Versions Compared

Version Old Version 3 New Version Current
Changes made by

Sri Raghu

Shirly Tsang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

By importing Azure private zones as forward zones, you can bring existing DNS configurations into your own account in the Cloud Services Portal and have control over routing and management while ensuring changes made on those imported zones reflect back to their original source. Queries for domains added as forward zones will be forwarded by the BloxOne hosts NIOS-X Servers to an Azure private resolver endpoint for resolution, thus ensuring that the most up-to-date data is referenced.

...

Drawio
mVer2
simple0
zoom1
inComment0
pageId440697114
custContentId440697664
diagramDisplayNameAzure_Private_Zone_RO_forward_zone.drawio
lbox1
contentVer78
revision78
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramNameAzure_Private_Zone_RO_forward_zone.drawio
pCenter0
width880.5
links
tbstyle
height831

...

  • At least one Azure private resolver inbound endpoint is configured. See Azure documentation for details.

  • The BloxOne host NIOS-X Server has a logical connection to the Azure subnet that is configured with the inbound resolver. This can be through virtual network peering or a VPN connection.

  • The DNS service is up and running on the BloxOne hostNIOS-X Server.

  • The credentials used to synchronize zones and records in BloxOne Universal DDI will need to include the following permission (in addition to the standard BloxOne Universal DDI roles required):

    • Microsoft.Network/dnsResolvers/inboundEndpoints/read

Configure

...

Universal DDI to import Azure private zones as forward zones

A zone is marked as private if the external_providers_metadata field, which contains information about the VPC/VNet associated with the zone, is present. If the field is absent, the zone is marked as public. In other words, if the VPC/VNet is not associated with the private zone, the zone is displayed as public on the Infoblox Portal.

Complete the following steps to import Azure private zones as forward zones:

  1. Go to Manage Configure > Networking > Discovery > Cloud.

  2. Click click Create and select Azure.

  3. Configure the Azure cloud provider details as required. When creating the Azure provider in BloxOne Universal DDI, make sure that the Forward Only Zone checkbox is selected. Please note that this is a mutable configuration, i.e. you can disable or enable Forward Only Zone on a created provider. Wait for zone and records to sync (provider status shows green / Synced).

  4. Go to the DNS view and edit the desired private zone and add the BloxOne host NIOS-X Server as an Authoritative DNS server.

To verify that the forward zone works, you can run a dig query using the BloxOne host NIOS-X Server as the DNS server:

# dig @oph_ip private_zone.example.com

This query will be forwarded to Azure private inbound endpoint and responded to with the proper resolution.