Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Trending KB Articles


Support Central: KB #98: Promoting a Grid Master Candidate

This week, we're highlighting a top trending knowledge base article we receive inquiries about often;  promoting a grid master candidate!



The Infoblox Grid contains a Grid Master, Grid Master Candidates, and members. Each Grid can have only one Grid Master at a time. The Grid Master is the central seat of administration for the entire Grid. The Grid architecture is a Star Topology in which all data replicates from Grid Master to member and member to Grid Master. The Grid Master contains a master copy of the database and coordinates all data and configuration synchronization throughout the Grid.


Grid Master Candidate Assuming the Role of Grid Master


A Grid Master Candidate, which is technically a member, is eligible to assume the role of Grid Master through the promotion process. Any member can be designated as a Grid Master Candidate and there can be multiple Grid Master Candidates designated at any given time. Since a Grid Master Candidate is eligible to become the Grid Master, it also gets a complete copy of the Grid database. For this reason, it is strongly recommended that Grid Master Candidates are the same appliance model as the Grid Master.


The promotion process is the process of promoting a Grid Master Candidate to replace the current Grid Master. This process can be initiated regardless of whether the current Grid Master is currently up and communicating with the Grid or offline. Since the promotion process is intended to deal with situations where the current Grid Master may be unavailable, it can only be manually initiated using the CLI of the Grid Master Candidate that is to be promoted.


Please note that Grid Master promotion DOES NOT MOVE SERVICES from the original Grid Master to the Grid Master Candidate.


Here is an example:

=> The original Grid Master is serving DNS

=>The Grid Master Candidate was serving DHCP


Promoting the Grid Master Candidate does not move the DNS service from the original Grid Master to Grid Master Candidate. Grid Master Promotion just gives you a way to access the Grid using the newly promoted Grid Master. However, all services that are served by each Grid Master or Grid Master Candidate remain with those nodes.


Here is another example: When the Grid Master Candidate becomes newly-promoted Grid Master, it does not carry over the VIP that its predecessor used. Rather, the newly-promoted Grid Master continues to use its own VIP. It notifies all on-line Grid Members so that they can contact it and join it.


Promotion Process


To begin the promotion process, log into the CLI of the Grid Master Candidate that you want to promote. From the command line, run the command "set promote_master". After you hit enter, the Grid Master Candidate restarts and comes back up as the Grid Master. It then begins contacting every member of the Grid (including the original Grid Master) on UDP port 2114notifying them that it is the new Grid Master. After being contacted, the Grid Members restart and then attempt to establish normal Grid communications (via BloxSync) with the newly-promoted Grid Master.


The newly-promoted Grid Master continuously try to contact all Grid Members (to include the original Grid Master) until it reaches them all. It is important to understand that the promotion process is not an election, it is a coup. Once the process begins, Grid Members must comply.


Before you promote a Grid Master, be aware that:


  • Grid Master Candidates must be configured via the GUI or API. This means that you cannot force a member to become a Grid Master Candidate after a Grid Master fails.

  • All firewalls rules that you added, so that your Grid Members can communicate with your (old) Grid Master also should be applied (for new Grid Master) so that all Members can communicate with (New GM) Grid Master Candidates. UDP 2114 and UDP 1194 ports need to be opened between all of your Members and your newly designated Grid Master. UDP 1194 is the default port used, but this port can be configured in the GUI, so check you configuration and adjust it accordingly.

  • Although the actual promotion of the Grid Master Candidate is a manual process, the process of rejoining all members to the new Grid Master is automatic.

Showing results for 
Search instead for 
Did you mean: