Versions Compared

Old Version 4

changes.mady.by.user Shirly Tsang

Saved on

compared with

New Version Current

changes.mady.by.user Sri Raghu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

BloxOne Universal DDI allows you to deploy both DNS forwarding Proxy and BloxOne Universal DDI DNS on the same hostNIOS-X Server. After you have deployed the hostNIOS-X Server, you can enable and disable the DNS forwarding proxy and the DNS services based on your business requirements. 

To deploy both DNS forwarding proxy and BloxOne Universal DDI DNS on the same hostNIOS-X Server, complete the following:

  1. Obtain the BloxOne Threat Defense and BloxOne Universal DDI licenses from Infoblox.
  2. Deploy BloxOne Universal DDI, as described in Deploying DDI.
  3. Enable the DNS forwarding proxy and BloxOne Universal DDI DNS services based on your business requirements, as described in Configuring Services.

The following sections describe the supported configurations when you have DNS forwarding proxy and BloxOne Universal DDI DNS on the same hostNIOS-X Server.

Enabling Only the DNS Forwarding Proxy Service

When you enable only the DNS forwarding proxy service and disable the BloxOne Universal DDI DNS services on the same hostNIOS-X Server, consider the following:

  • The DNS forwarding proxy, not BloxOne Universal DDI DNS, provides DNS service to all DNS clients.
  • The DNS forwarding proxy listens on port 53.
  • The DNS forwarding proxy returns NXDOMAIN, if you have set up the security policy to block certain domains on BloxOne Threat Defense Cloud. For information about BloxOne Threat Defense Cloud, see About BloxOne Infoblox Threat Defense.

Enabling DNS Forwarding Proxy and

...

Universal DDI DNS Services


When you enable both the DNS forwarding proxy and BloxOne Universal DDI DNS services on the same hostNIOS-X Server, consider the following:

  • Both DNS forwarding proxy and BloxOne Universal DDI are providing DNS service to the DNS clients.
  • BloxOne Universal DDI forwards all recursive DNS queries to the DNS forwarding proxy.
  • BloxOne Universal DDI listens on port 53 and DNS forwarding proxy listens on port 1053.
  • The DNS forwarding proxy listens on port 1053 and forward all recursive queries to BloxOne Threat Defense Cloud.
  • BloxOne Universal DDI returns NXDOMAIN if you have set the security policy to block certain domains on BloxOne Threat Defense Cloud because the DNS response comes directly from the DNS forwarding proxy.
  • If you have configured forwarders in the global DNS configuration or DNS profile, the DNS forwarding proxy overrides that configuration.
  • The DNSSEC validation is set to "no" even if you have enabled DNSSEC on the hostNIOS-X Server.

The following illustration gives an overview of how DNS forwarding proxy and BloxOne Universal DDI DNS handle DNS queries:


Drawio
border1
86533379
simple0
zoom1
inComment0
custContentId8653337
pageId11012043
diagramDisplayNameBloxOne DNS and DFP
lbox1
contentVer4
revision12
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramNameBloxOne DNS and DFP
widthpCenter6000
zoomwidth1410.5
custContentIdlinks
tbstyle
pageId11012043
lbox1
contentVer1
revisionheight407