Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



Additional (V?)IP for DNS DHCP question

[ Edited ]
Posts: 8
2720     0



I'am looking into adding Additional addresses to an HA pair of Infoblox IB-1415 (8.4.6).


The goal i'am trying to achive is to provide DNS and DHCP interfaces into non-routed subnets, thus as layer 2 interfaces.


I tought that I would just have to add additionnal IPv4 VIP with VLAN tagging (which is what I'am looking for), but i'am struggling with some issues :


  • I had to allow the appliances to "Listen" for DNS in the Member DNS configuration, but he added an A record with this IP which is non-routed pointing to itself. This means that now anyone, after getting the NS records for my (sub)domains, could potentially get the non routed IP and will never get any response
  • I didn't find any option to "Listen" for DHCP on this same interface?


Did I miss something?


Is it possible to achive what I'am looking for?


Should I use another type of subinterface (so not VIP)?

Re: Additional (V?)IP for DNS DHCP question

Posts: 8
2720     0



The main question here is : is it possible to Listen for DHCP Packets on Additionnal VIPs?


It doesn't seems to work from scratch and I can't find any option to allow it as I could find for the DNS configuration.

Re: Additional (V?)IP for DNS DHCP question

Posts: 8
2721     0
Alright, I found this small paragraph in the Admin Guide (for the 7.3 version but I guess it's still valid here) :

Currently, only the DNS service can listen on specific VLAN interfaces. The DHCP service listens only on the primary
VLAN interface (tagged or untagged). However, if the primary VLAN interface is untagged, DHCP will serve all VLANs
on that interface because an untagged primary VLAN receives all broadcast packets. You can also specify VLANs as
the source port for sending DNS queries and notify messages.


If I understand correctly, DHCP is not supported on additional VLAN interface, only DNS. There is a trick to still handle broadcast DHCP packets on the untagged interface, but it won't work in my case since the DHCP trafic is coming from a Relay (thus in Unicast).

Can someone confirm that I understand this correctly?

Also, is the behavior the same with loop back interfaces?

Thank you
Showing results for 
Search instead for 
Did you mean: 

Recommended for You