Document toolboxDocument toolbox

What's New

Owned by Shwetha S
Last updated: Sept 09, 2024 by Panna .
7 min read

This section lists the new features in the 9.0.x releases.

What’s New in NIOS 9.0.5

Infoblox Universal DDI Management and IPAM Federation

Infoblox Universal DDI Management is a comprehensive SaaS solution designed for today's hybrid and multi-cloud networking infrastructure. NIOS 9.0.5 integrates Infoblox Universal DDI Management with IPAM Federation, a scalable and integrated management solution that allows the reservation of IP addresses so that they are unique across NIOS and Infoblox Universal DDI Management.

IPAM Federation allows an Infoblox administrator to manage multiple IPAM systems from one central control point (Infoblox Portal Configuration), ensuring greater efficiency and policy compliance. IPAM Federation bridges the gap between on-premise NIOS and Infoblox Universal DDI Management, thus offering a seamless integration and centralized management of both environments while still allowing local administration according to policies defined in Infoblox Universal DDI Management.

For more information, see .

Simplified Subscriber Services (RFE-12977)

NIOS 9.0.5 allows vendors to populate subscriber information through APIs. The communication between API server and client is secured using Transport Layer Security (TLS). NIOS 9.0.5 also offers an alternative to subscriber service Splunk violation reporting by using dnstap. The NIOS dnstap client logs subscriber policy violations to the dnstap receiver over secured communication using TLS.

NIOS 9.0.5 introduces the following configurations for simplified subscriber services:

  • The Subscriber Site Properties > Subscriber Collection option has been introduced to specify if the subscriber site is API-based or RADIUS-based.

    • There are two options for subscriber collection: API and RADIUS. For the RADIUS option, NIOS listens on default port 1813 and this can be edited. For the API option, API server listens on default port 8909. This cannot be edited. If you select RADIUS, existing configuration options pertaining to NAS gateways are retained. If you select API, the API Server Members table is displayed to which you can add the members that will run the API server. For more information, see the Scaling Using Subscriber Sites topic.

  • Grid/Member DNS Properties > Logging > Advanced > Violations over TLS checkbox has been introduced to select violation logging using dnstap. When the checkbox is selected, the dnstap client sends subscriber service violations in the protocol buffer format securely to the dnstap receiver. dnstap supports either violations over TLS or DNS query/response at a time. For more information, see the Configuring dnstap topic.

Provisioning the PayGo Model (RFE-13864)

NIOS 9.0.5 launches the PayGo (Pay-as-You-Go) model for vNIOS for AWS and vNIOS for Azure. The PayGo model is for users who want to provision vNIOS without needing to procure separate licenses from Infoblox. For more information, see the vNIOS documentation for the respective appliances at Virtual Appliances.

Support for Virtual Advanced DNS Protection and Virtual DNS Cache Acceleration in vNIOS for Azure (NIOS-10175)

Starting from NIOS 9.0.5, vNIOS for Azure instances support features such as virtual Advanced DNS Protection, virtual DNS Cache Acceleration, and dnstap that are enabled with accelerated networking. For more information about these features, refer to the Infoblox NIOS Documentation and for the list of supported Trinzic X5, X6, and IB-FLEX appliances, see Supported vNIOS for Azure Appliances.

Note: When selecting the VM size for the instance, make sure that the setting for NUMA node is NUMA=1. This is required for using accelerated networking -enabled features such as virtual Accelerated DNS Protection, virtual DNS Caching Acceleration, or dnstap. When you choose high-end Infoblox models such as IB-V4126, the vNIOS instance may get automatically assigned with NUMA=2 in which case the stated features may not run.

vNIOS for Hyper-V Support on Microsoft Windows 2022 (RFE-518)

From NIOS 9.0.5 onwards, vNIOS for Microsoft Hyper-V can be configured on Microsoft Windows 2022.

SilverPeak Support for Network Insight (RFE-13025)

From NIOS 9.0.5 onwards, Network Insight allows you to collect and manage data from Silver Peak SD-WANs. For more information, see the Configuring Discovery for SDN and SD-WAN topic.

Red Hat Enterprise Linux 9.4 Support (RFE-36)

NIOS 9.0.5 is supported on Red Hat Enterprise Linux version 9.4.

GCVE Support for vNIOS for GCP and vNIOS for VMware (RFE-13373)

vNIOS for GCP and vNIOS for VMware are now supported in the GCVE (Google Cloud VMware Engine) environment.

