Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

Infoblox as authoritative DNS - without MS DC in DHCP for hosts
Standartos
Techie
Posts: 9

2 weeks ago

86     0

Hello,

we would like to achieve that all of our DNS traffic goes through Infoblox as authoritative DNS.
With that we want to remove Microsoft AD from DHCP propagation to host.
But we are experincing that PC are not able to login to domain, after several hours probably when cached record expired.
Has anyone please experince with that?

Thank you
S

Labels:
Reply
0 Kudos

Re: Infoblox as authoritative DNS - without MS DC in DHCP for hosts
bstafford
Authority
Posts: 28

a week ago

86     0

What do you mean by “all our DNS traffic goes through Infoblox as authoritative DNS”. Do you mean you want all your internal authoritative DNS zones to move to Infoblox or do you mean that you want all your clients to use Infoblox for DNS recursion? (or something else?)

 

What do you mean by “remove Microsoft AD from DHCP propagation to host”? Do you mean you want to update DHCP configuration to provide Infoblox IP addresses in the DNS Name Server option so that DHCP clients use Infoblox for recursive DNS rather than Microsoft DNS servers for recursive DNS? (or something else?)

 

Assuming you are sending recursive queries to Infoblox and the Infoblox is forwarding queries for the Active Directory domain to the Microsoft servers, check the following setting on the Grid members

Grid > Data Management > DNS > Members/Servers > [Edit Member ] > General

Check that the option “Return Minimal Responses” is disabled. I’ve seen some configs with this option enabled and the NIOS didn’t return the “ADDITIONAL SECTION” bit of the reply that the Microsoft server sent to the NIOS appliance.

 

Reply
0 Kudos

Re: Infoblox as authoritative DNS - without MS DC in DHCP for hosts
Standartos
Techie
Posts: 9

Tuesday

86     0

Hi,

thank you for answer, i troubleshoot the issue with wireshark and the issue was that subzone msdcs was left as secondary on Infoblox, and the PC that tried connect to domain didnt want to accept response for query to SRV records, when the server was not authoritative.

S

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements