...
See Figure 20.1.
| Anchor | ||||
|---|---|---|---|---|
|
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Note: You must also create an A record for the host defined as a mail exchanger in an MX record.
...
You can add CNAME records to an IPv4 reverse-mapping zone to create aliases to addresses maintained by a different name server when the reverse-mapping zone on the server is a delegated child zone with fewer than 256 addresses. This technique allows you to delegate responsibility for a reverse-mapping zone with an address space of fewer than 256 addresses to another authoritative name server. See Figure 20.2 and RFC 2317, Classless IN-ADDR.ARPA delegation.
| Anchor | ||||
|---|---|---|---|---|
|
<place for figure>
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
You add CNAME records in the parent zone on your name server. The aliases defined in those CNAME records point to the addresses in PTR records in the child zone delegated to the other server.
When you define a reverse-mapping zone that has a netmask from /25 (255.255.255.128) to /31 (255.255.255.254), you must include an RFC 2317 prefix. This prefix can be anything, from the address range (examples: 0-127, 0/127) to descriptions (examples: first-network, customer1). On a NIOS appliance, creating such a reverse-mapping zone automatically generates all the necessary CNAME records. However, if you need to add them manually to a parent zone that has a child zone with fewer than 255 addresses.
...
| Anchor | ||||
|---|---|---|---|---|
|
<place for figure>
...
<place for figure>
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
In the case of a domain structure consisting of a single domain (no subdomains), adding a DNAME record redirects queries for every name in the domain to the target domain, as shown in Figure 20.4.
| Anchor | ||||
|---|---|---|---|---|
|
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
When using a DNAME record, you must copy the resource records for the source domain to the zone containing the target domain, so that the DNS server providing service for the target domain can respond to the redirected queries.
| Copy from corpxyz.com | to corpxyz.corp200.com |
|---|---|
| www1 IN A 10.1.1.10 | www1 IN A 10.1.1.10 |
| www2 IN A 10.1.1.11 | www2 IN A 10.1.1.11 |
| ftp1 IN A 10.1.1.20 | ftp1 IN A 10.1.1.20 |
| mail1 IN A 10.1.1.30 | mail1 IN A 10.1.1.30 |
After copying these records to the zone containing the corpxyz.corp200.com domain, delete them from the zone containing the corpxyz.com domain.
If DNS service for the source and target domain names is on different name servers, you can import the zone data from the NIOS appliance hosting the source domain to the appliance hosting the target domain. For information about this procedure, see Importing Zone Data.
If DNS service for the source and target domain names is on the same name server and the parent for the target domain is on a different server, you can delegate DNS services for the target domain name to the name server that provided—and continues to provide—DNS service for the source domain name (see Figure 20.5). By doing this, you can continue to maintain resource records on the same server, potentially simplifying the continuation of DNS administration.
| Anchor | ||||
|---|---|---|---|---|
|
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Note: This is a conceptual representation of domain name mapping and depicts the resulting hierarchical relationship of corp200.com as the parent zone for corpxyz.corp200.com. The hosts are not physically relocated.
The following tasks walk you through configuring the two appliances in Figure 20.5 to redirect queries for corpxyz.com to corpxyz.corp200.com using a DNAME record:
On the ns1.corpxyz.com name server, do the following:
...
You might also use DNAME records if you have a number of multihomed appliances whose IP addresses must be mapped to a single set of domain names. An example of this is shown in Figure 20.6.
| Anchor | ||||
|---|---|---|---|---|
|
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Note: If you specify a subdomain in the Domain Name field when configuring a DNAME record, and the subdomain is also a subzone, the DNAME record appears in the list view for the subzone, not in the list view for the parent zone that was selected when adding it.
...
A NAPTR (Name Authority Pointer) record specifies a rule that uses a substitution expression to rewrite a string into a domain name or URI (Uniform Resource Identifier). A URI is either a URL (Uniform Resource Locator) or URN (Uniform Resource Name) that identifies a resource on the Internet.
NAPTR records are usually used to map E.164 numbers to URIs or IP addresses. An E.164 number is a telephone number, 1-555-123- 4567 for example, in a format that begins with a country code, followed by a national destination code and a subscriber number. (E.164 is an international telephone numbering system recommended by the International Telecommunication Union.) Thus, NAPTR records allow us to use telephone numbers to reach devices, such as fax machines and VoIP phones, on the Internet.
To map an E.164 to a URI, the E.164 number must first be transformed into a domain name. ENUM (E.164 Number Mapping) specifies a method for converting E.164 numbers to domain names. For example, using the method specified by ENUM, the telephone number 1-555-123-4567 becomes the domain name 7.6.5.4.3.2.1.5.5.5.1.e164.arpa. For details about ENUM, refer to RFC 3761, The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM).
After the E.164 number is converted to a domain name, a DNS client can then perform a DNS lookup for the NAPTR records of the domain name. The following example illustrates how a DNS client processes NAPTR records.
In this example, the telephone number 1-555-123-4567 is converted to the domain name 7.6.5.4.3.2.1.5.5.5.1.e164.arpa. The DNS client then sends a query to the Infoblox DNS server for the NAPTR records associated with 7.6.5.4.3.2.1.5.5.5.1.e164.arpa. The Infoblox DNS server returns the following NAPTR record:
| Drawio | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The DNS client then examines the fields in the NAPTR record as follows:
- If a DNS client receives multiple NAPTR records for a domain name, the value in the Order field determines which record is processed first. It processes the record with the lowest value first.
- The DNS client uses the Preference value when the Order values are the same. Similar to the Preference field in MX records, this value indicates which NAPTR record the DNS client should process first when the records have the same Order value. It processes the record with the lowest value first.
In the example, the DNS client ignores the Order and Preference values because it received only one NAPTR record. - The Flag field indicates whether the current lookup is terminal; that is, the current NAPTR record is the last NAPTR record for the lookup. It also provides information about the next step in the lookup process. The flags that are currently used are:
U: Indicates that the output maps to a URI (Uniform Record Identifier).
S: Indicates that the output is a domain name that has at least one SRV record. The DNS client must then send a query for the SRV record of the resulting domain name.
A: Indicates that the output is a domain name that has at least one A or AAAA record. The DNS client must then send a query for the A or AAAA record of the resulting domain name.
P: Indicates that the protocol specified in the Service field defines the next step or phase.
- If the Flag field is blank, this indicates that the client must use the resulting domain name to look up other NAPTR records.
- The Service field specifies the service and protocol that are used to communicate with the host at the domain name. In the example, the service field specifies that SIP (Session Initiation Protocol) is used to contact the telephone service.
- The regular expression specifies the substitution expression that is applied to the original string of the client. In the example, the regular expression !^.*$!sip:jdoe@corpxyz.com! specifies that the domain name 7.6.5.4.3.2.1.5.5.5.1.e164.arpa is replaced with sip:jdoe@corpxyz.com.
The regular expression in a NAPTR record is always applied to the original string of the client. It must not be applied to a domain name that resulted from a previous NAPTR rewrite. - The Replacement field specifies the FQDN for the next lookup, if it was not specified in the regular expression.
...
Note: If a NAPTR record with the domain name in its native characters is added to the Infoblox Grid through DDNS updates, the Domain and Replacement fields display the domain name in UTF-8 encoded format. For example, a NAPTR record with the domain name 电脑 .test.com added through DDNS updates displays
\231\148\181\232\132\145.test.com in the Domain and Replacement fields.
...
Adding NAPTR Records
To add a NAPTR record: 1.
- From the Data Management tab, select the DNS tab, expand the Toolbar and click Add -> Record -> Add NAPTR Record.
