Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Name Server Groups(NSG) for DNSSEC signed zones

New Member
Posts: 3
3777     0

It is currently not possible to use Name Server Groups for a signed zone. In a setup with 100+ zones it is really convenient to use NSG's. Is there a RFE to get this implemented?

Re: Name Server Groups(NSG) for DNSSEC signed zones

Adviser
Posts: 63
3777     0

The name server group only configured the Master and Secondary Name Servers for a zone.  They can be configured for authoritative zones, forward zones, etc.  This would include any TSIG signatures required for zone transfers.

 

I don't think DNSSEC config is part of the name server configuration?  That's a separate tab when editing a zone.  You can simply update one zone as you want all to be configured then use CSV Export in CSV Import format to download all the zones, copy the DNSSEC config from the zone you updated to all the other zones that need to be updated, then perform a CSV Import as Override to update all the zones.

Re: Name Server Groups(NSG) for DNSSEC signed zones

New Member
Posts: 3
3777     0

DNSSEC config isn't part of the name the server group configuration and it doesn't have to be. What I am revering to is that when I have a couple of unsigned zones I can have a single NSG for them. If I then change the NSG(add a secondary server for example) this change is applied to all the zones that have this NSG configured.

 

As soon as I sign a zone however the individual servers in the NSG that is configured get expanded into "Use this set of name servers" and after that the NSG is no longer being applied to the zone.

 

Exporting and importing sounds like a possible workaround to update the nameservers for multiple signed zones it would however be easier to just use NSG's. Therefor I'm wondering if there is already a feature request for this. If not I would like to submit one.

Re: Name Server Groups(NSG) for DNSSEC signed zones

Adviser
Posts: 63
3778     0

I understand what you're saying... and agree it would be helpful!  Infoblox may not monitor this discussion, so I'd suggest opening a ticket with Support or asking your account team.  Your sales engineer should be able to research the feature request and submit your company for it if it exist.

Re: Name Server Groups(NSG) for DNSSEC signed zones

New Member
Posts: 3
3778     0

Good idea, I just opened this post to find out if there was a RFE already. I'll open a ticket with support.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You