Versions Compared

Version Old Version 1 New Version 2
Changes made by

Panna .

Naveen J Oommen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

DNS resource records provide information about objects and hosts. DNS servers use these records to respond to queries for hosts and objects. The appliance supports IDNs for all DNS resource records. For information about IDNs, see Support for Internationalized Domain Names. Note that the appliance does not decode the IDN of a resource record to punycode. In other words, a record that contains a domain name in punycode is displayed in punycode and a record that contains an IDN is displayed in its native characters.

The following sections define the types of DNS resource records you can manage and the operations you can perform:

Table of Contents
minLevel1
maxLevel1
include
outlinefalse
indentManaging A Records
styledefault
exclude
typelist
class
printabletrue

Managing A Records

An A (address) record is a DNS resource record that maps a domain name to an IPv4 address. To define a specific name-to-address mapping, you can add an A record to a previously defined authoritative forward-mapping zone. If the zone is associated with one or more networks, the IP address must belong to one of the associated networks. For example, if the A record is in the corpxyz.com zone, which is associated with 10.1.0.0/16 network, then the IP addresses of the A record must belong to the 10.1.0.0/16 network. For information about associating zones and networks, see Associating Networks with Zones.

The appliance also supports wildcard A records. For example, you can use a wildcard A record in the corpxyz.com domain to map queries for names such as www1.corpxyz.com, ftp.corpxyz.com, main.corpxyz.com, and so on to the IP address of a public-facing web server. Note that wildcard names only apply when the domain name being queried does not match any resource record.

NIOS allows superusers to add A records with a blank name. Limited-access users must have read/write permission to Adding a blank A/AAAA record to add A records with a blank name. You can assign global permission for specific admin groups and roles to allow limited-access users to add blank A records. For more information, see Administrative Permissions for Adding Blank A or AAAA Records.

Note

Note

If an A record with the domain name in its native characters is added to the Infoblox Grid through DDNS updates, the Name field displays the record name in UTF-8 encoded format. For example, an A record with the domain name 工作站 .test.com added through DDNS updates displays \229\183\165\228\189\156\231\171\153.test.com in the Name field.

Adding A Records

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Add A Record.

  2. In the Add A Record wizard, do the following:

    • Name: If Grid Manager displays a zone name, enter the host name that you want to map to an IP address. The displayed zone name can either be the last selected zone or the zone from which you are adding the host record. If no zone name is displayed or if you want to specify a different zone, click Select Zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click a zone name in the dialog box and then enter the host name. The name you enter is prefixed to the DNS zone name that is displayed, and the complete name becomes the FQDN (fully qualified domain name) of the host. For example, if the zone name displayed is corpxyz.com and you enter admin, then the FQDN becomes admin.corpxyz.com. Ensure that the domain name you enter complies with the host name restriction policy defined for the zone. To create a wildcard A record, enter an asterisk (*) in this field.

    • DNS View: This field displays the DNS view to which the DNS zone belongs.

    • Shared Record Group: This field appears only when you are creating a shared record. Click Select Shared Record Group. If you have only one shared record group, the appliance displays the name of the shared record group here. If you have multiple shared record groups, select the shared record group in the Shared Record Group Selector dialog box. You can use filters or the Go to function to narrow down the list.

    • Host Name Policy: Displays the host name policy of the zone.

    • In the IP Addresses section, click the Add icon and do one of the following:

      • Select Add Address to enter the IPv4 address to which you want the domain name to map. or

      • Select Next Available IPv4 to retrieve the next available IP address in a network.

      • If the A record is in zone that has associated networks, the Network Selector dialog box lists the associated networks. If the zone has no network associations, the Network Selector dialog box lists the available networks. When you select a network, Grid Manager retrieves the next available IP address in that network.

    • Comment: Optionally, enter additional information about the A record.

    • Create associated PTR record: Select this option to automatically generate a PTR record that maps the specified IP address to the host name. To create the PTR record, the reverse-mapping zone must be in the database.

    • Disable: Select this checkbox to disable the record. Clear the checkbox to enable it.

  3. Click Next to define extensible attributes. For information, see Managing Extensible Attributes.

  4. Save the configuration and click Restart if it appears at the top of the screen.

Modifying A Records

When you modify an A record, you can do the following:

...

To add an ALIAS record, perform the following steps:

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record ->  ALIAS Record.

  2. In the Add ALIAS Record wizard, do the following:

    • Name: The ALIAS record name. The displayed zone name can either be the last selected zone or the zone from which you are adding the ALIAS record. If no zone name is displayed or if you want to specify a different zone, click Select Zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. If you do not specify the record name, then it resumes the name of the Zone Apex.

    • Record Type: You can configure any record type - A, AAAA, MX, NAPTR, PTR, SPF, SRV, TXT. 

    • Target: Enter the domain name that is used to reply to any DNS request. Any FQDN. You can also type the domain name for the resource. Examples: 

      • CloudFront distribution domain name: d111111abcdef8.cloudfront.net

      • ELB load balancer DNS name: example-1.us-east-1.elb.amazonaws.com

      • S3 website endpoint: s3-website.us-east-2.amazonaws.com

      • Resource record set in this hosted zone: www.example.com

    • Comment: Enter additional information about the ALIAS record.