- In the Add NAPTR Record wizard, complete the following fields:
- Domain: If Grid Manager displays a zone name, enter the domain name to which this resource record refers. The displayed zone name can either be the last selected zone or the zone from which you are adding the NAPTR record. If no zone name is displayed or if you want to specify a different zone, click Select Zone. When there are multiple zones, Grid Manager displays the Zone Selector dialog box. Click a zone name in the dialog box, and then enter a domain name for the record. The name you enter is prefixed to the DNS zone name that is displayed, and the complete name becomes the FQDN (fully qualified domain name) of the record. For example, if the zone name displayed is corpxyz.com and you enter admin, then the FQDN becomes admin.corpxyz.com. This field is not displayed when you configure a NAPTR record for a DTC server.
- DNS View: Displays the DNS view of the selected zone.
...
...
- Service: Specifies the service and protocol used to reach the domain name that results from applying the regular expression or replacement. You can enter a service or select a service from the list.
- Flags: The flag indicates whether the resulting domain name is the endpoint URI or if it points to another record. Select one of the following:
U: Indicates that the output maps to a URI.
S: Indicates that the resulting domain name has at least one SRV record.
A: Indicates that the resulting domain name has at least one A or AAAA record.
P: Indicates that this record contains information specific to another application.
Leave this blank to indicate that the DNS client must use the resulting domain name to look up other NAPTR records. You can use the NAPTR records as a series of rules that are used to construct a URI or domain name. - Order: Select an Integer from 10 to 100, or enter a value from 0 to 65535. This value indicates the order in which the NAPTR records must be processed. The record with the lowest value is processed first.
- Preference: Select an Integer from 10 to 100, or enter a value from 0 to 65535. Similar to the Preference field in MX records, this value indicates which NAPTR record should be processed first when the records have the same Order value. The record with the lowest value is processed first.
- REGEX: The regular expression that is used to rewrite the original string from the client into a domain name.
...
- RFC 2915 specifies the syntax of the regular expression. Note that the appliance validates the regular expression syntax between the first and second delimiter against the Python re module, which is not 100% compatible with POSIX Extended Regular Expression as specified in the RFC. For information about the Python re module, refer to http://docs.python.org/release/2.5.1/lib/module-re.html.
- Replacement: This specifies the domain name for the next lookup. The default is a dot (.), which indicates that the regular expression in the REGEX field provides the replacement value. Alternatively, you can enter the replacement value in FQDN format.
- Comment: Optionally, enter a descriptive comment for this record.
- Disable: Clear the check box to enable the record. Select the check box to disable it.
- Click Next to define extensible attributes. For information, see Using Extensible Attributes5. This is not applicable when you configure a NAPTR record for a DTC server.
- Save the configuration and click Restart if it appears at the top of the screen.
...
- Name: The name of the record, if applicable. For host records, this field displays the canonical name of the host. For PTR record, this displays the PTR record name without the zone name.
- Type: The resource record type.
- Data: Data that the record contains. For host records, this field displays the IP address of the host. For PTR records, this displays the domain names.
- Active Users: The number of active users for the selected resource record.
- Comment: Comments that were entered for the resource record.
...
...
- Site: Values that were entered for this pre-defined attribute.
Note: The DNS record that is obscured by an LBDN record is indicated by a strikethrough, for example, an obscured A record appears as A Record in Grid Manager.
You can also display the following columns:
- MSDelegationAddresses: This column appears only if the primary server of the zone is a Microsoft server. It displays the IP addresses that are associated with an NS record.
- TTL: The TTL (time-to-live) value of the record.
- Address: The IPv4 or IPv6 address associated with the owner domain name in a reverse-mapping zone.
- Shared: Displays true for shared resource records. Otherwise, displays false.
- SharedRecordGroup: Displays the shared record group name of a shared record.
- Disabled: Indicates if the record is disabled. You
You can do the following:
- Modify some of the data in the table. Double click a row and either modify the data in the field or select an item from a drop-down list. Click Save to save the changes. Note that some fields are read only.
