Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Trending KB Articles

ThinkstockPhotos-122432442.jpg

#4363: How does a Forward zone work?

adhill
New Member
Posts: 46
adhill

#4363: How does a Forward zone work?

‎05-01-2017 09:52 AM

If you would like to forward queries for a domain to a set of DNS servers, then you can configure the zone as a forward zone.

A forward zone consists of two components:

  • Forwarders
    • These are DNS Servers to which the queries for the zone are forwarded to.
  • Forwarding Member
    • These are Infoblox appliances which gets queries for the zone and then forwards it to the configured Forwarders.

Example configuration for a forward zone in the DNS configuration file:

    zone "infoblox.com" { # infoblox.com
             type forward;
             forwarders { 10.192.12.12; };
     };

In the above example, zone "infoblox.com" is configured to forward queries for this domain to the forwarder DNS server 10.192.12.12.

Below packet capture will show how forwarding works:
We are using the below configuration for this exercise:

Client IP: 10.192.16.215
Forwarding Infoblox DNS server: 10.192.32.182
Forwarder DNS Server IP: 10.192.12.12

  • Client 10.192.16.215 sends an A record query for www.infoblox.com to the forwarding Infoblox DNS server 10.192.32.182 as shown below:

10.192.16.215     10.192.32.182     DNS     89     Standard query 0xf621  A www.infoblox.com

 

  • This client query is a Recursive query as shown below. The Recursion desired flag is set.

Flags: 0x0120 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = AD bit: Set
.... .... ...0 .... = Non-authenticated data: Unacceptable


  • The forwarding DNS server then forwards the same query to the forwarder DNS server 10.192.12.12 as shown below:

10.192.32.182     10.192.12.12     DNS     89     Standard query 0x634f  A www.infoblox.com

  • The above query is also a recursive query as shown below. The recursion desired flag is set.

Flags: 0x0100 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable


  • Forwarder 10.192.12.12 provides an answer to the Infoblox forwarding member as shown below:

10.192.12.12     10.192.32.182     DNS     531     Standard query response 0x634f  CNAME a.testinfoblox.com A 10.192.32.23


  • Infoblox forwarding member then answers the client query as shown below:

10.192.32.182     10.192.16.215     DNS     187     Standard query response 0xf621  CNAME a.testinfoblox.com A 10.192.32.

Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended Discussions

Re: CVE-2022-2795, CVE-2022-38177 and CVE-2022-38178 NIOS 8.4.8

Re: Authentication issues after >8.5.3 upgrade - SCP & vDiscovery (and possibly other service

WAPI : Seed router configuration

Re: DNS service outage after hitting 7/8 of max cache - root cause, how to prevent, mitigate

Most Viewed Support Articles