Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



Creating a zone in Infoblox

New Member
Posts: 1
5501     0

Currently we have DNS through Infoblox, and I am very new to infolox, always used MS DNS


I am going to be creating a new Active Directory Child domain in an existing forest, so I am looking for best practices on how to do that, not sure if I should setup MS DNS and then move it into infoblox, or is there a better way to accomplish this



Re: Creating a zone in Infoblox

[ Edited ]
Posts: 72
5502     0

Hello Felix,


If I understand correctly, you are standing up new child domains with new DCs and are confused between the below options.


1. Set up new child domains with DNS service on the same DC and direct updates to Later move the zone and its data to Infoblox as authoritative primary or secondary !? [Please clarify].


2. Create authoritative primary zone for the child domain on Infoblox DNS and configure the new domain controllers to update Infoblox DNS.



Well, if Infoblox is already DNS for your AD environment and if you have done the capacity planning with your Infbolox Account team to confirm that your existing Infoblox DNS has the resources to accomodate and serve the new zone(s) and data, the recommendation would be to have the zones setup on Infoblox.


1. Create the child zone(s) on Infoblox and assign it to the correct name servers or name server group.

2. Edit the "Updates" section and "Active Directory" section to include/allow your Domain controller IP addresses.
3. Check "Automatically create underscore zones" so that we autocreate necessary subzones such as "_msdcs" on the Infoblox side. This is purely for administrative ease and for segmentation of data to subzones instead of having everything populated directly under the child zone(s) you create.

4. Restart DNS service on Infoblox for changes to take effect.

5. Verify firewall rules to allow UDP and TCP port#53 traffic from your DCs to Infoblox.
6. Standup your new child domain and configure your DCs with the DNS server IP of Infoblox.
7. All resource record updates A,CNAME,MX,SRV etc should propogate to your new zone on Infoblox.

8. If you do not find any records being updated, you may want to restart netlogon service on the DC or investigate further while I cannot think of anything that could go wrong.



Best Regards,
Bibin Thomas

Showing results for 
Search instead for 
Did you mean: 

Recommended for You