- Add new DNS records by clicking the arrow next to the Add icon and selecting Host, Record, SharedRecord, and then selecting the required record type. For more information, see Managing Resource Records.
- View the DNS Traffic Control structure for an LBDN.
- Select the LBDN record and click the Open Visualization icon. For more information, see Visualization for DNS Traffic Control Objects3.
- Create a DTC server based on an existing A, AAAA, or host record by selecting a record in the table and clicking CreateDTCServer in the Toolbar or in the record's Action menu. For more information, see Configuring DNS Traffic Control Servers2.
- Edit the properties of a resource record.
- Select the resource record, and then click the Edit icon.
- Delete a resource record.
- Select the resource record, and then click the Delete icon.
- Export the list of resource records to a .csv file.
- Click the Export icon.
- Print the list of resource records.
- Click the Print icon.
- Use filters and the Goto function to narrow down the list. With the autocomplete feature, you can just enter the first few characters of an object name in the Goto field and select the object from the possible matches.
- Create a quick filter to save frequently used filter criteria:
- In the filter section, click Show Filter and define filter criteria for the quick filter.
- Click Save and complete the configuration In the Save Quick Filter dialog box.
...
- The
...
- appliance
...
- adds
...
- the
...
- quick
...
- filter
...
- to
...
- the
...
- quick
...
- filter
...
- drop-down
...
- list
...
- in
...
- the
...
- panel.
...
- Note
...
- that
...
- global
...
- filters
...
- are
...
- prefixed
...
- with
...
- [G
...
- ],
...
- local
...
- filters
...
- with
...
- [L
...
- ],
...
- and
...
- system
...
- filters
...
- with
...
- [S
...
- ]
...
- .
...
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
- Use one of the following methods to retrieve the host or resource record:
- Perform a global search.
- Select it from a Smart Folder.
- From the Data Management tab, select the DNS tab - > Zones tab -> dns_view -> zone -> host_record or resource_record.
- Select the record you want to modify and click the Modify icon.
- In the host or resource record editor, you can do the following:
- In the General tab, you can change most of the information, except for the read-only fields, such as the DNSView and HostNamePolicy. You can select the Disable check box to disable the record.
- In the TTL tab, you can modify the TTL setting. The NIOS appliance also allows you to specify TTL settings for each record. If you do not specify a TTL for a record, the appliance applies the default TTL value of the zone to each record. For information, see About Time To Live Settings4.
- In the Extensible Attributes tab, you can modify the attributes. For information, see Using Extensible Attributes5.
- The Permissions tab displays if you logged in as a superuser. For information, see About Administrative Permissions.
- Save the configuration and click Restart if it appears at the top of the screen.
When you delete host and resource records, Grid Manager moves them to the Recycle Bin. You can use the Recycle Bin to store deleted DNS configuration objects and selectively restore objects to the active configuration at a later time. You can also permanently remove the objects from the Recycle Bin.
...
Note: You cannot delete automatically-generated records, such as NS records and SOA records.
...
To delete host and resource record:
- Perform a global search to retrieve the record you want to delete.
or
From the Data Management tab, select the DNS tab, click the Zones tab-> dns_view -> zone -> host_record or
...
- resource_record.
- Select the record and click the Delete icon.
- In the Delete Confirmation dialog box, select Yes to delete or No to cancel.
- Optionally, if the Enable PTR record removal for A/AAAA records option is selected and if you try to delete an A or AAAA record, the appliance displays the Delete Confirmation (A or AAAA Record) dialog box to confirm whether you want to remove the corresponding PTR record that was automatically generated while creating the A or AAAA record. In the Delete Confirmation dialog box, select the Remove associated PTR resource record(s) check box and click Yes to delete the associated PTR record or click No to cancel. For information about enabling this option, see Deleting PTR Records associated with A or AAAA Records.
or
You can also schedule the deletion for a later time. Click Schedule Deletion and in the Schedule Change panel, enter a date, time, and time zone. For information, see Scheduling Deletions
...
- .
...