Versions Compared

Version Old Version 19 New Version 20
Changes made by

Poojary Dimple

Poojary Dimple

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When you enable the virtual DNS cache acceleration feature on the IB-FLEX, the appliance acts as a high-speed DNS caching-only name server. This feature provides DNS cache acceleration support for recursive UDP DNS queries on the IB-FLEX. The DNS cache acceleration feature is bundled with the Flex Grid Activation license. When you install this license, you are entitled to use the DNS cache acceleration feature on IB-FLEX.
IB-FLEX supports RPZ, but the response for RPZ queries are not cached by the DNS cache accelerator. Instead, these queries are bypassed to the host and you can configure cache expiry period for RPZ queries. Note that the maximum cache lifetime for DNS cache acceleration on IB-FLEX is set to 300 seconds when you configure RPZ zones for a member.
You can also use Elastic Scaling to pre-provision DNS cache acceleration on IB-FLEX. IB-FLEX supports Intel x86_64 systems with IOMMU, Hugepages processors, virtio-net, and Intel 82599 10 G NIC and SRIOV with Intel 82599 ethernet controllers for DNS cache acceleration.
You can configure DNS cache acceleration on IB-FLEX using the Grid Manager or API. To view accelerated cache details, you can either log in to Grid Manager, or use CLI commands, or Infoblox API.
Infoblox supports Auto Scaling that contains OpenStack packages to automatically scale the required number of resources based on your application. For more information, refer to the vNIOS™ for KVM Hypervisor and KVM-based OpenStack Installation Guide.

...

Note: Certain features such as DNS64, Sort list, and NIC bonding that are supported on the IB-4030 platform are not supported on IB-FLEX. These features do not work if you replace IB-4030 appliances with IB-FLEX appliances.

...

Features

Supported / Not Supported

Tiered licensing

Licensing is based on the Flex Grid Activation license on the Grid. Note that the queries per second are limited by the number of CPUs for IB-FLEX.

RPZ

Yes, the maximum cache lifetime for DNS cache acceleration is set to 300 seconds if RPZ zones are configured for the member.

Caching (A, AAAA, MX, CNAME, PTR)

Yes

Do not cache: EDNS, TCP, Any, TSIG

Yes

Caching over additional interfaces (v4, v6)

Yes

Dump Acceleration Cache (CLI, GUI, PAPI)

Yes

Clear Acceleration Cache (CLI, GUI, PAPI)

Yes

Cache pre-fetch and cache refresh

Yes

ACLs (Allow-queries/Responses, Match-Clients/Destination, Blackhole)

Yes

AAAA Filtering (Bypassed but support configuring)

Yes

Fixed RRSET ordering

Yes

DNS64

No

DNS monitoring feature (netmon)

Yes, but unlike IB-4030 this feature captures DNS cached queries on the virtual DNS cache acceleration platform.

DNS Query logging (BIND only)

Yes

DNS Views

Yes, supports up to six DNS views.

Forward/Stub zones

Yes

Unbound as DNS resolver

Yes, unbound is supported through the Flex Grid Activation license.

DNS cache acceleration related restrictions for configuration.

Yes, for NIOS version 8.2.0 restrictions are enforced based on whether the DNS cache acceleration feature is enabled or disabled.

Reporting

Yes, please see Reports for IB-FLEX on page 503.

VLAN

No, Infoblox does not support VLAN for virtual appliances.

DSCP

No, Infoblox does not support DSCP for virtual appliances.

Sort list

No

Anycast (OSPF and BGP)

Yes

BFD (Bidirectional Forwarding Detection)

Yes

HA Support

Valid only for non-SRIOV.

NIC Bonding

No

Multiple-Interfaces on same subnet

No

IP Rate-limit and Response logging

No

EDNS Client Subnet support

No

NXDOMAIN redirection

Yes

DNSSEC (Bypassed but support configuring)

Yes

Debug enhancements

Yes

SNMP Support for DCA service related traps

Yes

SNMP stats support for DNS QPS and CHR

Yes

NX Mitigation

No

NetFilter (Tracking tables)

No

Traffic-capture (All modes)

Yes, partial support. Note that tcpdump captures both queries and responses.

No flush-mode support for DNS cache acceleration cache

Yes

Per-interface UDP DNS cache acceleration response counters

Yes

CLI commands

You can use the commands set dns-accel and show dns-accel to view and set DNS cache acceleration information. For more information, refer to the /wiki/spaces/NCG8/overview.

DNS Query rewrite (Bypassed but supports configuring)

No

Threat Protection

Supported on IB-FLEX platforms, but you cannot enable Software ADP and
DNS cache acceleration simultaneously.

...

When you enable the DNS cache acceleration feature on IB-FLEX, ensure that it has enough CPU and memory to start the service, and it does not contain any authoritative zones. Note that you cannot start the service, if the total CPU is less than 8 cores or memory is less than 12G. To start the service, the number of resources mentioned in Table 8.8 are mandatory.

Anchor
#bookmark986
#bookmark986
Reports for IB-FLEX

Infoblox supports a selected set of reports on IB-FLEX. To view all available reports, from the Reporting tab, select the Dashboards tab. Table 8.89 lists all the supported reports for IB-FLEX. For information about how to create and manage user-defined reports, see Infoblox Reporting and Analytics on page 1550..

Anchor
#bookmark985
#bookmark985
Table 9 Supported Reports for IB-FLEX

...