Versions Compared

Old Version 16

changes.mady.by.user Shwetha S

Saved on

compared with

New Version Current

changes.mady.by.user Shwetha S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Note
titleNote
  • From NIOS 9.0 onwards, IB-4030 and IB-4030-10GE appliances are not supported.
    Similar features and functionalities are available on software-based DNS Cache Acceleration appliances, and it is recommended to use the software-based DCA supported appliances. For a list of supported appliances, see as described in Supported DNS Cache Acceleration Appliances.
  • The Unbound resolver has been deprecated from NIOS 9.0 onwards.

You now have the ability to switch between BIND or Unbound resolvers on IB-4030-10GE appliances. Following are a couple scenarios for which you may consider using Unbound DNS resolution:

...

To use Unbound DNS, you must install the Dual Engine DNS license (in addition to the DNS Cache Acceleration license) on your IB-4030-10GE appliance. Contact your Infoblox representative to obtain these licenses. For information about how to install licenses, refer to the Infoblox NIOS Administrator GuideNIOS documentation at docs.infoblox.com..

Note
titleNote

When the Dual Engine DNS license (either temporary or permanent) expires, you will not be able to change the resolver type from Unbound to BIND. You must install a permanent license or extend the current license in order to change the resolver type.

...

  • There might be a few known general issues when configuring Unbound DNS resolution. Refer to the latest version of the NIOS 7.2.x release notes to review these issues For a list of supported platforms for each NIOS release, please see the NIOS Release Notes for that release. The Release Notes are available on the Infoblox Support portal at https://support.infoblox.com.

Configuring DNS Resolver Type

...

Unsupported featuresNotes
Authoritative name server and all related functionsUnsupported features include but are not limited to DNS64, AAAA filtering, DDNS updates, notify source and delay, wildcard, bulk hosts, IP blocks/IP block groups, and DNS zone transfers. Unbound DNS supports forward and stub zones.
Security related features

Some security related features are not supported. They include the following: DNS blackhole lists, DNS blacklist rulesets, GSS-TSIG, enabling and disabling accept-expired-signature for DNSSEC (other aspects of DNSSEC are supported, such as trust anchors and negative trust anchors), NXDOMAIN mitigation/RRL (Response Rate Limiting), recursive client limits, recursive client SNMP traps, and Infoblox DNS Firewall (RPZ).

Note: The TSIG Key menu item remains in the Queries and Recursive Queries tables even though it is not supported for Unbound DNS.

UDP source port configurationPort configuration and network settings are automatically switched between Unbound DNS and standard DNS when you change the DNS resolution configuration.
DNS requests through a single TCP sessionThis is not supported for Unbound DNS even though this option might appear in the Member Security Properties editor of the Grid Manager when Unbound is configured for the member.
DNS views

User-defined DNS views are not supported. Unbound DNS supports only the default DNS view.

LoggingDNS query logging and DNS response logging are not supported. Logging format and severity levels for Unbound DNS are different than that of the standard DNS. For more information, see Unbound DNS Logging above.
ReportingThe DNS Replies Trend report is the only supported report for Unbound DNS. Also, the DNS Response Latency Trend report periodically queries against the DNS server to determine latency and is not affected by Unbound DNS. All other reports that do not support Unbound are still available and include data from members running standard DNS. However, they do not collect data from members using Unbound DNS. For information about reports for IB-4030-10GE, see Reports for IB-4030 and IB-4030-10GEDNS Statistics for Cache Acceleration.
RRset orderThis is not supported. For information about this feature, see Preserving the RRset Order for Cached DNS ResponsesManaging Query Performance.
Sort listThis is not supported. For information about this feature, see Defining Sort List for Cached DNS Responses.
HSM group status and trapsAlthough HSM groups are not supported, the HSM event type remains visible in the Notifications tab of the Grid Member Properties editor.
Other DNS featuresThe following DNS enhancements are not supported: DNS query capture, disabling EDNS0 (Extension Mechanism for DNS), DNS Traffic Control, HA mode transition optimizations, and DNS fault tolerant caching.

...

Unbound DNS supports the configuration of hostname bind directive and server-id directive options, which enables the appliance to return the hostname of the answering DNS name server in response to queries from clients in a DNS anycast configured environment. For information about how to configure the hostname bind directive and server-id directive options, refer to the Configuring Hostname and Server ID Options section in the Infoblox NIOS Administrator GuideNIOS documentation at docs.infoblox.com.

Note
titleNote

Even though you can configure both hostname bind directive and server-id directive options, Unbound DNS ignores the hostname bind directive setting and considers only the server-id directive setting.

...