Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API Examples

Reply

API call for extattrs failing on records, but working on zones.

[ Edited ]
Techie
Posts: 6
949     0

Trying to pull external attributes on DNS objects but getting this error message.  If I remove the extattrs that command works.  

 

https://domain.com/wapi/v2.12/allrecords?zone=domain.com&creator=STATIC&_return_fields=comment,disable,name,type,zone,extattrs

"Error": "AdmConProtoError: Unknown argument/field: 'extattrs'",
    "code": "Client.Ibap.Proto",
    "text": "Unknown argument/field: 'extattrs'"
}

 

If that command is run on the zone level it returns the EAs without issue.  

 

https://domain.com/wapi/v2.12/zone_auth?_return_as_object=1&_return_fields=fqdn,comment,disable,extattrs

 

Can someone help me understand what is broken here?  My assumption is that extattrs is applied to any object but I can't seem to get that data when pulling DNS records.  

 

Re: API call for extattrs failing on records, but working on zones.

Moderator
Moderator
Posts: 300
950     0

allrecords isn't really an object type, its a method to search for matching objects.  Unfortunately extattrs cannot be returned with an allrecords search.

 

Instead, use the returned ref for each returned object, and query for its extattrs.

 

Or alternatively,  you could do a CSV export of matching records, which will contain the EA values as CSV columns.

 

Here's the manual process for doing this via CSV:

 

start the export generation

curl -k1 -u admin:infoblox -X POST \
'https://gm.example.com/wapi/v2.12/fileop?_function=csv_export' \
-H 'Content-Type: application/json' -d \
'{
"_object":"allrecords",
"zone":"example.com",
"creator":"STATIC",
"view":"Internal DNS"
}'

 

which returns:

{
    "token": "eJytjk0LgjAcxr9K7JybTp0vN8OCIBQiCLoMcUv/oM7miiL67rlDXbsEz+n38Lw8kbyPoB/cQC9R\nuvBY4ieRG0chDmjsU+otF+iqu9lCrTHjlBLiJRR7LMYxZsQyLkDL2vAzdJKDIlpeOAgnL4/Frsxy\nx01c5lIahWFAZzFyUoOsW+jEhOvphuYFUZmKy6FWAobGbq22xZf3SthrKM8OGd+vNx/DMjIZpatG\nEtOP/zoDwjb/CqLXG8LoXjc=\n", 
    "url": "https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-0906022755425426/Zonechilds.csv"
}

Now download the given URL:

curl -k1 -u admin:infoblox -H "Content-type:application/force-download" -O \
'https://192.168.1.2/http_direct_file_io/req_id-DOWNLOAD-0906022755425426/Zonechilds.csv'

then close the file on the GM's web server

 
curl -k1 -u admin:infoblox -X POST 'https://192.168.1.2/wapi/v2.12/fileop?_function=downloadcomplete' \
-H "Content-Type: application/json" -d '{ "token": "eJytjk0LgjAcxr9K7JybTp0vN8OCIBQiCLoMcUv/oM7miiL67rlDXbsEz+n38Lw8kbyPoB/cQC9R\nuvBY4ieRG0chDmjsU+otF+iqu9lCrTHjlBLiJRR7LMYxZsQyLkDL2vAzdJKDIlpeOAgnL4/Frsxy\nx01c5lIahWFAZzFyUoOsW+jEhOvphuYFUZmKy6FWAobGbq22xZf3SthrKM8OGd+vNx/DMjIZpatG\nEtOP/zoDwjb/CqLXG8LoXjc=\n"}'

 

Re: API call for extattrs failing on records, but working on zones.

[ Edited ]
Techie
Posts: 6
950     0

So if allrecords isn't an object type, is there a call/search I can make similar on the DNS level that I do on the ZONE level to return all DNS objects with whatever extensible attribute they may or may not have?  Without forking it to a CSV file?  

 

FWIW I used your example and it worked well, just not sure if that process will work for what we are trying to do.  Which is simply pull this data into a CMDB periodicially and look for deltas and track those on specific object types (zones, static DNS, etc..). 

 

With some PS help I was able to figure it out, can change record:a to whatever kind of record you want.  Wondering if there is a way to put all types in a sinlge call?

 

https://domain.com/wapi/v2.12/record:a?zone=domain.com&creator=STATIC&_return_fields=comment,disable,name,zone,extattrs
Showing results for 
Search instead for 
Did you mean: 

Recommended for You