I asked the same question 4 years ago, we ended up deploying with only a single nameserver defined... I have no idea if this got addressed in a later version...

https://community.infoblox.com/t5/nios-dns-dhcp-ipam/why-can-t-i-have-more-than-1-gss-tsig-external-...

Thanks for the feedback. This is good to know that we're not the only ones to ask for this stuff.

I dont see how complicted it would be to have the possibility to add several "DNS Principal/DNS IP" pairs for each zones.

It sounds like a simple ask to us mere mortals, but to a software engineer it's a complicated subject - do they send the updates in parallel, what about duplicates, how does AD handle this, do they send them one at a time, how long do you wait for a response before sending to the next one, what happens if you get a "refused" type response, if you then have to queue updates how do you manage that queue, how quickly can you process the queue if the endpoint isn't responding quickly enough, do you start throwing updates away if you get a timeout.... yadda yadda yadda.......

The underlying DHCPD daemon only supports a single destination unfortunately,  so it its not possible today to have DHCP send DDNS updates to multiple destinations.

Under normal conditions, any AD Domain Controller that receives the update will replicate it to all the other DNS servers hosting that zone in the domain or forest.

Unfortunately, this is still the case. We were told by Professional Services to use single and abandon our multimaster setup. We are looking into using Anycast as a way to have DHCP/clients send registration to Anycast address and closest "primary" server responds and accepts registration. Replication to take care of getting registration on other primary. We don't plan to implement for couple months as we have other migrations to complete but hope that Anycast method works.

So we're talking about sending updates to MS DNS here - so I guess you're talking about having the primary DNS "service" (ie multiple primaries) sat behind an anycast IP? Does MS support anycast or are you going to hand-craft something to get it working? Maybe you can run something like FRR on Windows, I have no idea.

Haha I really should google stuff first:

https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/anycast

Our Infoblox technical consultant advised us to file a Request for Enhancement (RFE) which we did. It would be nice if more Infoblox customers would file the same RFE so it gets more leverage.  It is now a matter of waiting.

Although far from ideal we have decided to tolerate the SPOF for now. A procedure has been written if this SPOF fails. We have also started a study into alternative configurations. For example, a combination of a stub domain on Infoblox and zone delegation on MS DNS.

Hello Garcia,

My company filled a RFE aswell on this matter. We are waiting for answer from Infoblox.

Regards,

Julien Foll