2 weeks ago
It is currently not possible to use Name Server Groups for a signed zone. In a setup with 100+ zones it is really convenient to use NSG's. Is there a RFE to get this implemented?
The name server group only configured the Master and Secondary Name Servers for a zone. They can be configured for authoritative zones, forward zones, etc. This would include any TSIG signatures required for zone transfers.
I don't think DNSSEC config is part of the name server configuration? That's a separate tab when editing a zone. You can simply update one zone as you want all to be configured then use CSV Export in CSV Import format to download all the zones, copy the DNSSEC config from the zone you updated to all the other zones that need to be updated, then perform a CSV Import as Override to update all the zones.
DNSSEC config isn't part of the name the server group configuration and it doesn't have to be. What I am revering to is that when I have a couple of unsigned zones I can have a single NSG for them. If I then change the NSG(add a secondary server for example) this change is applied to all the zones that have this NSG configured.
As soon as I sign a zone however the individual servers in the NSG that is configured get expanded into "Use this set of name servers" and after that the NSG is no longer being applied to the zone.
Exporting and importing sounds like a possible workaround to update the nameservers for multiple signed zones it would however be easier to just use NSG's. Therefor I'm wondering if there is already a feature request for this. If not I would like to submit one.
I understand what you're saying... and agree it would be helpful! Infoblox may not monitor this discussion, so I'd suggest opening a ticket with Support or asking your account team. Your sales engineer should be able to research the feature request and submit your company for it if it exist.