AD-DC updating DNS Records in Infoblox

Buchon · ‎11-24-2023

Hello there

I am currently setting up a testlab and would like to migrate from Windows DNS to Infoblox. I set up GSS-TSIG acording to this article: Accepting GSS-TSIG-Authenticated Updates - Infoblox NIOS 9.0 - Infoblox Documentation Portal

But I am at a loss here. When I try to update the records from a AD-joint Client with: ipconfig /registerdns I can see via Wireshark and in the Infoblox Syslog, that something isnt working there.

I want that the Clients update their DNS records on the Infoblox DNS.

Infoblox Syslog

Wireshark capture on Client after "ipconfig /registerdns"

registerDNS.pcapng_2023-11-24_17-24-53.png

Any help would be much appreciated!

MattR · ‎11-27-2023

Just a guess, but it looks like the enctyption types don't match. All the encryption types need to match, between
1) what gets generated with the ktpass command
2) what gets imported to Infoblox
3) what is supported and enbabled on the Windows clients (including the domain controller)

Buchon · ‎11-30-2023

Thank you for the reply! I managed to get it working, I put the IP of the DC in the ACL of the Grid DNS properties.

It does seem that the keytab file is working, when I disable GSS-TSIG updates in the Update Tab of the DNS Grid properties. It won't work. So I think that the ACL entry was needed.

NIOS DNS DHCP IPAM

AD-DC updating DNS Records in Infoblox

Re: AD-DC updating DNS Records in Infoblox

Re: AD-DC updating DNS Records in Infoblox