Versions Compared

Old Version 6

changes.mady.by.user Alex Mandel

Saved on

compared with

New Version Current

changes.mady.by.user Sri Raghu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

BloxOne Universal DDI allows you to deploy both DNS forwarding Proxy and BloxOne Universal DDI DNS on the same hostNIOS-X Server. After you have deployed the hostNIOS-X Server, you can enable and disable the DNS forwarding proxy and the DNS services based on your business requirements. 

To deploy both DNS forwarding proxy and BloxOne Universal DDI DNS on the same hostNIOS-X Server, complete the following:

  1. Obtain the BloxOne Threat Defense and BloxOne Universal DDI licenses from Infoblox.
  2. Deploy BloxOne Universal DDI, as described in Deploying DDI.
  3. Enable the DNS forwarding proxy and BloxOne Universal DDI DNS services based on your business requirements, as described in Configuring Services.

The following sections describe the supported configurations when you have DNS forwarding proxy and BloxOne Universal DDI DNS on the same hostNIOS-X Server.

Enabling Only the DNS Forwarding Proxy Service

When you enable only the DNS forwarding proxy service and disable the BloxOne Universal DDI DNS services on the same hostNIOS-X Server, consider the following:

  • The DNS forwarding proxy, not BloxOne Universal DDI DNS, provides DNS service to all DNS clients.
  • The DNS forwarding proxy listens on port 53.
  • The DNS forwarding proxy returns NXDOMAIN, if you have set up the security policy to block certain domains on BloxOne Cloud. For information about BloxOne Cloud, see About BloxOne Infoblox Threat Defense.

Enabling DNS Forwarding Proxy and

...

Universal DDI DNS Services


When you enable both the DNS forwarding proxy and BloxOne Universal DDI DNS services on the same hostNIOS-X Server, consider the following:

  • Both DNS forwarding proxy and BloxOne Universal DDI are providing DNS service to the DNS clients.
  • BloxOne Universal DDI forwards all recursive DNS queries to the DNS forwarding proxy.
  • BloxOne Universal DDI listens on port 53 and DNS forwarding proxy listens on port 1053.
  • The DNS forwarding proxy listens on port 1053 and forward all recursive queries to BloxOne Cloud.
  • BloxOne Universal DDI returns NXDOMAIN if you have set the security policy to block certain domains on BloxOne Cloud because the DNS response comes directly from the DNS forwarding proxy.
  • If you have configured forwarders in the global DNS configuration or DNS profile, the DNS forwarding proxy overrides that configuration.
  • The DNSSEC validation is set to "no" even if you have enabled DNSSEC on the hostNIOS-X Server.

The following illustration gives an overview of how DNS forwarding proxy and BloxOne Universal DDI DNS handle DNS queries:

...


Drawio
simple0
zoom1
inComment0
custContentId8653337
pageId11012043
diagramDisplayNameBloxOne DNS and DFP
lbox1
contentVer

...

4
revision

...

12
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramNameBloxOne DNS and DFP
pCenter0
width410.5
links
tbstyle
height407

...

A DNS client sends a DNS query to port 53 of the on-prem host running BloxOne DDI DNS, which forwards the query to port 1053 of the DNS forwarding proxy server, which sends the query to BloxOne Cloud.Image Removed