Versions Compared

Version Old Version 4 New Version Current
Changes made by

Sri Raghu

Sri Raghu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The following diagram illustrates BloxOne Universal DDI as the hidden primary master:

...

Drawio
mVer2
zoom1
simple0
inComment0
custContentId268995081
pageId268535418
lbox1
diagramDisplayNameBloxOneDDI_Hidden_Primary_Master.drawio
contentVer

...

3
revision

...

3
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramNameBloxOneDDI_Hidden_Primary_Master.drawio
pCenter0
width870.5
links
tbstyle
height611

BloxOne Universal DDI is the Primary Master

  • BloxOne NIOS-X Server (DNS server) transfers a copy of the zone from CSPthe Infoblox Portal. Multiple BloxOne NIOS-X Servers (DNS servers) are available for redundancy.

  • NIOS DNS servers on prem and -X Physical Server and NIOS-X Virtual Server in a customer managed public cloud are configured as secondary name servers for the zone. Each of the servers transfer a copy of the zone from the on-prem BloxOne DNS serverNIOS-X Physical Server.

  • A third party hosting DNS service provides an alternate backup for the zone. The third party pulls a copy of the zone from one of the NIOS DNS servers-X Server.

  • Devices on the Internet query all externally available DNS servers hosting serving the target zone. DNS servers in different locations on different platforms provide for maximum redundancy and availability.

  • Inbound port 53 requests are blocked. Attempts are made because NS records exist for BloxOne DNS servers NIOS-X Servers (they can't be removed).

BloxOne DNS NIOS-X Server

  • In the DMZ with access to the server only from the NIOS DNS server in the public cloud and the other NIOS DNS servers in the DMZ.

  • Allows zone transfers using a TSIG key.

  • Port 53 only available on the host NIOS-X Server (not accessible from External).

  • NS records are auto-generated and cannot be disabled or hidden.

NIOS DNS Servers

  • NIOS Universal DDI DNS servers in the DMZ allow zone transfers from the 3rd party DNS provider via TSIG key.

  • Port 53 accessible through the firewall (to NIOS DNS only).

  • Public Cloud NIOS DNS requires secure connection to DMZ to pull a zone transfer.

  • Optionally configured with vADP to provide additional protection of DNS services.

  • NS (and possibly A) resource records must be created for each NIOS secondary.

Third Party DNS Servers

  • Provide DNS services as a redundancy and availability service.

  • Reduces risk of DDoS and network outages to on-prem DNS servers.

  • Provides additional scalability.

  • NS resource records must be created for appropriate systems.

  • NIOS DNS Servers Offer GSLB Responses.
    NIOS DNS servers licensed for DTC may provide rule-based responses for inbound queries.

...