Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

DNS DHCP IPAM

Reply
Highlighted

Infoblox in DR site cannot resolve external DNS Prod site working great

Techie
Posts: 2
3839     0

Hey Guys,

 

We have an pair of infoblox apliances setup as a HA pair in our prod site and a virtual appliance in our DR site. The HA pain in our prod site is the grid master and the DR appliance is running as a grid master candidate. Here is the problem. If we specify the Prod infoblox as our DNS server on a workstation or server and do an nslookup everything works. If I enter the ip of the DR infoblox as the DNS server nslookup to anything fails. I got onto the DR infoblox via ssh and it can get to anythig. Nslookup works just fine on the DR infoblox, but just can't get it to work from a workstation using the DR infoblox as it's DNS server. Please help! Smiley Happy

Highlighted

Re: Infoblox in DR site cannot resolve external DNS Prod site working great

Expert
Posts: 278
3840     0

It could be a number of things:

 

1) Have you verified IP connectivity/routing with traceroute/ping?

2) Do you get any response at all with nslookup or does it just time out?

3) When you use nslookup, are you appending a "." at the end of your queries? Time and again I have seen people miss this, the server then tries to forward or recurse and times out, add a dot and it works.

4) Is the DNS service started?

5) Is the D/R server correctly configured as a slave server for the zones in question, or is it in the name server group for the zones in question?

6) Have you verified that allow-query, allow-recursion and/or view match lists are set correctly?

7) Have you done a restart services?

...

 

 

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Highlighted

Re: Infoblox in DR site cannot resolve external DNS Prod site working great

Techie
Posts: 2
3840     0

Hey paul,

 

Thanks for getting back to me. Here are my results...

 

(1) Traceroute fails (gets to first hop, then the rest time out.)

(2) nslookup displays the name of the infoblox appliance and the ipaddress but the dns requests time out. (twice)

(3) adding a "." did work though. Not sure whats happening when you add a period, but that does make it work.

(4) The DNS service is running.

(5) I'm not sure where to check for this, but I do know that this machine is the grid master candidate.

(6) Allow queries from: is set to (set of ACEs), Allow recursion is checked and set to (set of ACEs), not sure where to check for "view for match"

 

(7) I did restart the dr appliance.

 

Hope this helps, Please let me know if you need any more info. Thanks for your help.

 

Highlighted

Re: Infoblox in DR site cannot resolve external DNS Prod site working great

Community Manager
Community Manager
Posts: 248
3840     0

I would say that step (1) is your problem.

If you can't get packets to the box in the DR site, you can't make queries.

 

If the member has joined the grid, then it is probably a FW issue for clients->DR via port 53

 

Check with the FW or network team on how the packets are routed

 

also, if "nslookup worked on the DR box" where were you sourcing these lookups from ? and how is that location different from the client location ?

 

lastly - DON'T use nslookup, use 'dig'.

Showing results for 
Search instead for 
Do you mean 

Recommended for You