Reply

Active Directory DNS Migration steps to Infoblox

New Member
Posts: 2
28019     0

Any expert here can help me verify below steps and provide some advise? 

 

 

Background

Customer have multiple branches, some locations have Infoblox and some doesn’t. They also have multiple ADDC and RODC in different locations.

 

Objective

Migrate all the domains/zones in ADDC into Infoblox. After successful migration, all AD will convert into secondary zone.

 

Migration Steps

  1. create an authoritative zone
  2. configure ACL to allow updates from AD DNS
  3. configure AD DNS integration and underscore (_) zone will create automatically
  4. login into AD server
  5. configure DNS and point to Infoblox
  6. restart DNS service
  7. net stop netlogon
  8. net start netlogon
  9. ipconfig /registerdns
  10. Infoblox will sync all the SRV zone records (_ldap, _kerberos)
  11. Configure allow zone transfer from AD DNS to Infoblox
  12. Initiate import zone in Infoblox to import static A record and dynamic records
  13. Delete all dynamic records (because it will import as static into Infoblox)

 

**Since the project is big, we will let AD DNS running as normal but the AD DNS server DNS setting will point to Infoblox as prefer DNS

 

Migration for branches that have Infoblox

  1. Through DHCP server, dynamic client DNS setting will point to Infoblox
  2. User will update the dynamic record directly to Infoblox
  3. However, there is many servers are using static setting which we will migrate slowly.
  4. In this case, servers DNS are pointing to AD DNS however the AD DNS is pointing to Infoblox as prefer DNS. ** will this causing issue to the servers to operate as normal?

 

Migration for branches that do not have Infoblox

  1. The AD in the branches will convert to secondary zones
  2. Infoblox will zones transfer to AD DNS
  3. Client DNS will still be pointing to local AD DNS
  4. As our research, DHCP client will update their dynamic record to grid master directly. Therefore, we need to open UDP & TCP 53 from branches network to Grid master

 

Thanks

Chew

Re: Active Directory DNS Migration steps to Infoblox

New Member
Posts: 5
28019     0

Hi Chew,

 

I've migrated multiple ADs to Infoblox-DNS just recently.

Mostly I concure with your steps, but did it that way:

1.) Enabled Zone-Transfer on the Windows-DNS

2.) Created an ACL with the DCs in that are allowed to update the zone

3.) Created a new authoritive zone on Infoblox (NIOS)

4.) Imported the Zone to Infoblox and did the same for all subzones like _msdcs....

5.) Set the DC to use the infoblox as dns

6.) executed "net stop netlogon && net start netlogon" - that triggers the verification / registration of the SRV-Records, etc.

7.) Checked the syslog on the Infoblox-DNS to see possible errors

8.) If everything's good, set the Windows-DNS to forward all queries to the Infoblox

9.) Did the same on all DCS (Writeable and Readable).

10.) As soon as all the DCs have been migrated I deleted the AD-Integrated DNS-Zones transforming the Windows-DNS to be caching-only servers.

 

Cheers,

 Philipp

 

Re: Active Directory DNS Migration steps to Infoblox

New Member
Posts: 2
28019     0

Hi Philipp,

 

Thank you so much for your sharing. I have 1 question regarding your migration:

 

1. For steps 9 and 10, do you do it one shot for all DCs or phase by phase, FYI, my customer got 60++ DC servers, we are thinking to do it phase by phase but we worry problem will occur in the period. 

 

Thanks

Chew

 

 

Re: Active Directory DNS Migration steps to Infoblox

Techie
Posts: 7
28019     0

I have the same question did you find an answer?

Re: Active Directory DNS Migration steps to Infoblox

New Member
Posts: 1
28020     0

Hi Philipp / Team,

 

Here i would like to know how you converted Infoblox from Secondary Name server to Primary ?

 

Rgds,

Prakash Semwal

Re: Active Directory DNS Migration steps to Infoblox

Techie
Posts: 10
28020     0

Hi,

 

I have done the same steps, when I test AD replication to synch with each other it fails( I have 4 AD in different DCs).

 

I checked on the MS side that some record _ type are missing.


On the infoblox, I believed that the sub-zones are created but inside that zones there is nothing.


My question is: on the AD side zone is there and on top of that zone, there are sub-zone _msdcs. test. local This zone and sub-zone record are not coming.


It will be highly appreciated if some one have experience and how to fix this.

 

Thanks

Shaukat

Re: Active Directory DNS Migration steps to Infoblox

[ Edited ]
New Member
Posts: 2
28020     0

Hello all, 

 

   We did MS DNS zones migration into InfoBlox but we are facing a problem with DDNS updates. All servers have static IP address from subnets not woned by infoblox.

When we do any change on any server (hostname, IP address, rebooting ..et) the server does not sent DDNS updates to infoblox. When we use   ipconfig /registerdns it works fine and also after 24 hours the server sends DNS update. 

 

Anyne has faced this problem before? How we can get the servers to send the updates automatically? Is there a specific configuration we need to do on InfoBlox ?

 

Thanks for your help!

Re: Active Directory DNS Migration steps to Infoblox

Expert
Posts: 188
28020     0

If you are using secure AD zones you'll need to configure Infoblox to use GSS-TSIG. You'll need to create a user account in AD for Infoblox to use and add it to the DNSUpdateProxy group. You'll need to run ktpass to generate a keytab file and load it into Infoblox so that it can authenticate with AD. Then you'll need to specify which zones use GSS-TSIG updates. There's quite a few things to do but it does work quite well once all set up. Best place to start is the manuals.

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE

Re: Active Directory DNS Migration steps to Infoblox

[ Edited ]
New Member
Posts: 2
28020     0

Hi paulr

 

   - We configure GSS-TSIG on the migrated zones.

   - Allowed updates from the subnets ACL.

   - Allowed updates from DCs.

  And infoblox is receiving DNS updates from the servers and DCs in two cases :

         - Issuing ipconfig /registerdns

         - Every 24 hours (The default refresh interval) 

  The problem is when doing changes on the servers such as (join to the domain, change hostname, ip address) they should send updates to infoblox as it's the normal behavior with AD integrated DNS zones, however, the servers don't do that. 

From packet capture we saw that the servers are sending query request querying SOA and then they stop. 

 

Much appreciate your help!

Thanks, 

Re: Active Directory DNS Migration steps to Infoblox

New Member
Posts: 1
28020     0
Hi, i’m really interested in how you solved this?

Re: Active Directory DNS Migration steps to Infoblox

Techie
Posts: 10
28020     0

Hello,

can you please describe closer how you did point 5,
5.) Set the DC to use the infoblox as dns

what was first, second .. third DNS server. If you set up first localhost as recommended for MS servers and the second was INfoblox?

Thank you
St

Re: Active Directory DNS Migration steps to Infoblox

New Member
Posts: 1
28020     0

A bit late to the party but i had the same issue.

 

I resolved it by making sure that the names of the primary name servers are correct in the SOA record. They should reside in the same zone. 

 

So if i have for example a domain test.local i would make sure that my name servers are also in that zone as ns1.test.local and ns2.test.local etc... you can overwrite the nameserver name in the SOA record.

Screenshot 2024-10-18 210332.png

Re: Active Directory DNS Migration steps to Infoblox

New Member
Posts: 2
28020     0

Hello mrphoenix 

 

I hope you're doing well.

 

Could you please clarify the necessity of Step 5? (Set the DC to use the infoblox as dns)

 

Wouldn't allowing the zone's transfer be sufficient?

 

Thank you in advance for your help!

 

Regards.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You