Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



Bad/incorrect DNS response

New Member
Posts: 1
3429     0

I have multiple servers in the same subnet querying correclty, and one server that is getting what I would call bad responses. The names I am querying are within my own domain, so my IB cluster is the only place the names exist. I ran a packet capture and on the initial PTR request InfoBlox is telling the bad server that it (IB) is not an authority for the domain - on working servers it says it IS an authority - and on A record lookups sends the request out into the world, which obviously has no idea.


I am barely an IB apprentice. Where can I even look to see what is going awry?


I can see the two-way traffic of the request and the response, so the communication is there.

IB sends a 'good' server a type A response, and the IP.

IB sends the 'bad' server a type SOA response, and forwards to 'the world'


If more information is needed, just let me know. I am almost positive that this is going to end up being a server problem, but I want to do as much as I can before sending it back over the fence.



Re: Bad/incorrect DNS response

Posts: 109
3430     0

Based on your description, my first thought is that you are using DNS Views and the 'bad' server is matching against a different DNS View than the other servers.


This is probably best to troubleshoot with help from the Infoblox Support team, but to start:

  1. Edit the properties for your DNS Views and make sure that all servers are setup correctly in the Match Clients Lists
  2. In the DNS properties for your Infoblox servers, verify that the order is set correctly for the DNS Views.


The DNS configuration file can make it easier to trace through this as you can scroll through the file and see its exact configuration.


After making any changes to these configurations, be sure to restart services for the change to take effect.




Showing results for 
Search instead for 
Did you mean: 

Recommended for You