    • Disable: Select this checkbox to disable the record. Clear the checkbox to enable it.

  3. Click Next to define extensible attributes. For information, see Managing Extensible Attributes.

  4. Save the configuration or click Next to schedule this task. Click Now in the Schedule Change panel to immediately execute this task or click Later and specify a date, time, and time zone. For information about how to schedule a task, see Scheduling Tasks.

  5. Save the configuration and click Restart if it appears at the top of the screen.

Modifying ALIAS Records

When you modify an ALIAS record, you can perform the following step:

...

To add an NS record, perform the following steps:

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Add NS Record.

  2. In the Add NS Record wizard, complete the following fields:

    • Zone: The displayed zone name can either be the last selected zone or the zone from which you are adding the NS record. If no zone name is displayed or if you want to specify a different zone, click Select Zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box.

    • DNS View: Displays the DNS view to which the selected zone belongs.

    • Hostname Policy: Displays the host name policy of the selected zone.

    • Name Server: Enter the host name that you want to configure as the name server for the zone. IDN is not supported in this field. You can use the punycode representation of an IDN in this field.

  3. Click Next to enter IP addresses for the name server.

  4. In the Name Server Addresses panel, click the Add icon and complete the following fields:

    • Address: Enter the IP address of the name server.

    • Add PTR Record: This field displays Yes by default, enabling the automatic generation of a PTR record for the IP address. You can select No to disable the generation of the PTR record.

  5. Click Next to define extensible attributes or save the configuration and click Restart if it appears at the top of the screen.

Modifying and Deleting NS Records

...

To create an AAAA record, perform the following steps:

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Add AAAA Record.

  2. In the Add AAAA Record wizard, complete the following:

    • Name: If Grid Manager displays a zone name, enter the host name that you want to map to an IP address. The displayed zone name can either be the last selected zone or the zone from which you are adding the AAAA record. If no zone name is displayed or if you want to specify a different zone, click Select Zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click a zone name in the dialog box, and then enter the host name. The name you enter is prefixed to the DNS zone name that is displayed, and the complete name becomes the FQDN (fully qualified domain name) of the host. For example, if the zone name displayed is corpxyz.com and you enter admin, then the FQDN becomes admin.corpxyz.com.

    • DNS View: Displays the DNS view to which the selected DNS zone belongs.

    • Shared Record Group: This field appears only when you are creating a shared record. Click Select Shared Record Group. If you have only one shared record group, the appliance displays the name of the shared record group here. If you have multiple shared record groups, select the shared record group in the Shared Record Group Selector dialog box. You can use filters or the Go to function to narrow down the list.

    • Hostname Policy: Displays the host name policy of the zone.

    • IP Address: Enter the IPv6 address to which you want the domain name to map. When you enter an IPv6 address, you can use double colons to compress a contiguous sequence of zeros. You can also omit any leading zeros in a four-hexadecimal group. For example, the complete IPv6 address 2006:0000:0000:0123:4567:89ab:0000:cdef can be shortened to 2006::123:4567:89ab:0:cdef. Note that if there are multiple noncontiguous groups of zeros, the double colon can only be used for one group to avoid ambiguity. The NIOS appliance displays an IPv6 address in its shortened form, regardless of its form when it was entered.

    • Comment: Optionally, enter additional information about this record.

    • Create associated PTR record: Select this option to automatically generate a PTR record that maps the specified IP address to the host name. To create the PTR record, the reverse-mapping zone must be in the database.

    • Disable: Clear the checkbox to enable the record. Select the checkbox to disable it.

  3. Click Next to define extensible attributes. For information, see Managing Extensible Attributes.

  4. Save the configuration and click Restart if it appears at the top of the screen.

Modifying AAAA Records

When you modify an AAAA record, you can perform the following steps:

...

To add a PTR record, perform the following steps:

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Add PTR Record.

  2. In the Add PTR Record wizard, do the following:

    • Name or IP Address: From the drop-down list, select Name or IP Address. When you select Name, click Select Zone to select a zone, and then enter a value for the PTR record. When you are adding a PTR record to a reverse-mapping zone, you can enter a value from 0 to 255 in the Name or IP Address field. Note that when you launch this wizard from the IPAM tab, you can only select a reverse-mapping zone. When you launch this from a reverse-mapping zone, the IP address field is populated with the prefix that corresponds to the selected zone. When you launch this from a forward-mapping zone, you can only specify the host name, not an IP address.

    • When you select IP Address, enter the IPv4 or IPv6 address that you want to map to the domain name.

    • DNS View: If you entered an IP address, you must select the DNS view of the PTR record. If you entered a name, this field displays the DNS view of the selected zone.

    • Domain Name: Enter the domain name to which you want the PTR record to point. For example, you can enter corpxyz.com.

    • Comment: Optionally, enter information about the PTR record.

