DNS DHCP IPAM

Reply
Accepted Solution

adding forward and authoritary zone on same view

Authority
Posts: 23
704     0

Hello guys,

 

I have an issue with a particular zone on the grid master!!!

the master manages 2 distinct servers :

Server A : hosts the zone test.com (it already exists as Authoritary zone)

we need to create a forward to test.com on server B. (forward to server A)

 

 

How can I do this??

Should I create a new view?

 

Thank you for your help

Re: adding forward and authoritary zone on same view

Adviser
Posts: 74
704     0

You cannot do this in the same DNS view. Assuming you run in a grid why don't you make the zone secondary on the other appliance?

Highlighted

Re: adding forward and authoritary zone on same view

Authority
Posts: 23
704     0

Hi Harrys,

 

Thank you.

 

What is the best solution for security ? forward or secondary zones?

I believe it is forward.

 

If I choose this solution, I will need to create another view. correct??

Re: adding forward and authoritary zone on same view

Authority
Posts: 23
705     0

They are afraid about DNS tunneling, I need also to activate DNS firewall to prevent this that's why I thought about the forward. I don't know if this is correct or not

Re: adding forward and authoritary zone on same view

Adviser
Posts: 74
705     0

Hello Yol,

 

Just an opinion :

 

I don’t think there’s a necessity to mix-up your requirements. I shall rephrase your requirement to be, “I want server B to answer queries for ‘test.com’ & it should be protected from DNS tunnelling attacks as well”. I would answer your question “What is the best solution for security ? forward or secondary zones?” as Secondary zone because that’s the easiest way to ensure that your DNS server is giving the response which you intent it to. A forward zone is still dependent on a response which it gets from ‘outside’ though the forwarder here is authoritative. Irrespective of this design, you may think about implementing security solutions that Infoblox offers to preventing tunnelling attacks.

 

And yes, if you are thinking about a forward zone, you need a new DNS view.

 

Best regards,

Mohammed Alman.

 

Re: adding forward and authoritary zone on same view

Authority
Posts: 23
705     0

Hello Mohammed,

 

Thank you for the reply.

I believe Secondary zone is better than forward (there won't be any view creation).

 

Are there any security concerns with the secondary zones?

 

Thank you

Re: adding forward and authoritary zone on same view

Adviser
Posts: 74
705     0

Not that i am aware of as long as you control rights with ACL's.

 

Best Regards,

Showing results for 
Search instead for 
Do you mean 

Recommended for You