Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Trending KB Articles

ThinkstockPhotos-122432442.jpg

#4363: How does a Forward zone work?

If you would like to forward queries for a domain to a set of DNS servers, then you can configure the zone as a forward zone.

A forward zone consists of two components:

  • Forwarders
    • These are DNS Servers to which the queries for the zone are forwarded to.
  • Forwarding Member
    • These are Infoblox appliances which gets queries for the zone and then forwards it to the configured Forwarders.

Example configuration for a forward zone in the DNS configuration file:

    zone "infoblox.com" { # infoblox.com
             type forward;
             forwarders { 10.192.12.12; };
     };

In the above example, zone "infoblox.com" is configured to forward queries for this domain to the forwarder DNS server 10.192.12.12.

Below packet capture will show how forwarding works:
We are using the below configuration for this exercise:

Client IP: 10.192.16.215
Forwarding Infoblox DNS server: 10.192.32.182
Forwarder DNS Server IP: 10.192.12.12

  • Client 10.192.16.215 sends an A record query for www.infoblox.com to the forwarding Infoblox DNS server 10.192.32.182 as shown below:

10.192.16.215     10.192.32.182     DNS     89     Standard query 0xf621  A www.infoblox.com

 

  • This client query is a Recursive query as shown below. The Recursion desired flag is set.

Flags: 0x0120 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = AD bit: Set
.... .... ...0 .... = Non-authenticated data: Unacceptable


  • The forwarding DNS server then forwards the same query to the forwarder DNS server 10.192.12.12 as shown below:

10.192.32.182     10.192.12.12     DNS     89     Standard query 0x634f  A www.infoblox.com

  • The above query is also a recursive query as shown below. The recursion desired flag is set.

Flags: 0x0100 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable


  • Forwarder 10.192.12.12 provides an answer to the Infoblox forwarding member as shown below:

10.192.12.12     10.192.32.182     DNS     531     Standard query response 0x634f  CNAME a.testinfoblox.com A 10.192.32.23


  • Infoblox forwarding member then answers the client query as shown below:

10.192.32.182     10.192.16.215     DNS     187     Standard query response 0xf621  CNAME a.testinfoblox.com A 10.192.32.

Showing results for 
Search instead for 
Did you mean: