Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Microsoft cluster updating its own DNS records
timfawcett
New Member
Posts: 2

‎10-19-2023 07:28 AM

1930     0

We have some new Microsoft Failover Clusters, which need to be able to update their own DNS records, eg when the service moves to another cluster node. According to Microsoft we need to give the ‘Cluster Name Object (CNO)’ (a computer object in AD) access in DNS to update the cluster DNS records. Microsoft assume you’re using Microsoft DNS, where this isn’t a big issue however we're using Infoblox for DNS...

 

To attempt this, I created a group in AD which contains the CNO, plus the computer objects for the nodes themselves. Then in Infoblox I added the new AD group in Administrators – Groups, then on Permissions gave the group RW access to the HOST records for the cluster. I don’t know if there’s any more I need to do here in Infoblox though…

 

We get errors in the Windows event logs saying ‘the system failed to register host (a or AAAA) resource records (RRs) for network adapter…’ etc. Is there any more we need to do in Infoblox to allow the AD group members to update those records?

 

(The cluster DNS records are HOST records and are not protected).

Reply
0 Kudos

Re: Microsoft cluster updating its own DNS records
tn-bdeschut
New Member
Posts: 6

‎10-19-2023 08:45 AM

1931     0

If your Infoblox is authoritative for the relevant DNS zone, I guess you need to allow dynamic updates from these servers to the relevant zone(s). A simple way to achieve this, is by using a named ACL based on source IP and configuring this in the 'update' tab on the zone properties.

You could also use GSS-TSIG to allow signed dynamic updates from the domain controllers, this is more secure and allows for more granular control, but it also more difficult to setup. I would highly recommend testing that out in a lab environment first.

Reply
0 Kudos

Re: Microsoft cluster updating its own DNS records
timfawcett
New Member
Posts: 2

‎10-20-2023 04:02 AM

1931     0

Thanks, that seems to have worked, also had to give access to the reverse zone, but the errors on the Windows servers have stopped. Just waiting for the project to try a cluster swap to confirm...

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community