Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



Setting up LDAP over SSL for MS DNS management

Posts: 188
2395     0

Hi all,


I am just working on a design for a customer at the moment that will use the MS DNS synchronisation module, but I can't for the life of me remember if I've ever set this up using LDAP over SSL. Has anyone done it? I'm guessing I need to get the certificate for each MS DNS server I want to sync with and upload it to Infoblox, but I was wondering, can I just upload the root CA cert so Infoblox trusts any certificate the DNS servers send down?


The admin guide is a bit vague (see underlined text below), has anyone done this or can advise?


"Encryption: You can encrypt the network traffic between the Grid member and the managed Microsoft server using SSL. Select a value, None or SSL, from the drop-down list. Infoblox strongly recommends that you select SSL from the drop-down list to ensure the security of all communications between the NIOS appliance and the Active Directory server. When you select SSL, the appliance automatically updates the TCP port to 636. When you select this option, you must specify the FQDN of the Microsoft server instead of the IP address and you must upload a CA certificate from the Active Directory server. Click CA Certificates to upload the certificate. In the CA Certificates dialog box, click the Add icon, and then navigate to the certificate to upload it."



Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Showing results for 
Search instead for 
Did you mean: 

Recommended for You