Reply

Grid Setup: Zone Transfer vs. bloxSYNC

[ Edited ]
mail_zeni
Techie
Posts: 6
6086     0

Dear All,

 

Do Infoblox appliances use bloxSYNC to synchronize their zones in a grid setup? Can zone transfer be used to synchronize zone files between grid members?

 

Though the admin guide says grid members can be configured to do zone transfer (not default), but I couldn’t find any steps that help implement and test that the appliances are indeed using the zone transfer to update DNS database.

 

https://community.infoblox.com/t5/Security/Zone-Transfer/m-p/549#M261  - is also not conclusive.

 

One of the requirements in the project I am currently working on is to use a dedicated interface for zone transfer. I understand, zone transfer can be configured to use LAN 2 interface, if required, but does the grid members use zone transfer if they are part of a grid? If they can’t, can bloxSYNC be configured to use a dedicated interface?

 

Our setup includes:

 

  1. HA Grid Master
  2. HA Internal DNS Servers
  3. 2 External DNS Servers (no HA)

 

As always, appreciate the support provided.

 

Thanks.

 

Re: Grid Setup: Zone Transfer vs. bloxSYNC

Expert
Posts: 227
6086     0

You can configure DNS slave members to use zone transfers instead of Bloxsync when you add them to the name server group; in the box that says "Update Zones Using" simply select "DNS Zone Transfers" instead of "Grid Replication".

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE

Re: Grid Setup: Zone Transfer vs. bloxSYNC

Expert
Posts: 227
6086     0

If you want to perform zone transfers over a different interface, select the DNS member, click edit, click "advanced" under the general tab and select the interface from the drop down box next to "Send notify messages and zone transfer requests from"

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE

Re: Grid Setup: Zone Transfer vs. bloxSYNC

[ Edited ]
mail_zeni
Techie
Posts: 6
6086     0

Dear Paul,

Thank you very much for the reply.

 

Does Infoblox log any message to be sure that zone transfer is what was used to sync zone data with grid secondary servers? Or, capturing packets on the switch port is the only option? The reason I ask is that I need to show to customer that zone transfer is what grid primary server used to sync data.

 

Also, like zone transfer, can grid replication be configured to use a dedicated interface? 

 

Thanks.

Re: Grid Setup: Zone Transfer vs. bloxSYNC

Expert
Posts: 81
6086     0

Hello, mail_zeni.

 

The member's syslog can be used to track all zone transfer requests made by or received from another server. Look, if you are using Zone Transfers (not Grid Replication) to replicate the zone contents to its secundary servers (even if this one is a Infoblox appliance), the member will see it as an ordinary, traditional DNS Server: Permissions to do zone transfers must also be configured in zone permissions and match clients/destinations configuration must match the client requesting the zone transfer, if you're using them.

 

Also, zone transfers are logged by default in the member's syslog (please see image attached).

 

Unlike DNS Transfer messages, Grid Replication cannot use a diferent interface, as far as I know. Some kind of traffic can be delivered by MGMT interface, but I don't think the replication itself fits inside this because the traffic must pass by a VPN Tunnel between Grid Master and Members.

 

Here is the support page listing the tasks related to the zone transfer configuration: https://support.infoblox.com/app/answers/detail/a_id/83/

 

Hope this helps.

Paulo Costa

https://br.linkedin.com/in/pauloeliasjr

Highlighted

Re: Grid Setup: Zone Transfer vs. bloxSYNC

mail_zeni
Techie
Posts: 6
6086     0

Dear Paulo,

 

Thank you for the update. 

 

I think configuring the grid members hosting the DNS zones to use the management interface for the VPN tunnel to the grid master and changing update method to grid replication should give us the isolation. 

 

Thanks.

Showing results for 
Search instead for 
Do you mean 

Recommended for You