10-13-2021 12:08 AM
Is there a way to add NS pointers in parents parent zone via Infoblox?
A vendors support require a CNAME record validation to permit setup of an account
Domain "example.com" managed by our NS plus a partner NS (all auth, no recursion)
Subdomain "sub1.example.com" managed by our NS only
Subdomain "sub2.sub1.example.com" managed on our NS only
CNAME "record.sub2.sub1.example.com" in it's zone, on our NS only
Vendor support complains they cannot approve config on their side because partners NSx doesn't know "record.sub2.sub1.example.com" nor NS of "sub2.sub1.example.com"
Been at this for a month by now debating with vendors support and I'm fed up, so is there a way for me to add either the CNAME as dotted record in "example.com" or NS pointers for "sub2.sub1.example.com" in the parents parent "example.com".?
The alternative as I see it, I'm done arguing at this point, is to go back to my internal customer and inform they have to choose another vendor.
10-14-2021 04:35 PM
Based upon your description, this is what we interpret to be your description:
A ns1.example.com 184.108.40.206
A ns1.sub1.example.com 220.127.116.11
A ns1.sub2.sub1.example.com 18.104.22.168
CNAME record.sub2.sub1.example.com whatever.domain.com
Is this correct?
The vendor complains that since "example.com" also has "NS ns2.externalexample.com" it should also provide the answer for "CNAME record.sub2.sub1.example.com"
In our view, this is incorrect. The subzone sub1.example.com, going by its NS record, is only served by ns1.sub1.example.com. The next subzone sub2.sub1.example.com, going by its NS record, is only served by ns1.sub2.sub1.example.com.
ns2.externalexample.com should only respond with authoritative responses for the zones where it is listed as the nameserver.
10-15-2021 04:14 AM
Thanks for responding tlee!
Yes that's what the vendor support is saying and yes I know that's incorrect, but that does unfortunately not help me here
Their (3rd party) validation tool is incomplete, pulling NS of example.com and query all for record.sub2.sub1.example.com
The query response is correct with NS including additional section with ip of sub1.example.com , the tool consider this response invalid
I've argued with vendor support for a month and they keep replying the tool says wrong so they can't add the config.
I know the root cause and I know the solution but it's out of my reach, hence asking it's posisble with a workaround using Infoblox to add a dotted record record.sub2.sub1 in zone example.com, to get ns2.external.example.com respond the way the tool anticipate.
My other two option is to either tell my internal customer to throw away their investment of their new service, or add the zone on ns ns2.external.example.com to additional cost and administratorn for my team as that NS is an external vendor hosting providing additional DDoS protection