    • Disable: Select this checkbox to disable the record. Clear the checkbox to enable it.

  3. Save the configuration or click Next to define extensible attributes. For information, see Managing Extensible Attributes.

  4. Click Restart if it appears at the top of the screen.

To schedule this task, click the Schedule icon at the top of the wizard. In the Schedule Change panel, click Later, and then specify a date, time, and time zone.

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName20.1
zoom1
custContentId7933902
pageId26775642custContentId7933902
lbox1
contentVer1
revision1

...

Note

Note

If an SRV record with the domain name in its native characters is added to the Infoblox Grid through DDNS updates, the Name and SRV Target fields display the domain name in UTF-8 encoded format. For example, an SRV record with the domain name 电脑 .test.com added through DDNS updates displays \231\148\181\232\132\145.test.com in the Name and SRV Target fields.

Adding SRV Records

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Add SRV Record.

  2. In the Add SRV Record wizard, complete the following fields:

    • Display input as: Select the format in which you want the SRV record to be displayed. When you select RFC 2782 format, the appliance follows the _service._protocol.name format as defined in RFC 2782. When you select Free format, enter the entire name in the Domain field.

    • Service: Specify the service that the host provides. You can either select a service from the list or type in a service, if it is not on the list. For example, if you are creating a record for a host that provides FTP service, select _ftp. To distinguish the service name labels from the domain name, the service name is prefixed with an underscore. If the name of the service is defined at http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml, use that name. Otherwise, you can use a locally-defined name.

    • Protocol: Specify the protocol that the host uses. You can either select a protocol from the list or type in a protocol, if it is not on the list. For example, if it uses TCP, select _tcp. To distinguish the protocol name labels from the domain name, the protocol name is prefixed with an underscore.

    • Domain: If Grid Manager displays a zone name, enter the name here to define an SRV record for a host or subdomain. The displayed zone name can either be the last selected zone or the zone from which you are adding the SRV record. If no zone name is displayed or if you want to specify a different zone, click Select Zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click a zone name in the dialog box, and then enter the name to define the SRV record. The NIOS appliance prefixes the name you enter to the domain name of the selected zone. For example, if you want to create an SRV record for a web server whose host name is www2.corpxyz.com and you define the SRV record in the corpxyz.com zone, enter www2 in this field. To define an SRV record for a domain whose name matches the selected zone, leave this field blank. The NIOS appliance automatically adds the domain name (the same as the zone name) to the SRV record. For example, if you want to create an SRV record for the corpxyz.com domain and you selected the corpxyz.com zone, leave this field blank.

    • Preview: After you have entered all the information, this field displays the FQDN, which is the concatenation of the Service, Protocol, and Domain fields.

    • Shared Record Group: This field appears only when you are creating a shared record. Click Select Shared Record Group. If you have only one shared record group, the appliance displays the name of the shared record group here. If you have multiple shared record groups, select the shared record group in the Shared Record Group Selector dialog box. You can use filters or the Go to function to narrow down the list.

    • Priority: Select or enter an integer from 0 to 65535. The priority determines the order in which a client attempts to contact the target host; the domain name host with the lowest number has the highest priority and is queried first. Target hosts with the same priority are attempted in the order defined in the Weight field.

    • Weight: Select or enter an integer from 0 to 65535. The weight allows you to distribute the load between target hosts. The higher the number, the more that host handles the load (compared to other target hosts). Larger weights give a target host a proportionately higher probability of being selected.

    • Port: Specify the appropriate port number for the service running on the target host. You can use standard or nonstandard port numbers, depending on the requirements of your network. You can select a port number from the list or enter an integer from 0 to 65535.

    • Target: Enter the canonical domain name of the host (not an ALIAS); for example, www2.corpxyz.com.

      In addition, you need to define an A record mapping the canonical name of the host to its IP address.

    • Comment: Enter a descriptive comment for the record.

    • Disable: Clear the checkbox to enable the record. Select the checkbox to disable it.

  3. Save the configuration or click Next to define extensible attributes. For information, see Managing Extensible Attributes.

  4. Click Restart if it appears at the top of the screen.

Modifying and Deleting SRV Records

...

In NIOS 8.5, you can add a TLSA record to a DNSSEC signed zone only. You cannot unsign a zone that contains a TLSA record. In NIOS 8.5.1 or later, you can add a TLSA record to a DNSSEC signed zone or an unsigned zone. To add a TLSA record:

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> TLSA Record.

  2. In the Add TLSA Record wizard, complete the following fields:

    • Display input as: Select either Strict format (_port._protocol.domain) or Free format. Grid Manager selects Strict format by default. In this format, you can choose port and protocol values from the list. When you select Free format, you cannot specify these values.

