Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Reporting

Reply

DNS stats = IP address blocks/A records with a zone list

Authority
Posts: 24
5328     0

I'm looking to create a report or dashboard that will allow me generate a listing of all A records and their corresponding IP address(es), filtering by IP address with also a zone list --> for example I want to see all 10.x.x.x A records in zones abc.com and xyz.com

Highlighted

Re: DNS stats = IP address blocks/A records with a zone list

Adviser
Posts: 128
5328     0

Hello There,

 

I don’t think you could use the reporting server to get a list of all A records in DNS – neither with custom reports. Using the “DNS Statistics per Zone” dashboard, you could find how many records does different zones have & the numbers per record types in each zone – which includes A record as well. The easiest approach here would be a CSV export. You may :

 

Go to Grid -> Grid manager -> Members -> CSV job manager -> CSV export -> Click on “*” -> Uncheck ‘All objects’ -> From ‘All DNS objects’, select ‘A records’ -> ‘Export data’.

 

Now you may need to filter the ‘address*’ & ‘fqdn*’ column as appropriate to get your requirement done. You can use the ‘Sort & Filter’ function from Excel for this :

 

  • For any addresses starting with ’10.x.x.x’, you may just uncheck all -> Type in ’10.’ & its going to check all the IP addresses starting with ’10….’.

 

  • Now as you have all the A records starting with 10.x.., you may filter the ‘fqdn*’ column with ‘*.abc.com’ & ‘*.xyz.com’ – per your example.

 

You may also rely upon the ‘smart folders’ from the GUI, but if the total results exceeds 2000, that’s not going to fit. In case if this data is required often, I understand that this method could be painful & tedious as a job. But as the reporting server doesn’t receive the raw DNS RR data, to the best of my knowledge there’s no way that we could create a report/dashboard for them. If this is a one-time requirement or say its required once in a month or a week, I hope the suggestion above might be convenient.

 

Best regards,

Mohammed Alman.

Re: DNS stats = IP address blocks/A records with a zone list

Authority
Posts: 24
5329     0

I was looking from a report/dashboard perspective because I want something simple and quick that can be scheduled or exported with little-to-no manual intervention.  I know I can do this via CSV Export and filter the file but that isn't sufficient; I need more of a real time/current running search list and don't want to export and filter out of the Grid five+ times per week.  The GUI quick filters and Smart Folders cap out in their output results which doesn't buy me anything.  If I can grab the total number of A records via the DNS Stats isn't it feasible to also include the actual data of those records?  Also, if I can filter and grab IP's via the IP Address Inventory report, is there no way to combine both?

Re: DNS stats = IP address blocks/A records with a zone list

Adviser
Posts: 128
5329     0

Hello,

 

To address your question, “If I can grab the total number of A records via the DNS Stats isn't it feasible to also include the actual data of those records?” :

 

This is how the raw data used for this specific report(DNS Statistics per Zone) looks like :

 

2018-04-14 00:00:00,default,parent.zone,Forward-Mapping,No,emea-ha.lab.inbe.infoblox.com,,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,3,0,0,0

2018-04-14 00:00:00,default,max.test,Forward-Mapping,No,emea-gm.lab.inbe.infoblox.com,,2,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,6,0,0,0

2018-04-14 00:00:00,default,fbsdb.sdvs,Forward-Mapping,No,,,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

2018-04-14 00:00:00,default,sdvds,Forward-Mapping,No,emea-gm.lab.inbe.infoblox.com,,1,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,4,0,0,0

:

:

2018-04-14 00:00:00,default,domaindnszones.w2008.emealab.local,Forward-Mapping,No,emea-gm.lab.inbe.infoblox.com,,1,0,0,0,0,0,0,0,0,0,0,2,0,0,1,2,0,0,0,6,0,0,0

2018-04-14 00:00:00,default,_udp.w2008.emealab.local,Forward-Mapping,No,emea-gm.lab.inbe.infoblox.com,,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,2,0,0,0,5,0,0,0

2018-04-14 00:00:00,default,_tcp.w2008.emealab.local,Forward-Mapping,No,emea-gm.lab.inbe.infoblox.com,,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,4,0,0,0,7,0,0,0

