Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

API Examples

Reply

wapi: create zone_auth with allow_query
TBaumgartner-Ki
Techie
Posts: 7

‎08-09-2022 07:28 AM

1331     0

Hi,

 

I'm trying to add a "zone_auth" with a NamedACL, but i'm getting following error:

 

{ "Error": "AdmConProtoError: TSIG key or access control rule structure or Named ACL ref expected in allow_query", 
  "code": "Client.Ibap.Proto", 
  "text": "TSIG key or access control rule structure or Named ACL ref expected in allow_query"
}

 

This is the body I'm POST(ing) to "https://<url>/wapi/v2.11.3/request":

 

[
   {
      "method" : "POST",
      "object" : "zone_auth",
      "data" : {
         "allow_query" : [
            "namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:public"
         ],
         "ns_group" : "RZ-DNS-Server",
         "fqdn" : "10.4.3.0/24",
         "comment" : "tbk.privat",
         "extattrs" : {
            "Backbone" : {
               "value" : "RZ"
            },
            "Audit" : {
               "value" : "tbk - add network - Tue Aug  9 16:18:04 2022"
            }
         }
      }
      
   }
]

If I try to GET the Named ACL everything is fine:

 

curl -k -H 'Authorization:  Basic <base64> content-type:application/json' -XGET "https://<url>/wapi/v2.11.3/namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:public"
{
    "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAudW5p:uni",
    "name": "public"
}

In the wapidoc for zone_auth the type of allow_query is as followed defined:

 

One of the following: Address ac struct, TSIG ac struct array.

so no Named ACL ref

Labels:
Reply
0 Kudos

Re: wapi: create zone_auth with allow_query
MattR
Moderator
Moderator
Posts: 289

‎08-10-2022 03:21 PM

1331     0

A few things you'll want to fix:

  • Specify that it's a reverse zone, with the zone_format attribute
  • Specify that an ACL will be used, with the use_allow_query attribute
  • The reference is passed as an attribute/value pair, in the allow_query structure

So your data should look something like this:

[
   {
      "method" : "POST",
      "object" : "zone_auth",
      "data" : {
        "zone_format": "IPV4",
        "fqdn" : "10.4.3.0/24",
        "ns_group" : "Internal DNS",
	"comment" : "tbk.privat",
        "use_allow_query": true,
      	"allow_query": [
          {
            "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAuSW50ZXJuYWwgTmV0d29ya3M:Internal%20Networks"
          }
        ]
      }      
   }
]
Reply

Re: wapi: create zone_auth with allow_query
TBaumgartner-Ki
Techie
Posts: 7

‎08-12-2022 03:24 AM

1331     0

Hi,

 

thank you for the help. Now it's clear that I have to use

 

"use_allow_query": true,

 

and that the format of allow_query is:

 

"allow_query": [
       {
         "_ref": "namedacl/b25lLmRlZmluZWRfYWNsJDAuSW50ZXJuYWwgTmV0d29ya3M:Internal%20Networks"
       }
]

(a list of hashes with key,value par of "_ref","<_ref>")

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community