    • Port: Select a value from the drop-down list to indicate the port on which the TLS-based service is active.
      The values in the drop-down list are:

      • 21 (FTP)

      • 22 (SSH)

      • 23 (Telnet)

      • 25 (SMTP)

      • 80 (HTTP)

      • 88 (Kerberos)

      • 389 (LDAP)

      • 443 (HTTPS)

      • 464 (KPASSWD)

      • 3268 (GC)

    • Protocol: Select a value from the drop-down list to indicate the protocol that is used for secure communication. The values in the drop-down list are:

      • _msdcs

      • _sites

      • _tcp

      • _udp

        When you select Strict format, Port and Protocol values are set to 443 (HTTPS) and _tcp, by default. You can change these values. When you select Free format, you cannot edit the mentioned values.

    • Name: Enter a name for the TLSA resource record. You can specify a name only when you select Free format.

    • Select Zone: Click to select a zone. In NIOS 8.5, you must select only a signed zone to associate with a TLSA resource record. In NIOS 8.5.1 or later, you can select a signed zone or an unsigned zone. For more information, see Signing a Zone. Click Clear to clear the Name that you have entered.

    • FQDN: This is displayed by default. You cannot modify the value. TLSA resource records are stored using the domain name that you select. When you select Free format, name.domain is displayed as the FQDN. Example: abc.example.com. When you select Strict format, _port._protocol.domain is displayed as the FQDN, where:

      • _port indicates the port on which the TLS-based service is active.

      • _protocol indicates the name of the transport protocol that you have selected.

      Consider an example where you are the owner of the domain www.example.com and you have set the Port to 443(HTTPS) and Protocol to tcp , which indicates that the HTTP server is running TLS on port 443. To request TLSA record for www.example.com, you must use __443._tcp. www.example.com. Similarly, to request a TLSA resource record for an SMTP server running the STARTTLS protocol on port 25 at mail.example.com, you must use _25._tcp.mail.example.com.

    • DNS View: The DNS View associated with the selected DNS zone is displayed.

    • Certificate Usage: Select a value from the drop-down list to indicate how the certificate or the public key associated with the domain name is matched when the client queries for the domain name on the TLS server. The values in the drop-down list are: PKIX-TA, PKIX-EE, DANE-TA, and DANE-EE.

      • With PKIX-TA and PKIX-EE, you need additional Trust Anchors to validate peer certificate chains. These Trust Anchors must be mutually trusted by both the TLS server and the client. For more information, refer to RFC 6698 The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA.

      • When you select DANE-TA and DANE-EE, the TLSA records that you define using Grid Manager are sufficient to verify the client's certificate chain and additional Trust Anchors are not required to authenticate the public key or certificate data. For more information, refer to RFC 6698 The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA.

    • Selector: Select a value from the drop-down list to indicate whether you are associating an entire certificate or only the public key with the domain. When you select a value, it indicates which part of the TLS certificate presented by the server is matched with the associated data. The values in the drop-down list are Full certificate and Subject Public Key Info. NIOS builds a hexadecimal format for the entire certificate when you select Full certificate. If you select Subject Public Key Info, NIOS extracts the public key and builds a hexadecimal format for it.

    • Matched Type: Select a value from the drop-down list to indicate how a TLS certificate or the public key of the domain received from the client must be matched with the certificate or the key that you have specified for the respective domain in the TLS server. You can select to match the entire content or only the hash of the selector. The values in the drop-down list are: No hash, SHA 256 bit, and SHA 512 bit. If you select No hash, the TLS server performs an exact match on the selected content. When you select either SHA 256 bit or SHA 512 bit, only the hash of the selected content is matched by the TLS server.

    • Certificate Data: Enter the certificate data that must be matched for authentication. You can either paste the full certificate or the corresponding public key when the Matched Type is set to No hash. Based on the values that you select for the Selector and the Matched Type, the server builds a hexadecimal format for the TLSA record. If you set the Matched Type to SHA 256 bit or SHA 512 bit, you must specify only the hash of the full certificate or the public key.

    • Get From File: Click this to upload the certificate or the public key to the server.
      Note the following:

      • When you select Strict format, you must provide either the certificate or public key or hash of any of them. The value must be based on the Selector and Matched Type field values.

      • When you select Free format, you must upload the certificate in DER format. The server builds an appropriate hexadecimal format for the TLSA record based on the Selector value.

    • Comment: Optionally, enter a descriptive comment for the TLSA record.

    • Disable: Clear the checkbox to enable the record. Select the checkbox to disable it.

You can also perform the following steps:

...

To add a CAA record, perform the following steps:

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> CAA Record.

  2. In the Add CAA Record wizard, complete the following fields:

    • Name: Enter a name for the CAA record. Click Select Zone to select a zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click Clear to clear the zone that you have entered.

    • DNS View: The DNS view associated with the selected DNS zone is displayed.

    • Flag: Select a checkbox to set the flag value. When the flag is set to Bit 0 (Critical), it tells the CA that it must completely understand the property tag to proceed. A CA does not issue certificates for any domain when the flag is set to Bit 0 (Critical) and the property tag is not understood. NIOS considers the flag value as zero, if you do not select any checkbox.

