Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



DNS Zone Multi Primary

Posts: 15
5883     0

Hello to all

it is possible to have the following scenario, a DNS zone with 2 primaries:


a. Primary is a member of the grid

b. The other primary is External primary (probably a DNS with Windows OS - although I hope for bind) that cannot be joined to the infoblox grid.


From the NIOS Admin 8.2 documentation it seems not possible


"You can configure multiple Grid primaries or multiple external primaries (including servers integrated with Microsoft AD) for a zone, but you cannot configure them both simultaneously for the same zone"


Is that still the case now? Maybe something is changing from docs


If this is not possible, the remaining way seems to be to convert the primary zone into a secondary zone (on infoblox member) and use another external primary as the master


Are there any documented steps on how to go from primary to secondary area?


Thanks in advance

Re: DNS Zone Multi Primary

Posts: 36
5883     0

Hello there,


The statement from the NIOS Administrator Guide still stands. We can not have a combination of a Grid Primary and an External Primary at the same time.


To change/convert an Authoritative Zone from using Grid Primary to an External Primary is pretty straight forward and can be done by using the following steps - 


  1. Edit the Zone in concern.
  2. Navigate to the Name Servers section.
  3. Select the Grid Primary and External Secondary (if it exists) and Delete it by using the Delete button.
  4. Now click on the Add button and add an External Primary as well as a Grid Secondary in order.
  5. Save & Close


Do note that when this is done, the Infoblox DNS Server would shed its Authoritative Data / Copy of the Zone and would have to rely on Zone Transfer from the configured External Primary to get the Zone Data. So do ensure that the External Primary has the full copy of the Zone that can be transferred to the now Secondary Infoblox DNS Server. 

P.S: It is always recommended to take a Database backup before performing any major changes as you would have an option for unexpected scenarios.



Re: DNS Zone Multi Primary

Posts: 15
5883     0

Ok thanks for the answers


The requirements are:


Multiple actors can modify the same zone
But the A actor have an external DNS for that zone, and now the zone is primary on infoblox grid of the B actor.

So the two possibile technical solution could be:


1. convert the zone from primary to secondary (with the above procedure in the previous post)
2. add an external primary dns for the B actor (that one with grid primary and owner of the zone):

 2a. remove the grid primary for the zone
 2b. add the external primary of actor A
 2c. add the external primary of actor B
 2d. add all other grid secondary of actor B


All this because we would like to maintain the governance of the DNS zone with multiple actors


Is there another possibile solution.....?


Thanks again

Showing results for 
Search instead for 
Did you mean: 

Recommended for You