2018-04-14 00:00:00,default,_sites.w2008.emealab.local,Forward-Mapping,No,emea-gm.lab.inbe.infoblox.com,,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,3,0,0,0,6,0,0,0

2018-04-14 00:00:00,default,_msdcs.w2008.emealab.local,Forward-Mapping,No,emea-gm.lab.inbe.infoblox.com,,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0,0,0,3,0,0,0

 

The numbers in sequence are the actual count of different type of resource records & these data is overwritten every 24 hours. As you can see there’s no way to determine the actual records which constitute to these counts from this data. The way I see the string, these are simply raw data ready to be presented. Means, no further calculations are needed & we just rename the fields before presenting the final output.

 

To address, “Also, if I can filter and grab IP's via the IP Address Inventory report, is there no way to combine both?” :

 

As you may already know, the information that you see in ‘IP Address Inventory’ dashboard is something which has been ‘discovered’ by one of our discovery solutions (Like Network Insight etc..). Keeping in mind your use-case, I see reasons why this information cannot be relied as statistics of all the ‘A’ records created in your Infoblox DNS server :

 

  • The discovery solution might pull hostnames of devices for which IP addresses were statically allocated as well  (Means no A/Host record in the DNS server - atleast for some of them).

 

  • Say one of your administrators created an A record in your Infoblox DNS server, ‘client.test.com’ pointing to 10.190.23.2. Now as long as the ‘client’ doesn’t get the same IP address (Static or via DHCP), there’s no way that the NI/NeTMRI solutions can pull this hostname to generate the ‘IP Address Inventory’ report. So basically, if that client doesn’t exist, you never see them in this report. And talking about combining this discovered data with the data for ‘DNS Statistics per Zone’?, doesn’t sound like a great plan or is impossible as far as I know.

 

Now if you believe that the data in ‘IP Address Inventory’ is indeed accurate, I hope you could use the combination of ‘Discovered name’ & ‘IP Address’ to tweak the data that you are looking for. For the example that I mentioned above, I would use something like, “IP Address=10.” & “Discovered name=test.com”. This is going to pull all the IP addresses starting with 10.x.x & falling under the zone ‘test.com’.

 

Since you do not want any suggestions using Smart folders/Quick Filters or in fact anything other than reporting, there seems to be a feature enhancement request for a similar requirement & I suggest working with Infoblox support to get yourselves added to it. If the existing request doesn’t exactly match your use case, support would be able to file a more accurate one on your behalf & Infoblox product management team would consider that as an additional feature in future releases. I would imagine that this feature would add up to more index usage since the data sent to the server would be quite high if your Infoblox DNS infrastructure has huge numbers of A records. So i believe the feature would considered based on serveral aspects & feasibility. Your Infoblox systems engineer would be the point of contact further, to keep you posted on the progress of the feature request.

 

Best regards,

Mohammed Alman.

Re: DNS stats = IP address blocks/A records with a zone list

Expert
Posts: 181
5329     0

We have run into the same problem.   Our solution was to continue to use the solution we used when we were still a bind and Windows shop.    We have a script that walks our internal DNS tree doing validation and zones transfers.   It is a slightly modified version of the old DNS checker script "dlint".  It puts all the DNS zone data in a single "all records" flat text file.  From there a simple html web page with some searches and filters, or just greps will let you get the data you are looking for from the flat text file.

We have found this to be much faster and more useful than any search or export in Infoblox.   The CSV exports they recommended take 20 to 40 mins to run on our and take the CPU of the GM up by nearly 40% while it runs.  DLINT zone transfers nearly a million records from the grid and Windows boxes in less than 5 mins.

DLINT is a nice starter for this as you can have it also look for bad delegation and generate some other basic reports and alerting when it runs that are also missing from Infoblox.

DLINT can also walk your in-addr.arpa internal zones as well although seeding it may take some more scripting depending on how your internal reverse DNS zones are deployed. 


Re: DNS stats = IP address blocks/A records with a zone list

Authority
Posts: 24
5329     0

This is probably the wrong section for this question, but could something like you suggest Dan be used, a simple web page front end with some drop down selection filters utilizing the WAPI I'm thinking? 

Showing results for 
Search instead for 
Do you mean 

Recommended for You