08-05-2013 08:52 PM
I have a 5 subnet network..10.0.1.0/2410.0.2.0/24 .... ...10.0.5.0/24At the moment a UTM hosts all the 5 subnets.. with DHCP and DNS on each subnet.. 10.0.1.1 .. 10.0.2.1... ... 10.0.5.1A host gets a typical IP address like 10.0.1.11 / 255.255.255.0 with gateway.. 10.0.1.1 ... for the subnet 10.0.1.0/24 .. same goes for other networks. Each subnet uses the gateway IP on that subnet for DNS and DHCP .. 10.0.1.1 10.0.2.1 ... ....10.0.5.1. The IP has DNS forwarders and it works well.Interfaces are connected to managed switch for full gigabit support for each subnet.Now I need to move the DNS/DHCP service off the UTM to an Infoblox 550 with IP 10.0.1.5 I add the networks as IPv4 networks and assign the DHCP ranges for each subnet. This works well. Problem now is that the DNS and DHCP have just one IP of 10.0.1.5 and the other subnets cannot reach 10.0.1.5 .. and I need to configure the appliance with multiple listen-to IPs for DNS queries on each subnets.. like 10.0.1.5 .. 10.0.2.5 .... .. 10.0.5.5 I tried using the loopback interface by adding the new IPs of 10.0.2.5 ... 10.0.5.5 .. and provisioned them thru DHCP.. The network devices get the IP address with the correct DNS IP .. but the DNS IP is in accessible for use .. they are un-pingable and basically seen as dummy IPs and not real IPs.How do I get the DNS configured with multiple subnet listen-to interfaces..
08-07-2013 07:48 AM
Your issue looks (to me) more like a routing issue.
- Are devices in different subnets able to reach each other ? I'm wondering if your UTM doesn't allow communication between subnets?
- What about using something like a DHCP helper statement on each subnet to point that broadcast traffic to the 10.0.1.5 IP?
- We (because of legacy DNS IP's) do have some additional IP's configured on our DHCP appliances (grid - grid manager - services - select your member - member properties - network - additional IPv4 ports and addresses) as hosts (DNS only) because there are old devices with those IP's hard-coded as DNS servers, but that's more for backwards compatibility rather than designing something from scratch like you're doing now.
I'm going to assume that devices on the 10.0.1.0/24 able to obtain DNS/DHCP, and communicate to the outside world (outside your private address space)
08-07-2013 08:49 AM
Yes, the UTM has rules which block communications between subnets for security reasons.
The managed switch is configured to have VLAN tagged data pass through for that specific subnet. Have Cisco APs which are configured and are able to service all 5 subnets...as the APs can be configured to have multiple IPs for each subnet like 10.0.1.2, 10.0.2.2, 10.0.3.2..etc
Even if I assigned IPs for on the loopback on the IB-550 I am confused on how to make them accessible to the respective subnets. I in fact removed the security rules in the test environment to see if the subnet rules are blocking the communications but that is not the case.
In the test environment..
IB-550 configured with IP 10.0. 1.5 works only on subnet 10.0.1.0. The loopback given additional IPs 10.0.2.5, 10.0.3.5... 10.0.5.5 are totally unresponsive and inaccessbile to the network.
If there is a routing issue then I need to understand what static routes do I need to add to the router to get these additional IPs responsive to network queries.
This is a linux system.. infoblox needs to provide a straight forward simple option of adding additional "configurable" IPs serving different subnets. The loopback additional IPs cannot be cofigured !! This is insane !
08-29-2013 11:37 AM
Once you define the localhost interfaces, you do need to tell the member's DNS properties to listen on the additional interfaces.
Go into the 'Member DNS Properties' panel, you may need to 'Toggle Advanced Mode', then go to the 'General' -> 'Advanced' section to set this up. Once you click the '+', it will add the loopback IPs to the member's config.
After that and a restart of services, resolution should start to work.
Let us know if that works.