Versions Compared

Version Old Version 1 New Version Current
Changes made by

Panna .

Shwetha S (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can configure the Infoblox DNS server to receive updates from specified DHCP clients only. You can set this for the Grid so that the Grid members receive DDNS updates only from the specified sources. Note that you specify the IP addresses of the sources of the updates and not the actual IP addresses in the DNS records being updated.
To configure the DNS server to accept updates from the specified sources complete the following steps:

  1. Grid: From the DataManagement tab, select the DNS tab, expand the Toolbar and click GridDNSProperties.
    Member: From the DataManagement tab, select the DNS tab and click the Members tab -> member checkbox -> Edit icon.
    Zones: From the DataManagement tab, select the DNS tab and click the Zones tab-> dns_view -> zone checkbox -> Edit icon.
    To override an inherited property, click Override next to it and complete the appropriate fields.

  2. In the editor, click ToggleAdvancedMode, select the Updates tab.

    Ensure that you understand how the appliance handles match lists before you specify the list of IP sources for DDNS updates, as described in 

...

  1. Using OpenStack cloud-init template to configure Grid Master and join Grid members

  2. In the Allow updates from section, select one of the following:

    • None: Select this to deny DDNS updates from any DHCP clients. This is selected by default.

    • Named ACL: Select this and click Select Named ACL to select a named ACL. Grid Manager displays the Named ACLs Selector. Select the named ACL you want to use. If you have only one named ACL, Grid Manager automatically displays the named ACL. When you select this option, the appliance receives DDNS updates from the sources that have the Allow permission in the named ACL. You can click Clear to remove the selected named ACL.

    • Set of ACEs: Select this to configure individual ACEs. Click the Add icon and select one of the following from the drop-down list. Depending on the item you select, Grid Manager either adds a row for the selected item or expands the panel so you can specify additional information about the item you are adding, as follows:

      • IPv4 Address and IPv6 Address: Select this to add an IPv4 address or IPv6 address. Click the Value field and enter the IP address. The Permission column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.

      • IPv4 Network: In the Add IPv4 Network panel, complete the following, and then click Add to add the network to the list:

        • Address: Enter an IPv4 network address and either type a netmask or move the slider to the desired netmask.

        • Permission: Select Allow or Deny from the drop-down list.

      • IPv6 Network: In the Add IPv6 Network panel, complete the following, and then click Add to add the network to the list:

        • Address: Enter an IPv6 network address and select the netmask from the drop-down list.

        • Permission: Select Allow or Deny from the drop-down list.

      • TSIG Key: In the Add TSIG Key panel, complete the following, and then click Add to add the TSIG key to the list:

        • Key name: Enter a meaningful name for the key, such as a zone name or the name of a remote name server. This name must match the name of the same TSIG key on other name servers.

        • Key Algorithm: Select either HMAC-MD5 or HMAC-SHA256.

        • KeyData: To use an existing TSIG key, type or paste the key in the KeyData field. Alternatively, you can select the key algorithm, select the key length from the GenerateKeyData drop-down list, and then click GenerateKeyData to create a new key.

          You must enable GSS-TSIG signed updates to receive DDNS updates from TSIG key based ACEs. For information about how to enable this, see Accepting GSS-TSIG Updates.

      • Any Address/Network: Select this to receive DDNS updates from any IP addresses.
        After you have added access control entries, you can do the following:

        • Select the ACEs that you want to consolidate and put into a new named ACL. Click the Create new named ACL icon and enter a name in the ConverttoNamedACL dialog box. The appliance creates a new named ACL and adds it to the NamedACL panel. Note that the ACEs you configure for this operation stay intact.

        • Reorder the list of ACEs using the up and down arrows next to the table.

        • Select an ACE and click the Edit icon to modify the entry.

        • Select an ACE and click the Delete icon to delete the entry. You can select multiple ACEs for deletion.

    • AllowGSS-TSIGsignedupdates: This checkbox is selected only if you have enabled GSS-TSIG signed updates.

  3. Optionally, you can:

    • Modify an item on the list by selecting it and clicking the Edit icon.

