Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



Partial DTC Functionality with Secondary DNS

Posts: 12
3918     0

This is a long shot, but still worth asking.


Can a hidden master that's running DTC affect secondaries attached to it?


For example, we have public DNS providers that secondary to hidden masters at the corporate edge. The hidden masters could run DTC and would be configured to probe backend systems for availability, and thereby dynamically-modify DNS based on environmental triggers. The question would be if the secondaries at the providers would see any changes or if only those performing DNS queries directly against the hidden master would see anything change. I'm guessing no, but it's worth an ask.



Re: Partial DTC Functionality with Secondary DNS

[ Edited ]
Posts: 81
3919     0

Hello There,


Short answer : DTC resource records won't propagate via zone transfer.


Thus only your primary server licensed/configured for DTC loadbalancing would actually perform the health checks (If configured to do so) -> change the DNS response dynamically based on the RR's availability. & your secondary if not licensed for DTC, would return regular DNS responses(It doesn't see your LBDN record). So if your use-case is to perform load balancing for RRs by *every* Infoblox authoritative servers, then they should all be licensed for DTC. 


I hope that late response would address your concern.


Best regards.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You