Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Update forwarder Settings locally on the node

New Member
Posts: 2
2022     0

Hello everyone,

 

Is there a way to update the forwarder settings in NIOS node locally that is completely isolated from the network and from Grid Master?

 

Scenario is: We recover the NIOS appliance in disaster recovery environment in a completely isolated network. NIOS appliance cannot communicate with the grid master and we need to update forwarder settings locally to allow NIOS to use local isolalated BIND servers. This will allow us to perform external name resolution in the isolated network environment.

 

Thank you!

Re: Update forwarder Settings locally on the node

[ Edited ]
Superuser
Posts: 81
2022     0

Hello Nonseca,

 

I see where you stand. But NIOS do not permit this & all such configuration changes should be done through the Grid master's UI. If your intension is to forward all incoming queries to the Bind server & if you aren't worried about the authoritative name resolution by this specific DNS server, i may try something like this :

 

1) Reset this node by issuing the command, 'reset database' from its CLI & preserve the network configuration during the execution. This action would mean that the node would be disconnected from the Grid master -> It becomes a fresh node WITHOUT ANY DATA & becomes a grid master by itself -> but should have all the licenses that you applied earlier.

 

2) Now you'd be in a position to access the UI of this node by entering, 'https://<IP_address_of_this_node>'.

 

3) Go to the grid DNS properties -> Go to forwarders -> Add the Bind servers as the forwarders -> Enable 'forwarder only' if needed -> Save.

 

4) Start DNS service on the node & all incoming queries would be fowarded to BIND servers for resolution.

 

Now when you're in a position to connect the node back to the OLD GM, issue the command 'set membership' or join via GUI. Once the node join back to the OLD GM, it will retrieve the configuration that it had while it was last online.

 

NOTE : Please revisit your requirements before attempting this & keep in mind that resetting the node will completely wipe of the data. As of now, though the node is disconnected from the grid master, it has everything as before(Till the last sync with the GM). Once you reset it, this is gone till it synchronizes again with the GM.

 

Best regards,

 

Re: Update forwarder Settings locally on the node

New Member
Posts: 2
2022     0

Reset database clears all the existing A records from the node right? That would not be helpful in our situation as we still need to keep existing records in the database in an isolated network.

Re: Update forwarder Settings locally on the node

Expert
Posts: 185
2023     0

What you could do, is whilst it's connected to the grid, make a grid master candidate.

 

Then when you move it into the D/R environment, log in via ssh and type "set promote_master"

 

It will now become an isolated grid master and you can login and adjust the forwarding config.

 

You have to be careful when you want to bring it back into production because it will be sending messages out to all the members announcing it is a new grid master, I'm not sure if it ever gives up sending these messages, so before you rejoin it into production you should probably reset it and then rejoin the grid, unless you don't mind everything swinging over to your "new" grid master for a while (note services are restarted when this happens).

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Showing results for 
Search instead for 
Did you mean: 

Recommended for You