      Note that the flags are unsigned integers between 0 and 255. Infoblox represents these integers in the form of bits. When you select the checkbox for Bit 0 (Critical), the flag value is set to binary 10000000, which is decimal 128. Example: CAA 128 xyz “Unknown”. 
      You can select only Bit 0 (Critical) as the flag value and the remaining checkboxes are reserved for future use. The appliance displays a warning message when you select a checkbox other than Bit 0 (Critical).

      Consider the following example with two CAA records:

      • CAA 0 issue “ca.example.net; policy=ev”

      • CAA 128 xyz “Unknown”

      In the above example, the property tag xyz is flagged as unknown. The CA associated with example.net or any other issuer cannot issue a certificate unless the processing rules for the xyz property tag are clearly understood by the CA.

    • Type(Tag): Indicates the type of CAA record. The supported CAA record types are:

      • Issue: Select this to explicitly authorize a single CA to issue a certificate for the domain and subdomains of the specified domain.

      • Issuewild: Select this to explicitly authorize a single CA to issue a wildcard certificate for the domain. It allows the domain holder or anyone acting under the authority of the domain holder to issue wildcard certificates for the domain.

        Note that Issue wild type takes precedence over Issue.

      • Iodef: Select this to specify an email address or URL of the web service to report invalid certificate requests or issued certificates that violate your CAA policy.
        Infoblox allows you to enter a new CAA record type other than those displayed in the drop-down list. The maximum length allowed is 255 characters.

    • Certificate Authority: Indicates the CA that is authorized to issue a certificate for the domain. The maximum length for certificate authority is 8192 characters.  You can also specify the email address or the URL to report CAA policy violation for the domain. This is valid for Iodef only. Infoblox recommends that you add either the http:// or https:// prefix to the domain name. You must explicitly add "mailto" when specifying the email address. For example, "mailto:admin@example.com".

    • Comment: Optionally, enter a descriptive comment for the CAA record.

    • Disable: Clear the checkbox to enable the record. Select the checkbox to disable it.

  3. Save the configuration or click Next to define extensible attributes. For information, see Managing Extensible Attributes.

  4. Save the configuration or click Next to schedule this task. Click Now in the Schedule Change panel to immediately execute this task or click Later and specify a date, time, and time zone. For information about how to schedule a task, see Scheduling Tasks.

  5. Click Save & Close to complete the configuration.

Note

Note

Infoblox does not support shared CAA records and does not provide Windows 2016 MS Server support for CAA records.

...

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName20.2
zoom1
custContentId7343954
pageId26775642custContentId7343954
lbox1
contentVer1
revision1

...

A DNAME record maps all the names in one domain to those in another domain, essentially substituting one domain name suffix with the other (see RFC 2672, Non-Terminal DNS Name Redirection). For example, adding a DNAME record to the corpxyz.com domain mapping "corpxyz.com" to "corp200.com" maps name-x.corpxyz.com to name-x.corp200.com:

Domain Name


Target Domain Name

server1.corpxyz.com

—>

server1.corp200.com

server2.corpxyz.com

—>

server2.corp200.com

server3.corpxyz.com

—>

server3.corp200.com

. . . .corpxyz.com

—>

. . . .corp200.com

Note

Note

If a DNAME record with the domain name in its native characters is added to the Infoblox Grid through DDNS updates, the ALIAS and Target fields display the domain name in UTF-8 encoded format. For example, a DNAME record with the domain name 电脑 .test.com added through DDNS updates displays \231\148\181\232\132\145.test.com in the ALIAS and Target fields.

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName20.3
zoom1
custContentId7081741
pageId26775642custContentId7081741
lbox1
contentVer1
revision1

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName20.4
zoom1
custContentId7933908
pageId26775642
custContentId7933908
lbox1
contentVer1
revision1

When using a DNAME record, you must copy the resource records for the source domain to the zone containing the target domain, so that the DNS server providing service for the target domain can respond to the redirected queries.

Copy from corpxyz.com

to corpxyz.corp200.com

www1 IN A 10.1.1.10

www1 IN A 10.1.1.10

www2 IN A 10.1.1.11

www2 IN A 10.1.1.11

ftp1 IN A 10.1.1.20

ftp1 IN A 10.1.1.20

mail1 IN A 10.1.1.30

mail1 IN A 10.1.1.30


After copying these records to the zone containing the corpxyz.corp200.com domain, delete them from the zone containing the corpxyz.com domain.

If DNS service for the source and target domain names is on different name servers, you can import the zone data from the NIOS appliance hosting the source domain to the appliance hosting the target domain. For information about this procedure, see Importing Zone Data.

If DNS service for the source and target domain names is on the same name server and the parent for the target domain is on a different server, you can delegate DNS services for the target domain name to the name server that provided—and continues to provide—DNS service for the source domain name (see the figure below). By doing this, you can continue to maintain resource records on the same server, potentially simplifying the continuation of DNS administration.

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName20.5
zoom1
custContentId8654584
pageId26775642custContentId8654584
lbox1
contentVer1
revision1

...


