Creating DNS Views

To create a DNS view, complete the following:

1. From the Infoblox Portal, click Configure > Networking > DNS > Zones.
2. Click Create DNS View.
3. On the Create DNS View page, specify the following:
   
   • Name: Enter a name for the view.
   • Description: Enter additional details about the view.
   • IP Space: Select an IP space from the column selector. For more information, see Configuring IP Spaces. 
   • Disable for DNS Protocol: Select this check box to temporarily disable this view for DNS protocol.
   • Match recursive queries only: Select this check box to match recursive queries. 

4. Tags: Click Add to associate keys with the view and specify the following details:
   

   • KEY: Enter a meaningful name for the key, such as a location or a department.  

   • VALUE: Enter a value for the key such as San Jose or Accounts.

     To remove a tag, select the respective check box and click Remove to delete the associated tag. For information about tags, see Using Tags. 

5. In the Match Clients section, click Add to add or click Remove to remove the entries. Choose one of the following from the TYPE drop-down list:   
   
   • Any Address/Network: Choose this option to allow or deny queries from any IP addresses or networks. The application replies to queries from all clients. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
   • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the client from which the query originates. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • IPv4 Network: Choose this option to add a network to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • Named ACL: Choose this option to add a named ACL that you want to use. Click the VALUE field and the list of named ACLs appear. If you have only one named ACL, the application automatically displays the named ACL. When you choose this, the application replies to DNS queries from clients matching the ACL. You can click Clear to remove the selected named ACL.

   • TSIG Key: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
6. In the Match Destinations section, click Add to add or click Remove to remove the entries. Choose one of the following from the TYPE drop-down list:   
   
   • Any Address/Network: Choose this option to allow or deny queries from any IP addresses or networks. The application replies to queries from all clients. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
   • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the client from which the query originates. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • IPv4 Network: Choose this option to add a network to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • Named ACL: Choose this option to add a named ACL that you want to use. Click the VALUE field and the list of named ACLs appear. If you have only one named ACL, the application automatically displays the named ACL. When you choose this, the application replies to DNS queries from clients matching the ACL. You can click Clear to remove the selected named ACL.

   • TSIG Key: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
7. Select the Use Minimal Responses check box to enable the return of minimal responses. Universal DDI returns a minimal amount of data in response to a query, by default. It includes the records in the authority and additional data sections of its response only when required, such as in negative responses. This feature speeds up DNS responses provided by the application.
8. In the ALLOW QUERIES FROM section, click Add to add or click Remove to remove the entries. Choose one of the following from the TYPE drop-down list:   
   • Any Address/Network: Choose this option to allow or deny queries from any IP addresses or networks. The application replies to queries from all clients. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
   • IPv4 Address: Choose this option to add an IPv4 address. Click the VALUE field and enter the IP address of the client from which the query originates. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • IPv4 Network: Choose this option to add a network to the list. Click the VALUE field and enter an IPv4 network address and type a netmask. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.

   • Named ACL: Choose this option to add a named ACL that you want to use. Click the VALUE field and the list of named ACLs appear. If you have only one named ACL, the application automatically displays the named ACL. When you choose this, the application replies to DNS queries from clients matching the ACL. You can click Clear to remove the selected named ACL.

   • TSIG Key: Select an existing TSIG Key. For more information, see Configuring TSIG Keys. The PERMISSION column displays Allow by default. You can change it to Deny by clicking the field and choosing Deny from the drop-down list.
9. In the DNS Sort Lists section, create DNS sort lists to prioritize A and AAAA records on certain networks when they are returned in DNS responses. For more information, see DNS Sort Lists.
10. Extension Mechanism for DNS (EDNS) removes the limit of 512 bytes thereby avoiding fragmentation and packet loss for larger DNS messages sent over UDP. If the DNS messages sent over UDP are over 512 bytes, set an appropriate value to avoid DNS messages over UDP from getting fragmented. Configure the following: 
    • Max Advertised UDP size: Specify the UDP size in bytes. This is the size of a UDP message that the DNS server advertises to other DNS servers. The default size is 1232 bytes. The maximum UDP size allowed to be configured is 4096 bytes. The minimum UDP packet size allowed to be configured is 512 bytes.

    • Max UDP size sent: Specify the UDP size in bytes. This is the maximum number of bytes the DNS server will send in a UDP response. The default size is 1232 bytes. The maximum UDP size allowed to be configured is 4096 bytes. The minimum UDP packet size allowed to be configured is 512 bytes.

    Note

    The Max Advertised UDP size and Max UDP Size sent for an NIOS-X Server can be verified in the DNS configuration file. Go to Configure > Servers. Select the NIOS-X Server and click the NIOS-X Server drop-down menu > Troubleshoot > DNS Configuration File. The Max Advertised UDP size is shown as edns-udp-size in the DNS configuration file. The Max UDP Size sent is shown as max-udp-size in the DNS configuration file. 

11. Configure Zone Transfers. For more information on Zone Transfers, see Configuring Zone Transfers. 
12. Configure Updates.
    • Allow GSS-TSIG-signed updates: Toggle Inherit to Off and select the check box to allow GSS-TSIG-signed updates. GSS-TSIG (Generic Security Service Algorithm for Secret Key Transaction) is used to authenticate DDNS updates. For more information, see Configuring GSS-TSIG.
    • For more information configuring dynamic updates, see Updates. 
13. Configure Recursion. For more information on Recursion, see Enabling Recursive Queries. 
14. Configure DNSSEC. For more information on DNSSEC, see About DNSSEC. 
15. Configure EDNS Client Subnet Configuration. For more information on EDNS Client Subnet Configuration, see Enabling Recursive Resolution Using EDNS Client Subnet (ECS) Option.
16. Configure Zone Settings Defaults. For more information on Zone Settings Defaults, see Zone Settings Defaults.
17. Click Save & Close.