Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API & Integration, DevOps,NetOps,SecOps

Reply

"DNS Name contains"

New Member
Posts: 3
3604     0

Hello,

I've been playing with the Infoblox API in Python 3, and was trying to implement the "DNS Name contains" type of search from the web interface.  I'd like to automate some things and searching by hostname or host regexes would be wonderful.  However, following the examples from the documentation, I have not been able to obtain anything other than an empty 'results: [] ' reply, whether I've used hostnames, fqdns, or regexes.  I receive expected results if I look for IP addresses, not cannot receive any hostname responses.  Here's a sanitized script:

 

import requests


requests.packages.urllib3.disable_warnings()

hostname = 'somehost'
host_ip = '10.1.2.3'

url1 = f"https://<infoblox>/wapi/v2.11/record:host?_return_as_object=1&name~={hostname}"
res1 = requests.request('GET', url, auth=('ro_user', 'password'), verify=False)
print(res1.text)

url2 = f"https://<infoblox>/wapi/v2.11/ipv4address?_return_as_object=1&ip_address={host_ip}"
res2 = requests.request('GET', url, auth=('ro_user', 'password'), verify=False)
print(res2.text)

I generally don't like to ask for help but I'm baffled.  For a host with actual DNS records, using the fqdn returns no results.  Sending the request to 'record:a' returns no results.  Any kind of record request for any host with actual records implemented on the Infoblox system always returns:

{
    "result": []
}

FWIW I also used curl per the documentation, and also received no results.  I'm sure I'm doing something wrong, but can anyone see what it might be?

Re: "DNS Name contains"

Adviser
Posts: 181
3604     0

Hi,

 

Do you get a response when you just run a query against record:host? Just checking to eliminate the possibility of a permission issue. Also are these host records in the "default" view or some other view?

 

Thanks,

Krishna

Re: "DNS Name contains"

New Member
Posts: 3
3604     0

Thanks for the response!  I receive 59 responses with a call to:

/wapi/v2.11/record:host?_return_as_object=1

We have thousands of systems.  All of the records (or at least the ones I'm ever going to be interested in) are in the default view.    It's just weird to me that if I do 'nslookup somehost' I get a response with an IP address.  If I try to query for somehost, I receive an empty response.  

 

/wapi/v2.11/record:host?_return_as_object=1&name~=somehost

/wapi/v2.11/record:host?_return_as_object=1&name~=somehost.domain.com

/wapi/v2.11/record:host?_return_as_object=1&name~=.*somehost.*

/wapi/v2.11/record:host?_return_as_object=1&name~=.*somehost.domain.com.*

/wapi/v2.11/record:a?_return_as_object=1&name~=.*somehost.*

/wapi/v2.11/record:a?_return_as_object=1&name~=.*somehost.domain.com.*


I've tried other permutations, also, with empty results.  When I query the IP address for somehost:

/wapi/v2.11/ipv4address?_return_as_object=1&ip_address=10.1.1.1

I get the IP network, names, _ref, the works.

 

Re: "DNS Name contains"

New Member
Posts: 3
3604     0

I finally had time to circle back to this issue.  I changed my API user to the admin group and suddenly I received "result set too large" errors on the same queries that had previously been empty.  I haven't "fixed" it yet but there's clearly some kind of permissions problem that prevents receiving "record:x" query results.  Thanks!

Showing results for 
Search instead for 
Did you mean: 

Recommended for You