Members -> Member2 -> Forwarder : add 10.5.5.5 (Uncheck Use forwarder Only)
I created a new "forward zone" : toto.com
Default Zone Forwarder: toto.com - Address: 10.5.5.5
Members: member 2
Test from Virtual Applicance
From the virtual appliance I can resolve the host test.toto.com with the command : OK
But with using the Infoblox DNS I can't resolve the host test.toto.com.
Connection : Refused
I have restarted the services and etc, and I play with all the configuration (Forwarder only, etc) but it's still not working
I'm new with infoblox and maybe I'm getting wrong with the understanding of DNS forwarder.
Do you have any ideas, what I have to do to resolve this issue?
Thank you in advance,
11-29-2015 06:53 PM
What I think you should do is:
1. Create a forwarding zone for toto.com on all 3 members pointing to 10.5.5.5
2. I'm not entirely sure what you mean by 10.5.5.5 (BIND) is connected only to Member2, but if this is true, then you have a routing issue because if you query member1 or member3 they will not be able to reach 10.5.5.5
3. You can remove the forwarder configuration in Member2, sinec you have already indicated that toto.com will forward to the 10.5.5.5 NS. It is then up to the default routing on Member2 to reach that NS.
If you get a "refused" in this instance it's probably because you don't have recursion turned on and thus it is acting as auth only.
Try doing a dig from the console of member2 to see if you can resolve.
12-03-2015 05:46 AM
Thanks for your answer.
I just found the solution, it was the queries of the DNS properties. I create a new ules with allow all.
And it's working well now.