Universal DDI is the Primary Master | NIOS-X Server (DNS server) transfers a copy of the zone from the Infoblox Portal. Multiple NIOS-X Servers (DNS servers) are available for redundancy. NIOS-X Physical Server and NIOS-X Virtual Server in a customer managed public cloud are configured as secondary name servers for the zone. Each of the servers transfer a copy of the zone from the NIOS-X Physical Server. A third party DNS service provides an alternate backup for the zone. The third party pulls a copy of the zone from one of the NIOS-X Server. Devices on the Internet query all externally available DNS servers serving the target zone. DNS servers in different locations on different platforms provide for maximum redundancy and availability. Inbound port 53 requests are blocked. Attempts are made because NS records exist for NIOS-X Servers (they can't be removed).
|
| In the DMZ with access to the server only from the NIOS DNS server in the public cloud and the other NIOS DNS servers in the DMZ. Allows zone transfers using a TSIG key. Port 53 only available on the NIOS-X Server (not accessible from External). NS records are auto-generated and cannot be disabled or hidden.
|
| Universal DDI DNS servers in the DMZ allow zone transfers from the 3rd party DNS provider via TSIG key. Port 53 accessible through the firewall (to NIOS DNS only). Public Cloud NIOS DNS requires secure connection to DMZ to pull a zone transfer. Optionally configured with vADP to provide additional protection of DNS services. NS (and possibly A) resource records must be created for each NIOS secondary.
|
| Provide DNS services as a redundancy and availability service. Reduces risk of DDoS and network outages to on-prem DNS servers. Provides additional scalability. NS resource records must be created for appropriate systems. NIOS DNS Servers Offer GSLB Responses.
NIOS DNS servers licensed for DTC may provide rule-based responses for inbound queries.
|
