Which IPAM Object for REST Provisioning?

Posts: 4
5529     0

Hello IB Community!


I’ve been struggling with a question for a while now. We have been using an Infoblox Grid for authoritative and recursive DNS for quite some time, but now want to start using it for DHCP and IPAM management.


We have the IPAM for Microsoft product to synchronize with our internal MS DHCP and DNS engines.


I’ve finally got my head around Infoblox DDI using a unified database and not three sets of discreet data like I’ve grown up with.


So my question is, when we go to automatically provision a new IP address via REST, what type of object should we create?


If we create a DHCP reservation, we must ensure that the reservation label matches the name of the host that the IP address was provisioned for.


If we create an A record, DDNS can’t do its thing and we’re on the hook to remove the record when the host is retired.


We could crete a Host object, but only without DNS because we’re running IPAM for MS.


I believe that my SE has a workable solution here, but I just wanted to see how the other IPAM for MS customers are handling this dilemma.


Many thanks,


Re: Which IPAM Object for REST Provisioning?

Posts: 86
5530     0

If I'm reading this correctly, it appears to me that what you're trying to do is basically create a Windows Domain joined host in a zone, which is synced to Microsoft via the MS Management feature.


I'm not sure why you would want to do this via REST... unless you were trying to provision static servers. I would probably approach this in two ways - assuming the DNS zone is controlled by MS and DHCP by Infoblox:


1. If we are talking about getting dynamic Microsoft hosts in the system, then the MS host should boot up with DHCP and hit Infoblox DHCP. Use Infoblox's DHCP to automatically update DNS on behalf of the host (DDNS). This way the hostname is consistent with whatever was assigned in the host, you get visibility of the IP, DHCP lease as well as the DNS hostname in the system (via the synced zone). Fully automatic, nothing to do except configure your DHCP and DDNS updates correctly.


2. If you are trying to provision static servers, either Windows or non-Windows based, you could use REST API to provision this. In this case, you would still create a host object, with DNS enabled, and you could also enable it for DHCP to bind the MAC to the IP, should you wish to do so. If it's a MS synced zone - provided you have the MS management feature - the object will sync across to MS DNS zones.


As a side note, normally the API calls would be used in conjunction with some orchestration system, or if you just wanted to simplify provisioning lots of machines.


I hope I understood your question correctly.

Re: Which IPAM Object for REST Provisioning?

Posts: 4
5530     0

Hey, thanks for the quick response. You interpreted my chatter mostly right.


In our case, both the DNS zones and DHCP are controlled by Microsoft. They are also both synchronized to the Grid using IPAM for MS.


You were correct in suggesting that are implementing an orchestration system. We are specifically using ServiceNow to automate the provisioning of static, domain-joined, Microsoft Server VMs. Hence the REST.


My assumption was that since our DNS and DHCP are controlled by Windows servers, we shouldn’t use Host objects since they would never make it over to the Microsoft side. It sounds like this may be a bad assumption.


  1. With this additional information, are Host objects still our best option?
  2. Does IPAM for MS simply ignore these Host objects during synchronization to our DNS and DHCP servers?
  3. Does the label of the Host object conflict, or coexist with any DDNS A records that may be created?
  4. When the VM is retired, will the Host object persist even after the A records have been deleted/scavenged?


I know this is a lot of questions, but I very much appreciate your time here. We are very excited about finally advancing this project.



Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Businesses are investing heavily into securing company resources from cyber-attacks form cybercrimin