01-01-2020 04:21 AM
we are trying to deploy infoblox ADP as a protection layer for our authoritative DNS servers (that's mandatory, we can not host our dns records on the infoblox appliance).
we configured a forward zone for our domain in infoblox and now external quiries for our domain is reaching infoblox, ADP is applied, and if every thing is ok, infoblox query our authoritative DNS and reply to external usrrs. Our only problem is that authority bit is not set and external users see dns replys as lame( not coming from authoritative dns server)
is there a way to configure the infoblox to set the authoity bit on for a specific zone?
01-07-2020 09:30 AM
As I understand the architecture you described, your Infoblox is serving as a caching recursive DNS server, thus it would not be authoritative for your domains. To have it provide authoritative responses, it must be authoritative for the domain.
Could you provide any further information as to why you cannot serve the records directly from the Infoblox? I would also be curious as to what issues are created by the lack of authoritative response other than just noticing the authority bit is not set. In the case of external DNS in particular, most clients go through at least one layer of recursive resolvers, so receiving non-authoritative answers would generally be a common occurrence for most clients.