03-20-2019 09:17 AM
i recently shifted my zone from MS server to infoblox there is some observation that whenever i do nslookup it gives me 2 X time out for every query and than resolve also for the query for which my server is authoratitive.
when i switch back to MS or on my bind it is OK.
I understnad that some time nslookup is not recomended but if this happen on Infoblox it must happen on other platform.
right now i cannot install dig utility to test .
Any body have clue is there anything i am missing.
03-20-2019 01:40 PM
Let me start with a couple of simple questions.
1. Do you have both v4 and v6 enabled on this Windows client? You can confirm this by navigating to ncpa.cpl-->Ethernet Properties
2. This could be because of DNS suffixes. You can confirm this by navigating to ncpa.cpl-->Ethernet Properties-->Ipv4 Properties-->Advanced-->DNS-->Append these DNS suffixes.
To workaround suffixes in nslookup you can perform the query with a period in the end. (www.example.com. instead of www.example.com)
3. If you run 'nslookup' in the following fashion, do you experience the same problem?
server 10.X.X.X // Specify your authoritative IB DNS server
set q=a // This specifies that you are querying for an 'A' record
www.example.com // Your DNS A record query FQDN
01-05-2021 08:53 PM
Can this thread be re-opened/looked at?
I'm having a similar issue whilst we are on VPN using Cisco AnyConnect, but we are mainly using Infoblox as our DNS. nslookup using another Infoblox appliance still shows DNS request time outs. Often times it would resolve after two tries, but some other DNS names in our environment never return with a response (but internally it resovles fine)
09-05-2021 08:27 PM
This problem is related to the Local Zone not being reachable from Infoblox.
E.g, if your PC is in xyz.com and you are trying to lookup xxx.com the DNS queries will always try to look up the local zone and then the recursive queries will be forward to the XXX.com zone.
If your XYZ.com is not reachable from the Infoblox then this problem will be there.
Simple solution: add the DNS forward to XYZ.com in your Infoblox and then your problem will be resolved.
You can take the packet capture and see the result.
09-09-2021 06:45 AM
We've had the same issue during a pilot of a new config in AnyConnect with split tunneling. It's still not working great and seems to revolve around the local (home) network IP schema and the domain lists.
I'd be interested in knowing what your solution is, if you find one, since one of the things I can't access over the VPN is the Grid Manager...