Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

DNS FORWARDING - IS IT POSSIBLE FALLBACK IP?

New Member
Posts: 3
688     0

Hi Family,

I have the next question:

 

I would like to create a forward zone to resolve an external azure zone, per exemple, *.azurecontainerapps.io, to forward to dns azure, but if i don't receive an IP from azure native dns, i would like to ask azure public DNS. can i do this? i thought that if i put 2 dns servers in forwarder server, one private other public, the firs one, the listener of azure dns (private), if i don't receive an ip from this server, i would like to ask a second one server (azure dns public) like a fallback IP.

 Captura de pantalla 2024-04-09 142850.png

Screenshot_10.png

Re: DNS FORWARDING - IS IT POSSIBLE FALLBACK IP?

Superuser
Posts: 21
689     0

Hello,

You cannot control DNS forwarding behavior as you described, as least not with the standard DNS features. You are right, one can setup 2 (or more) DNS servers in the forwarding setting. Most DNS serves will then pick the faster of the 2 (however "fast" is measured) as the preferred one, and only switch to the other DNS server when the "fastest" one is not responding. 

 

In your case, if you defined 2 forwarders, 1 has a private address, the other has a public address, the private addressed one usually would be faster (I am assuming it is closer on the network, without having to traverse through NAT or firewall). And if the forwarder with the private address is down, your DNS server will automatically "fall back" to querying the forwarder with the public address.

 

I hope this answers your question. 

Re: DNS FORWARDING - IS IT POSSIBLE FALLBACK IP?

New Member
Posts: 3
689     0

Hi JKuo, thanks for your response.

 

I understand. but is there any posibility to create a forward zone to resolve private records of a private autoritative azure zone (DNS PRIVATE RESOLVER) and at same time, if the client onprem don't get any response of that zone because doesn't exist, ask to azure public dns o google public dns?

 

the problem is that azure private zone is a public and private zone, so 1 client of onprem has to resolve, first priuvate record but if it doens't exist, ask to internet (because can be public as well)

Re: DNS FORWARDING - IS IT POSSIBLE FALLBACK IP?

New Member
Posts: 5
689     0

 

 

Condition 1 : for Non Existineg Private Record

yes you can do it not in Infoblox  but Azue Conditional DNS Server

they have confiiguration which will recursive non existent private DNS record to Internet recursive DNS Server so that it will resolve to Public IP 

 

COndition 2 : if conditional DNS forwarder Server is down

yes you can do it in Infoblox 

disable use forward only option but that may trigger public IP if any minimal  disruption 

not recommended

 

 

 

Re: DNS FORWARDING - IS IT POSSIBLE FALLBACK IP?

New Member
Posts: 3
689     0

Thanks rkhan22

 

How is it possible condition 1? where can i configure this "Azue Conditional DNS Server" ?

Showing results for 
Search instead for 
Did you mean: 

Recommended for You