07-12-2020 07:46 PM
Any expert here can help me verify below steps and provide some advise?
Customer have multiple branches, some locations have Infoblox and some doesn’t. They also have multiple ADDC and RODC in different locations.
Migrate all the domains/zones in ADDC into Infoblox. After successful migration, all AD will convert into secondary zone.
- create an authoritative zone
- configure ACL to allow updates from AD DNS
- configure AD DNS integration and underscore (_) zone will create automatically
- login into AD server
- configure DNS and point to Infoblox
- restart DNS service
- net stop netlogon
- net start netlogon
- ipconfig /registerdns
- Infoblox will sync all the SRV zone records (_ldap, _kerberos)
- Configure allow zone transfer from AD DNS to Infoblox
- Initiate import zone in Infoblox to import static A record and dynamic records
- Delete all dynamic records (because it will import as static into Infoblox)
**Since the project is big, we will let AD DNS running as normal but the AD DNS server DNS setting will point to Infoblox as prefer DNS
Migration for branches that have Infoblox
- Through DHCP server, dynamic client DNS setting will point to Infoblox
- User will update the dynamic record directly to Infoblox
- However, there is many servers are using static setting which we will migrate slowly.
- In this case, servers DNS are pointing to AD DNS however the AD DNS is pointing to Infoblox as prefer DNS. ** will this causing issue to the servers to operate as normal?
Migration for branches that do not have Infoblox
- The AD in the branches will convert to secondary zones
- Infoblox will zones transfer to AD DNS
- Client DNS will still be pointing to local AD DNS
- As our research, DHCP client will update their dynamic record to grid master directly. Therefore, we need to open UDP & TCP 53 from branches network to Grid master
Solved! Go to Solution.
07-15-2020 05:48 AM
I've migrated multiple ADs to Infoblox-DNS just recently.
Mostly I concure with your steps, but did it that way:
1.) Enabled Zone-Transfer on the Windows-DNS
2.) Created an ACL with the DCs in that are allowed to update the zone
3.) Created a new authoritive zone on Infoblox (NIOS)
4.) Imported the Zone to Infoblox and did the same for all subzones like _msdcs....
5.) Set the DC to use the infoblox as dns
6.) executed "net stop netlogon && net start netlogon" - that triggers the verification / registration of the SRV-Records, etc.
7.) Checked the syslog on the Infoblox-DNS to see possible errors
8.) If everything's good, set the Windows-DNS to forward all queries to the Infoblox
9.) Did the same on all DCS (Writeable and Readable).
10.) As soon as all the DCs have been migrated I deleted the AD-Integrated DNS-Zones transforming the Windows-DNS to be caching-only servers.
07-17-2020 07:30 AM
Thank you so much for your sharing. I have 1 question regarding your migration:
1. For steps 9 and 10, do you do it one shot for all DCs or phase by phase, FYI, my customer got 60++ DC servers, we are thinking to do it phase by phase but we worry problem will occur in the period.