The following tasks walk you through configuring the two appliances in the MakingtheTargetZoneaDelegatedZone figure to redirect queries for corpxyz.com to corpxyz.corp200.com using a DNAME record:

On the ns1.corpxyz.com name server, perform the following steps:

  1. Create a new forward-mapping zone called corpxyz.corp200.com. See Creating an Authoritative Forward-Mapping Zone.

  2. Copy all the resource records for the domain or subdomain to which the DNAME record is going to apply from corpxyz.com to corpxyz.corp200.com.

    Because you can only specify the records by type, not individually, you might have to copy some records that you do not want and then delete them from the corpxyz.corp200.com zone.

  3. In the corpxyz.com zone, delete all the resource records for the domain or subdomain to which the DNAME record is going to apply.

  4. Add a DNAME record to the corpxyz.com zone specifying "corpxyz.com" as the domain and "corpxyz.corp200.com" as the target domain. Adding a DNAME record is explained in the next section.

  5. On the ns1.corp200.com name server, add corpxyz.corp200.com as a delegated zone and specify ns1.corpxyz.com as the name server for it. See Configuring a Delegation.

DNAME Records for Forward-Mapping Zones

...

You can use DNAME records to redirect reverse lookups from one reverse-mapping zone to another. You can use DNAME records for reverse-mapping zones to simplify the management of subzones for classless address spaces larger than a class C subnet (a subnet with a 24-bit netmask).

RFC 2672, Non-Terminal DNS Name Redirection, includes an example showing the delegation of a subzone for an address space with a 22-bit netmask inside a zone for a larger space with a 16-bit netmask:

$ORIGIN 0.192.in-addr.arpa.

8/22

NS

ns.slash-22-holder.example.

8

DNAME

8.8/22

9

DNAME

9.8/22

10

DNAME

10.8/22

11

DNAME

11.8/22

The reverse-mapping zone 0.192.in-addr.arpa. applies to the address space 192.0.0.0/16. Within this zone is a subzone and subdomain with the abbreviated name 8/22. (Its full name is 8/22.0.192.in-addr.arpa.) This subdomain contains its own subdomains corresponding to the 1024 addresses in the 192.0.8.0/22 subnet:

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName20.6
zoom1
custContentId7933920
pageId26775642custContentId7933920
lbox1
contentVer1
revision1

To add a DNAME record to a reverse-mapping zone, perform the following steps:

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Add DNAME Record.

  2. In the Add DNAME Record wizard, complete the following fields:
    If you specify a subdomain in the Domain Name field when configuring a DNAME record and the subdomain is also a subzone, the DNAME record appears in the list view for the subzone, not in the list view for the parent zone selected in the process of adding the record.

    • ALIAS: If Grid Manager displays a zone name, enter the name of a subdomain here. If you are adding a DNAME record for the entire zone, leave this field empty. This field is for adding a DNAME record for a subdomain within the selected zone. The displayed zone name can either be the last selected zone or the zone from which you are adding the CNAME record. If no zone name is displayed or if you want to specify a different zone, click Select Zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click a zone name in the dialog box, and then enter the name of a subdomain.

    • Target: Type the name of the reverse-mapping zone to which you want to map all the addresses specified in the Domain Name field.

    • Comments: Enter identifying text for this record, such as a meaningful note or reminder.

    • Disable: Clear the checkbox to enable the record. Select the checkbox to disable it.

  3. Save the configuration or click Next to define extensible attributes. For information, see Using Extensible Attributes.

  4. Click Restart if it appears at the top of the screen.

Modifying and Deleting DNAME Records

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramNameManaging_NAPTR_Records
width800
zoom1
simple1
custContentId7933914
pageId26775642custContentId7933914
lbox1
contentVer1
revision1

...

To add a NAPTR record, perform the following steps:

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Add NAPTR Record.

  2. In the Add NAPTR Record wizard, complete the following fields:

    • Domain: If Grid Manager displays a zone name, enter the domain name to which this resource record refers. The displayed zone name can either be the last selected zone or the zone from which you are adding the NAPTR record. If no zone name is displayed or if you want to specify a different zone, click Select Zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click a zone name in the dialog box, and then enter a domain name for the record. The name you enter is prefixed to the DNS zone name that is displayed, and the complete name becomes the FQDN (fully qualified domain name) of the record. For example, if the zone name displayed is corpxyz.com and you enter admin, then the FQDN becomes admin.corpxyz.com. This field is not displayed when you configure a NAPTR record for a DTC server.

    • DNS View: Displays the DNS view of the selected zone.

    • Service: Specifies the service and protocol used to reach the domain name that results from applying the regular expression or replacement. You can enter a service or select a service from the list.

    • Flags: The flag indicates whether the resulting domain name is the endpoint URI or if it points to another record. Select one of the following:
      U: Indicates that the output maps to a URI.
      S: Indicates that the resulting domain name has at least one SRV record.
      A: Indicates that the resulting domain name has at least one A or AAAA record.
      P: Indicates that this record contains information specific to another application.
      Leave this blank to indicate that the DNS client must use the resulting domain name to look up other NAPTR records. You can use the NAPTR records as a series of rules that are used to construct a URI or domain name.

    • Order: Select an Integer from 10 to 100, or enter a value from 0 to 65535. This value indicates the order in which the NAPTR records must be processed. The record with the lowest value is processed first.

    • Preference: Select an Integer from 10 to 100, or enter a value from 0 to 65535. Similar to the Preference field in MX records, this value indicates which NAPTR record should be processed first when the records have the same Order value. The record with the lowest value is processed first.

    • REGEX: The regular expression that is used to rewrite the original string from the client into a domain name. RFC 2915 specifies the syntax of the regular expression. Note that the appliance validates the regular expression syntax between the first and second delimiter against the Python re module, which is not 100% compatible with POSIX Extended Regular Expression as specified in the RFC. For information about the Python re module, refer to http://docs.python.org/release/2.5.1/lib/module-re.html.

    • Replacement: This specifies the domain name for the next lookup. The default is a dot (.), which indicates that the regular expression in the REGEX field provides the replacement value. Alternatively, you can enter the replacement value in FQDN format.

    • Comment: Optionally, enter a descriptive comment for this record.

    • Disable: Clear the checkbox to enable the record. Select the checkbox to disable it.

  3. Click Next to define extensible attributes. For information, see Using Extensible Attributes. This is not applicable when you configure a NAPTR record for a DTC server.

  4. Save the configuration and click Restart if it appears at the top of the screen.

Managing LBDN Records

When your Grid has a DNS Traffic Control license, you can add LBDN (Load Balanced Domain Name) records to authoritative or delegated zones. You can add an LBDN even if the zone is DNSSEC signed but some restrictions apply.
To add an LBDN record when in the DNS records list view:

...

To add a record of Unknown type, perform the following steps:

  1. From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Unknown Record.

  2. In the Add Unknown Record wizard, complete the following fields:

    • Domain Name: Click Select Zone to select a zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click Clear to clear the zone that you have entered.

    • DNS View: The DNS view associated with the selected DNS zone is displayed.

    • Type: Enter the type that the unknown record belongs to. You can either enter the type in the textual mnemonic format or in the "TYPEnnn" format where "nnn" indicates the numeric type value. For example, for a record of type RP, you can either enter "RP" or "TYPE17". 

  3. Click the + icon to specify the details for the record you are creating:

    • Field Type: Select the field type that the record data must assume. Field types can be of the following:

      • Base64-encoded DataBASE64 encoded binary data

      • Hexadecimal SequenceHexadecimal encoded binary data

      • 8-bit unsigned integer: Unsigned 8-bit integer

      • 16-bit unsigned integerUnsigned 16-bit integer

      • 32-bit unsigned integerUnsigned 32-bit integer

      • IPv4 Address: IPv4 address in numerical form. For example, 192.0.1.1 

      • IPv6 Address: IPv6 address in numerical form. For example, 2001:db8::abcd

      • ASCII String: ASCII text

      • Domain Name: Domain name

      • Presentation: Standard textual form of record data, as shown in a standard master zone file. This type is specifically intended to be used for standard types of records that cannot easily be represented as a sequence of fields of the other types. Such record types include LOC and APL. If you choose this field type, it must be the only field to represent the record

    • Value: Value of the field data. Before entering a value, see the Guidelines for Creating Unknown Records section.

    • Length: Format in which to specify the length of the field value. The length can only be None for fields of 8-bit unsigned integer, 16-bit unsigned integer, 32-bit unsigned integer, IPv4  Address, IPv6 Address, Domain Name, and Presentation types. For fields of type Base64-encoded Data, ASCII String, and Hexadecimal Sequence, the value of the Length field can be either None or 8 bits or 16 bits depending on the requirement of the corresponding record type.

      Irrespective of the field type you select, there is an implementation-specific limitation on the length of the record data. Specifically, the data is internally converted to a textual form that appears in a standard DNS master file, and it is rejected if the converted text exceeds 8192 bytes. Although unlikely, some extremely large data can be rejected because of this limitation.

  4. Click Add. The record details are added to the table below.

  5. In the Comment field, optionally enter a descriptive comment for the record.

  6. Clear the Disable checkbox to enable the record. Select the checkbox to disable it.

  7. Save the configuration or click Next to define extensible attributes. For information, see Using Extensible Attributes.

  8. Click Save & Close.

Guidelines for Creating Unknown Records

Make note of the following guidelines when you create an unknown record:

  • You cannot enter a record type that already exists in NIOS. For example, A, AAAA, ANY, CAA, CNAME, DHCID, DNAME, DNSKEY, DS, MX, NAPTR, NS, NSEC, NSEC3, NSEC3PARAM, PTR, RRSIG, SOA, SRV, TLSA, TXT.

  • If the record contains an ASCII String field type and you include double quotes, you must escape it with a backslash. For example, to obtain a value of "a"b", specify the string as \"a\"b\".

  • Ensure that you use the correct syntax when entering the value of the record. 

  • If you want to modify the field type of an unknown record, you have to delete the field type and then add it again.

  • If you create an unknown record of a specific type and later on the record type is supported by NIOS, the record continues to exist as an unknown record. You will need to migrate the record to the newly supported type.

  • If you add an unknown record that is not supported by the Microsoft server to the zone, you may encounter issues with the MS server synchronization.

  • You cannot create records of type MD and MF.

...

When you modify an unknown record, you can change the information you previously entered in the General tab. You can also enter or edit information in the TTL, Extensible Attributes and Permissions tabs. For information on modifying and deleting resource records, see Modifying, Disabling, and Deleting Host and Resource Records below.

Prohibited Records

The following record types are prohibited as part of a zone, irrespective of whether or not they are defined as Unknown records:

  • Type 0: Do not allocate it for ordinary use.

  • Type 41 (OPT): Pseudo type 

  • Types 128-255: Meta type 

  • Types 55555, 55556, 55557, 65432, 65433: Used internally in NIOS

  • Type 65533: Private use

  • Type 3 (MD) and 4 (MF): Obsolete type

...

  • Modify some of the data in the table. Double click a row and either modify the data in the field or select an item from a drop-down list. Click Save to save the changes. Note that some fields are read only.

  • Add new DNS records by clicking the arrow next to the Add icon and selecting Host, Record, Shared Record, and then selecting the required record type.

  • View the DNS Traffic Control structure for an LBDN.

  • Create a DTC server based on an existing A, AAAA, or host record by selecting a record in the table and clicking Create DTC Server in the Toolbar or in the record's Action menu. For more information, see Configuring DNS Traffic Control Servers.

  • Edit the properties of a resource record.

    • Select the resource record, and then click the Edit icon.

  • Delete a resource record.

    • Select the resource record, and then click the Delete icon.

  • Export the list of resource records to a .csv file.

    • Click the Export icon.

  • Print the list of resource records.

    • Click the Print icon.

  • Use filters and the Goto function to narrow down the list. With the autocomplete feature, you can just enter the first few characters of an object name in the Goto field and select the object from the possible matches.

  • Create a quick filter to save frequently used filter criteria:

    1. In the filter section, click Show Filter and define filter criteria for the quick filter.

    2. Click Save and complete the configuration In the Save Quick Filter dialog box.
      The appliance adds the quick filter to the quick filter drop-down list in the panel. Note that global filters are prefixed with [G], local filters with [L], and system filters with [S].

Modifying, Disabling, and Deleting Host and Resource Records

You can modify, disable, or delete an existing host or DNS resource record. When physical repair or relocation of a network device occurs, you can disable a record instead of deleting it. When you disable a record, the NIOS appliance does not answer queries for it, nor does it include disabled records in zone transfers and zone imports. This avoids having to delete and then add the record again. When the changes to the physical device are complete, you can simply enable the host or resource record.
To modify or disable a host or resource record, perform the following steps:

  1. Use one of the following methods to retrieve the host or resource record:

    • Perform a global search.

    • Select it from a Smart Folder.

    • From the Data Management tab, select the DNS tab - > Zones tab -> dns_view -> zone -> host_record or resource_record.

  2. Select the record you want to modify and click the Modify icon.

  3. In the host or resource record editor, you can do the following:

    • In the General tab, you can change most of the information, except for the read-only fields, such as the DNS View and Host Name Policy. You can select the Disable checkbox to disable the record.

    • In the TTL tab, you can modify the TTL setting. The NIOS appliance also allows you to specify TTL settings for each record. If you do not specify a TTL for a record, the appliance applies the default TTL value of the zone to each record. For information, see About Time To Live Settings.

    • In the Extensible Attributes tab, you can modify the attributes. For information, see Using Extensible Attributes.

    • The Permissions tab displays if you logged in as a superuser. For information, see About Administrative Permissions.

  4. Save the configuration and click Restart if it appears at the top of the screen.

When you delete host and resource records, Grid Manager moves them to the Recycle Bin. You can use the Recycle Bin to store deleted DNS configuration objects and selectively restore objects to the active configuration at a later time. You can also permanently remove the objects from the Recycle Bin.

...

To delete host and resource record, perform the following steps:

  1. Perform a global search to retrieve the record you want to delete.
    Or
    From the Data Management tab, select the DNS tab, click the Zones tab-> dns_view -> zone -> host_record or resource_record.

  2. Select the record and click the Delete icon.

  3. In the Delete Confirmation dialog box, select Yes to delete or No to cancel.

  4. Optionally, if the Enable PTR record removal for A/AAAA records option is selected and if you try to delete an A or AAAA record, the appliance displays the Delete Confirmation (A or AAAA Record) dialog box to confirm whether you want to remove the corresponding PTR record that was automatically generated while creating the A or AAAA record. In the Delete Confirmation dialog box, select the Remove associated PTR resource record(s) checkbox and click Yes to delete the associated PTR record or click No to cancel. For information about enabling this option, see Deleting PTR Records associated with A or AAAA Records.
    Or
    You can also schedule the deletion for a later time. Click Schedule Deletion and in the Schedule Change panel, enter a date, time, and time zone. For information, see Scheduling Deletions.