Versions Compared

Version Old Version 1 New Version Current
Changes made by

Panna .

Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

DNS views provide the ability to serve one version of DNS data to one set of clients and another version to another set of clients. With DNS views, the NIOS appliance can provide a different answer to the same DNS query, depending on the source of the query.
In Figure 18.1, the the Internal and External Views figure the appliance has two views: an Internal and an External DNS view. When the appliance receives queries from DNS clients, it responds with data from either the Internal or External DNS view, depending on the source IP address. When the appliance receives a query from Client A and determines that it can resolve the query from data in the Internal view, the appliance responds with the IP address of the site in the Internal view. When the appliance receives a query from Client B and determines that it can resolve the query from data in the External view, it responds with the IP address in the External view.
Anchorbookmark1684
bookmark1684Figure 18.1Internal and External Views

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName18.1
zoom1
custContentId7343322
pageId26478287
custContentId7343322
lbox1
contentVer1
revision1


You can configure both forward and reverse mapping zones in DNS views and provide DNS services, such as name resolution, zone transfers and dynamic DNS updates. For information about these services, see Configuring DNS Services.
You can provide multiple views of a given zone with a different set of records in each DNS view. In Figure 18.2the Zone Data in Each DNSView figure, both views contain the corpxyz.com zone and the sales.corpxyz.com zone. The finance.corpxyz.com zone is only in the internal DNS view, and only internal users are allowed to access records in that zone. Resource records can also exist in multiple zones. In the example, the A records for serv1.sales.corpxyz.com and serv2.sales.corpxyz.com are in the sales.corpxyz.com zones in both views. Anchorbookmark1685bookmark1685Figure

18.2Zone Data in Each DNSView

Internal DNS View
MX

corpxyz.com
rmail.corpxyz.com



A

sales.corpxyz.com
serv1.sales.corpxyz.com



A

finance.corpxyz.com
server.finance.corpxyz.com

NS

dnsoneA.corpxyz.com

A

serv2.sales.corpxyz.com

A

printer.finance.corpxyz.com

A

host1.corpxyz.com

A

serv3.sales.corpxyz.com

A

fin1.finance.corpxyz.com

A

host2.corpxyz.com

A A A

printer.sales.corpxyz.com host1.sales.corpxyz.com host2.sales.corpxyz.com

A

fin2.finance.corpxyz.com

External DNS View

corpxyz.com


sales.corpxyz.com



MX A A

email.corpxyz.com web1.corpxyz.com web2.corpxyz.com

A A A A

web3.sales.corpxyz.com ftp.sales.corpxyz.com serv1.sales.corpxyz.com serv2.sales.corpxyz.com



You can control which clients access a DNS view through the use of a match list specifying IP addresses and/or TSIG (transaction signature) keys. When the NIOS appliance receives a request from a client, it tries to match the source IP address and/or TSIG key with its match list when determining which DNS view, if any, the client can access. After the appliance determines that a client can access a DNS view, it checks the zone level settings to determine if it can provide the service that the client is requesting. For information on TSIG keys or defining zone transfer settings, see Enabling Zone Transfers. For more information on match lists, see see Defining Match Clients Lists. For  For information on defining query settings, refer to to Controlling DNS Queries.

Figure 18.3 The Query Resolution figure illustrates how the NIOS appliance resolves a query for a domain name in a zone of a DNS view. In the example, the internal DNS view is listed before the external DNS view. Therefore, when the appliance receives a query, it checks the match list of the internal DNS view first. If it does not find the source address in the match list of the internal DNS view, it checks the match list of the external DNS view. The match list of the external DNS view allows all IP addresses. Next, the NIOS appliance checks the zone level settings to determine if it is allowed to resolve queries from the client for domain names in that zone. After the appliance determines it is allowed to respond to queries from this client, it resolves the query and sends back the response to the client. Anchorbookmark1686bookmark1686Figure

18.3 Query Resolution

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName18.3
zoom1
custContentId7081041
pageId26478287
custContentId7081041
lbox1
contentVer1
revision1

When you create more than one DNS view, as shown in Figure 18.3the Query Resolution figure, the order of the views is important. View order determines the order in which the NIOS appliance checks the match lists. In Figure 18.3the Query Resolution figure, the internal DNS view is listed before the external DNS view. If the views were reversed, no hosts would receive DNS replies from the internal DNS view because the match list of the external DNS view allows replies to clients with any IP address. For information on how to order views, see see Managing the DNS Views of a Grid Member.
In a Grid, each Grid member can host its own set of views. A Grid member can serve as the primary or secondary server for multiple views of a particular zone. For information about specifying primary and secondary servers, see Assigning Zone Authority to Name Servers.

...