Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Trending KB Articles

469586097-660x454.jpg

#106: How do DNS views and recursion work in Infoblox?

Summary

How do DNS views and recursion work in Infoblox?

 

Customer Environment

A Grid or a standalone NIOS appliance with DNS views defined and recursion configured.

 

Version

All NIOS versions

 

Answer

  • If you are using DNS views under NIOS, and recursion is enabled at the Grid level, it is possible that you may be running a configuration that you may not want to be using.
  • Normally, a DNS view is only added to a member of your grid if you specifically add a zone to that view, and map the zone to that member.  However, if you add recursion at the grid level, the view will need to be added to all members to allow for the view to serve recursive queries. 

If this is want you want, you are fine, but if not...

  • The byproduct of having extra views on your members is that there is a finite amount of memory that can be used for DNS cached data.
  • The Infoblox member divides this memory so that each view has an equal amount of memory.  So, if you have a member that has 4 views on it (even if this is not what you really wanted) each view will have 25% of the total amount of memory available to it for DNS cached data.  
  • This may cause issues if your member should only have one view and is heavily used for recursion as the DNS cache may fill up.  
  • A DNS server with a full cache will not be running at optimal levels as it will have to perform additional cache management duties to remove entries in order to add newer entries.

To check for "unwanted" views, and to remove them, simply edit the members DNS properties.  Click the link that says "Toggle Expert View", then "DNS Views." There will be a section titled "Recursive Views Assigned to This Member" that will list both an "Available" and "Selected" section.  Anything listed in "Selected" is currently mapped to the member.  If there are views listed that should not be, simply remove them from the list.  This will take the memory reserved for that view and spread it against the remaining views.  Given the example of 4 views being listed, if you remove the 3 you don't want, 100% of the memory will be used for the remaining view.

Showing results for 
Search instead for 
Did you mean: