DNS views enable the NIOS appliance to serve different versions of DNS data based on the host accessing it. The topics in this chapter include:
...
...
NIOS 8.1NIOS Administrator Guide (Rev. A)845
DNS Views
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
In Figure 18.1, the appliance has two views: an Internal and an External DNS view. When the appliance receives queries from DNS clients, it responds with data from either the Internal or External DNS view, depending on the source IP address. When the appliance receives a query from Client A and determines that it can resolve the query from data in the Internal view, the appliance responds with the IP address of the site in the Internal view. When the appliance receives a query from Client B and determines that it can resolve the query from data in the External view, it responds with the IP address in the External view.
A-2
| Anchor | ||||
|---|---|---|---|---|
|
Client A, an internal client, sends a request for sales.corpxyz.com.
The appliance retrieves the answer from the internal view.
Internal View
corpxyz.com zone
10.1.1.5 sales.corpxyz.comExternal View
corpxyz.com zone
192.168.1.5 sales.corpxyz.com!worddav5ba70d7df2074fc5b5bab999b6fd54cd.png|height=52,width=90!
The appliance responds
with 10.1.1.5.
Client B, an external client, sends a request for sales.corpxyz.com.B-3The appliance responds
with 192.168.1.5.Client A
A-3
B-1
B-2
Client B
The appliance retrieves the answer from the external view.
<place for figure>
You can configure both forward and reverse mapping zones in DNS views and provide DNS services, such as name resolution, zone transfers and dynamic DNS updates. For information about these services, see Configuring DNS Services.
You can provide multiple views of a given zone with a different set of records in each DNS view. In Figure 18.2, both views contain the corpxyz.com zone and the sales.corpxyz.com zone. The finance.corpxyz.com zone is only in the internal DNS view, and only internal users are allowed to access records in that zone. Resource records can also exist in multiple zones. In the example, the A records for serv1.sales.corpxyz.com and serv2.sales.corpxyz.com are in the sales.corpxyz.com zones in both views.
| Anchor | ||||
|---|---|---|---|---|
|
Internal DNS View | corpxyz.com |
| sales.corpxyz.com |
| finance.corpxyz.com |
NS | dnsoneA.corpxyz.com | A | serv2.sales.corpxyz.com | A | printer.finance.corpxyz.com |
A | host1.corpxyz.com | A | serv3.sales.corpxyz.com | A | fin1.finance.corpxyz.com |
A | host2.corpxyz.com | A A A | printer.sales.corpxyz.com host1.sales.corpxyz.com host2.sales.corpxyz.com | A | fin2.finance.corpxyz.com |
External DNS View | corpxyz.com |
sales.corpxyz.com |
MX A A | email.corpxyz.com web1.corpxyz.com web2.corpxyz.com | A A A A | web3.sales.corpxyz.com ftp.sales.corpxyz.com serv1.sales.corpxyz.com serv2.sales.corpxyz.com |
...
Using Infoblox DNS Views
You can control which clients access a DNS view through the use of a match list specifying IP addresses and/or TSIG (transaction signature) keys. When the NIOS appliance receives a request from a client, it tries to match the source IP address and/or TSIG key with its match list when determining which DNS view, if any, the client can access. After the appliance determines that a client can access a DNS view, it checks the zone level settings to determine if it can provide the service that the client is requesting.
For information on TSIG keys or defining zone transfer settings, see Enabling Zone Transfers. For more information on match lists, see Defining Match Clients Lists. For information on defining query settings, refer to Controlling DNS Queries.
Figure 18.3 illustrates how the NIOS appliance resolves a query for a domain name in a zone of a DNS view. In the example, the internal DNS view is listed before the external DNS view. Therefore, when the appliance receives a query, it checks the match list of the internal DNS view first. If it does not find the source address in the match list of the internal DNS view, it checks the match list of the external DNS view. The match list of the external DNS view allows all IP addresses.
Next, the NIOS appliance checks the zone level settings to determine if it is allowed to resolve queries from the client for domain names in that zone. After the appliance determines it is allowed to respond to queries from this client, it resolves the query and sends back the response to the client.
| Anchor | ||||
|---|---|---|---|---|
|
1A client sends a query for web1.corpxyz.com. 2 The NIOS appliance checks if the host IP address is allowed in the
match list of the internal view. It does not find the client address in the match list Match List
Internal View corpxyz.com
finance.corpxyz.com
cs.corpxyz.com
Client 5The appliance sends the answer back to the client.
NIOS
Appliance
3 The NIOS appliance checks if the host IP address is allowed in the match list of
the external view. The match list allows all IP addresses. Match Any
Match List
External View corpxyz.com
cs.corpxyz.com
4 The NIOS appliance checks if it can respond to queries for domain names in the corpxyz.com zone from this client. It
determines that it can. The appliance then looks for the requested domain name in the corpxyz.com zone.
<place for figure>
When you create more than one DNS view, as shown in Figure 18.3, the order of the views is important. View order determines the order in which the NIOS appliance checks the match lists. In Figure 18.3, the internal DNS view is listed before the external DNS view. If the views were reversed, no hosts would receive DNS replies from the internal DNS view because the match list of the external DNS view allows replies to clients with any IP address. For information on how to order views, see Managing the DNS Views of a Grid Member.
In a Grid, each Grid member can host its own set of views. A Grid member can serve as the primary or secondary server for multiple views of a particular zone. For information about specifying primary and secondary servers, see Assigning Zone Authority to Name Servers.
NIOS 8.1NIOS Administrator Guide (Rev. A)847
DNS Views
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
The NIOS appliance provides one default DNS view, which is always associated with the default network view. You can create additional network and DNS views. A network view is a single routing domain with its own networks. For information about network views, see Configuring DHCP for IPv4.
The default DNS view initially allows all IP addresses access, and has the same recursion setting as the Grid. You can change these properties and rename the default DNS view, but you cannot delete it. When you upgrade or migrate from a name server, or an earlier version of software that does not support DNS views, the appliance places all the zones defined in the older release in the default DNS view. You can then create additional views and organize the zones in each view.
When you create a network view, the appliance automatically creates a corresponding DNS view with "default." prepended to the name of the network view. You can rename the system-defined DNS view and configure its properties.
If the appliance contains only one network view, all DNS views are associated with that network view. If there are 20 or less network views configured, the appliance displays the network views in the drop-down list on the left of the top navigation bar of the Data Management tab of Grid Manager. The appliance displays the Network View Selector dialog box if there are more than 20 network views configured. You can adjust the page size of the selector by choosing the number of network views to be displayed on each page from the Page Size drop-down list. If the number of network views exceeds the selected number, the selector displays the data on multiple pages. If you have a large number of network views, select a larger page size so you can quickly locate a network view without excessive paging through the list. The default page size is 10.
A DNS view can be in one network view only, but a network view can have multiple DNS views. If you enable dynamic DNS updates, you must specify which DNS view receives the updates. In a network view, only one DNS view can receive the dynamic DNS updates. For information, see Sending DDNS Updates to a DNS Server.