06-19-2018 06:57 AM
I have an issue with a particular zone on the grid master!!!
the master manages 2 distinct servers :
Server A : hosts the zone test.com (it already exists as Authoritary zone)
we need to create a forward to test.com on server B. (forward to server A)
How can I do this??
Should I create a new view?
Thank you for your help
Solved! Go to Solution.
06-19-2018 07:22 AM
You cannot do this in the same DNS view. Assuming you run in a grid why don't you make the zone secondary on the other appliance?
06-19-2018 07:27 AM
What is the best solution for security ? forward or secondary zones?
I believe it is forward.
If I choose this solution, I will need to create another view. correct??
06-19-2018 07:51 AM
They are afraid about DNS tunneling, I need also to activate DNS firewall to prevent this that's why I thought about the forward. I don't know if this is correct or not
06-19-2018 01:19 PM
Just an opinion :
I don’t think there’s a necessity to mix-up your requirements. I shall rephrase your requirement to be, “I want server B to answer queries for ‘test.com’ & it should be protected from DNS tunnelling attacks as well”. I would answer your question “What is the best solution for security ? forward or secondary zones?” as Secondary zone because that’s the easiest way to ensure that your DNS server is giving the response which you intent it to. A forward zone is still dependent on a response which it gets from ‘outside’ though the forwarder here is authoritative. Irrespective of this design, you may think about implementing security solutions that Infoblox offers to preventing tunnelling attacks.
And yes, if you are thinking about a forward zone, you need a new DNS view.
06-20-2018 01:48 AM
Thank you for the reply.
I believe Secondary zone is better than forward (there won't be any view creation).
Are there any security concerns with the secondary zones?