Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Delegation Zone now direct client to the auth ns

[ Edited ]
Superuser
Posts: 105
4825     0

Hi Team,

 

Now i'm having problem in creating delegation zone, this are the detail about the scenario:

 

1. domain abc.co.id

2. Primary ns of abc.co.id is ns1.abc.co.id 192.168.2.3

3. subzone sub.abc.co.id

3. Primary ns of sub.abc.co.id is ns5.abc.co.id 192.168.2.4

 

I've created delegated zone sub.abc.co.id under abc.co.id with targeted ns is ns5.abc.co.id 192.168.2.4

 

after creating the delegated zone, i try to dig a record unde sub.abc.co.id, but the dig result is show like below:

 

dig @192.168.2.3 pc10.sub.abc.co.id

; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> @192.168.2.3 pc10.sub.abc.co.id
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 990
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 54873c4aa8c9483b061804055da77fcb9d6a48c0a47f77de (good)
;; QUESTION SECTION:
;pc10.sub.abc.co.id. IN A

;; AUTHORITY SECTION:
sub.abc.co.id. 28800 IN NS ns5.abc.co.id.

;; ADDITIONAL SECTION:
ns5.abc.co.id. 28800 IN A 192.168.2.4

;; Query time: 1 msec
;; SERVER: 192.168.2.3#53(192.168.2.3)
;; WHEN: Wed Oct 16 20:38:49 DST 2019
;; MSG SIZE rcvd: 109

 

after it resolve the ns ip, the client didnt query to the ns5.

 

Please your advice

 

Thanks

Re: Delegation Zone now direct client to the auth ns

[ Edited ]
Superuser
Posts: 105
4825     0

I try to enable recursive, and it resolves the pc10.sub.abc.co.id. Is it possible to do delegation without enabling the recursive?

 

Thanks

Re: Delegation Zone now direct client to the auth ns

Moderator
Moderator
Posts: 36
4825     0

Hello there,

 

When Recursion is not available, Infoblox DNS Server would only be able to provide a Referal to the NS of the Delegated Zone. This is by design. 

 

If you would like to have the DNS Server resolve the Query and not just provide the Referral then you would have to Enable Recursion.

 

Regards.

Re: Delegation Zone now direct client to the auth ns

Superuser
Posts: 105
4825     0

Hi Braj,

 

So there is no different between forward zone and delegation zone, isn't it? both zone need the recursion to be enabled if we expect the client get the IP of targeted record?

 

Thanks

Re: Delegation Zone now direct client to the auth ns

Moderator
Moderator
Posts: 36
4825     0

Hello,

 

Forward Zones and Delegations are inherently different and they function in a different way. A Delegation can give NS referals however a Forward Zone can not.  

 

Please refer to this Community Thread which discussed Forwarder vs Delegation which might clear your doubts.

 

Regards.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You