Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Getting Started

Reply

Locking DNS records from deletion
Jmull
New Member
Posts: 1

‎06-28-2023 01:55 PM

597     0

We have a cname that many other cnames are pointing to that was deleted recently. Is there a way to lock specific records from deletion, even by admins/superusers or at least have a prompt to unlock before deletion? Looking to prevent this from happening in the future for a select few records. 

 

Thanks

Labels:
Reply
0 Kudos

Re: Locking DNS records from deletion
tn-bdeschut
New Member
Posts: 6

‎10-20-2023 12:49 AM

598     0

You can't stop a superuser from deleting that record. You could put a warning text in the comment field, but that is about it I believe.

You can stop any other admin from deleting that record though. I just created a user in my lab with the default role 'DNS Admin'. In the permission profile I added an object permission on a specific CNAME with permission read-only. This administrator was able to make any change to the zone, except for editing / deleting this CNAME record.

In your case, a solution would be to create a role with every permission on read-write, except for this one specific object permission. Then change your superuses from superuser to this role.

I would advise to keep one superuser account with a long and secure password and put it in a vault 

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community