    • Remove an item from the list by selecting it and clicking the Delete icon.

    • Move an item up or down the list. Select it and drag it to its new position, or click the up or down arrow. The appliance applies permissions to items in the order they are listed.

  4. Save the configuration.

Forwarding Updates

When a secondary DNS server receives DDNS updates, it must forward the updates to the primary server because it cannot update zone data itself. In such situations, you must enable the secondary server to receive updates from the DHCP server, and then forward them to the primary DNS server.
To configure the secondary server to accept and forward updates for all zones:

  1. Grid: From the DataManagement tab, select the DNS tab, expand the Toolbar and click GridDNSProperties.
    Member: From the DataManagement tab, select the DNS tab and click the Members tab -> member checkbox -> Edit icon.
    Zones: From the DataManagement tab, select the DNS tab and click the Zones tab-> dns_view -> zone checkbox -> Edit icon.
    To override an inherited property, click Override next to it and complete the appropriate fields.

  2. In the editor, click ToggleAdvancedMode.

  3. When the additional tabs appear, click the Advanced subtab of the Updates tab, and then complete the following:

    • Allowsecondarynameserverstoforwardupdates: Select this checkbox.

    • Forwardupdatesfrom: This is available only for authoritative zones. Click Add. Depending on the item that you select, Grid Manager either adds a row for the selected item or expands the panel so you can specify additional information about the item you are adding, as follows:

    • None: Select this to deny DDNS updates from any clients. This is selected by default.

    • NamedACL: Select this and click SelectNamedACL to select a named ACL. Grid Manager displays the NamedACLs Selector. Select the named ACL you want to use. If you have only one named ACL, Grid Manager automatically displays the named ACL. When you select this option, the appliance receives DDNS updates from the sources that have the Allow permission in the named ACL. You can click Clear to remove the selected named ACL.

    • SetofACEs: Select this to configure individual ACEs. Click the Add icon and select one of the following from the drop-down list. Depending on the item you select, Grid Manager either adds a row for the selected item or expands the panel so you can specify additional information about the item you are adding, as follows.

      • IPv4Address and IPv6Address: Select this to add an IPv4 address or IPv6 address. Click the Value field and enter the IP address. The Permission column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.

      • IPv4Network: In the AddIPv4Network panel, complete the following, and then click Add to add the network to the list:

        • Address: Enter an IPv4 network address and either type a netmask or move the slider to the desired netmask.

        • Permission: Select Allow or Deny from the drop-down list.

      • IPv6Network: In the AddIPv6Network panel, complete the following, and then click Add to add the network to the list:

        • Address: Enter an IPv6 network address and select the netmask from the drop-down list.

        • Permission: Select Allow or Deny from the drop-down list.

      • TSIGKey: In the AddTSIGKey panel, complete the following, and then click Add to add the TSIG key to the list:

        • Keyname: Enter a meaningful name for the key, such as a zone name or the name of a remote name server. This name must match the name of the same TSIG key on other name servers.

        • KeyAlgorithm: Select either HMAC-MD5 or HMAC-SHA256.

        • KeyData: To use an existing TSIG key, type or paste the key in the KeyData field. Alternatively, you can select the key algorithm, select the key length from the GenerateKeyData drop-down list, and then click GenerateKeyData to create a new key.

          You must enable GSS-TSIG signed updates to receive DDNS updates from TSIG key based ACEs. For information about how to enable this, see Accepting GSS-TSIG Updates.

      • AnyAddress/Network: Select to allow or disallow the appliance to receive DDNS updates from any IP address.
        After you have added access control entries, you can do the following:

        • Select the ACEs that you want to consolidate and put into a new named ACL. Click the Create new named ACL icon and enter a name in the Convert to NamedACL dialog box. The appliance creates a new named ACL and adds it to the Named ACL panel. Note that the ACEs you configure for this operation stay intact.

        • Reorder the list of ACEs using the up and down arrows next to the table.

        • Select an ACE and click the Edit icon to modify the entry.

        • Select an ACE and click the Delete icon to delete the entry. You can select multiple ACEs for deletion.

  4. Save the configuration and click Restart if it appears at the top of the screen.