Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API & Integration, DevOps,NetOps,SecOps


"DNS Name contains"

New Member
Posts: 3
4095     0


I've been playing with the Infoblox API in Python 3, and was trying to implement the "DNS Name contains" type of search from the web interface.  I'd like to automate some things and searching by hostname or host regexes would be wonderful.  However, following the examples from the documentation, I have not been able to obtain anything other than an empty 'results: [] ' reply, whether I've used hostnames, fqdns, or regexes.  I receive expected results if I look for IP addresses, not cannot receive any hostname responses.  Here's a sanitized script:


import requests


hostname = 'somehost'
host_ip = ''

url1 = f"https://<infoblox>/wapi/v2.11/record:host?_return_as_object=1&name~={hostname}"
res1 = requests.request('GET', url, auth=('ro_user', 'password'), verify=False)

url2 = f"https://<infoblox>/wapi/v2.11/ipv4address?_return_as_object=1&ip_address={host_ip}"
res2 = requests.request('GET', url, auth=('ro_user', 'password'), verify=False)

I generally don't like to ask for help but I'm baffled.  For a host with actual DNS records, using the fqdn returns no results.  Sending the request to 'record:a' returns no results.  Any kind of record request for any host with actual records implemented on the Infoblox system always returns:

    "result": []

FWIW I also used curl per the documentation, and also received no results.  I'm sure I'm doing something wrong, but can anyone see what it might be?

Re: "DNS Name contains"

Posts: 181
4096     0



Do you get a response when you just run a query against record:host? Just checking to eliminate the possibility of a permission issue. Also are these host records in the "default" view or some other view?




Re: "DNS Name contains"

New Member
Posts: 3
4096     0

Thanks for the response!  I receive 59 responses with a call to:


We have thousands of systems.  All of the records (or at least the ones I'm ever going to be interested in) are in the default view.    It's just weird to me that if I do 'nslookup somehost' I get a response with an IP address.  If I try to query for somehost, I receive an empty response.  








I've tried other permutations, also, with empty results.  When I query the IP address for somehost:


I get the IP network, names, _ref, the works.


Re: "DNS Name contains"

New Member
Posts: 3
4096     0

I finally had time to circle back to this issue.  I changed my API user to the admin group and suddenly I received "result set too large" errors on the same queries that had previously been empty.  I haven't "fixed" it yet but there's clearly some kind of permissions problem that prevents receiving "record:x" query results.  Thanks!

Showing results for 
Search instead for 
Did you mean: 

Recommended for You