Discovering Virtual Extensible LANs (RFE-10)

Starting from version 9.0.5, NIOS can collect information about VxLANs from SNMP and SDN devices. For more information, see the Accessing Detailed Device Information topic.

Support for Synchronization of Google Cloud DNS (RFE-12100)

Starting from NIOS 9.0.5, you can synchronize a read-only copy of Google Cloud DNS data to NIOS to obtain a unified visualization experience. The Cloud DNS synchronization feature of NIOS has the ability to automate the process of discovery and synchronization of DNS data to NIOS from multiple projects of a GCP organization.

Monitoring and Alerting for Accelerated Networking Unresponsiveness (RFE-13783)

NIOS 9.0.5 introduces the option of performing an automatic member reboot for the Grid Master and Grid members. Automatic member reboot offers multiple options to recover NIOS nodes from dataplane unresponsiveness. You can perform Grid Manager reboot, send SNMP alerts, and email notifications. The Automatic Member Reboot option is available in the Grid Properties Editor (for Grid) or Grid Member Properties Editor (for members), Monitoring > Advanced tab. For More information, see the Performing an Automatic member Reboot topic.

10G/1GE Intel 710 Quad SFP NIC Hardware Qualification

NIOS 9.0.5 has been qualified on the 10G/1GE Intel 710 Quad SFP NIC hardware.

Note: 710 Quad SFP NIC is not supported in 9.0.4 and below versions

FQDN Support for External Servers (RFE-8054)

From NIOS 9.0.5 onwards, you can add external servers using both IP address and FQDNs instead of only IP addresses. This support is provided for the following functionalities:

  • External syslog servers

  • Syslog backup servers

  • dnstap receivers

  • Data collection for DNS queries/responses

Hereafter, when adding an external syslog server using STCP, the certificates added can use either the FQDN or the IP address of the external syslog server.

Concatenating a URL with the DHCP Relay Agent Circuit ID (RFE-13762)

In NIOS 9.0.5, you can concatenate the DHCP relay agent information option’s circuit-id sub-option value, if it exists, to the end of a specified URL. The resulting concatenated string is then passed to the DHCP client as the value of a custom option. If the circuit ID is not included in the DHCP message, the specified URL itself is passed back to the client. You can do this using the CLI.

Improved DNS Traffic Control Performance in the Grid Manager (RFE-13077)

In NIOS 9.0.5 onwards, the loading time of the DNS Traffic Control screens has been enhanced thus enhancing user experience when using the Grid Manager.

Splunk Package Upgrade

In NIOS 9.0.5, the Splunk package version has been upgraded to 9.2.1.

Threat Insight Enhancements (NIOSRFE-9)

In NIOS 9.0.5, Threat Insight has been modernized to contain newer techniques and updated algorithms that help in enhancing detection.

Grid Manager Login Page

NIOS 9.0.5 introduces a new look and feel to the login page of the Grid Manager.

What’s New in NIOS 9.0.4

High Availability Support on Public Clouds for vNIOS (RFE-12151)

Starting from NIOS 9.0.4, you can deploy vNIOS appliances in high availability (HA) configurations on public clouds. The following vNIOS instances are supported for HA in public cloud: vNIOS for AWS, vNIOS for Microsoft Azure, vNIOS for GCP. For more information, see the vNIOS documentation for the respective appliances at Virtual Appliances.

Turning Off Upstream IPv6 Queries When Dual Mode is Configured (RFE-11941)

From NIOS 9.0.4 onwards, you can restrict upstream queries to either IPv4 or IPv6 addresses without impacting downstream queries when the configuration allows dual network interfaces for DNS services. You can do this using the newly introduced Member DNS Configuration > General > Basic > Upstream Address Family Preference option. This feature works only if the Allow recursion checkbox is selected at the Grid or member level. For more information, see the Configuring Upstream Address Family Preference topic.

Extended DNS Support (EDNS0) for Device ID (RFE-13672)

NIOS 9.0.4 introduces Extended DNS Support (EDNS0) for Device ID (Type 26946). Subscriber services will utilize the EDNS0 data to enhance security and content-based DNS request filtering.

Unify Daylight Savings Across All Time Zones (RFE-13122)

Prior to NIOS 9.0.4, if the time zone of Grid Manager was UTC +2:00 Cairo (Egypt) and Daylight Saving Time (DST) had begun, NIOS was running one hour behind the actual time because it did not consider Egypt’s DST.

From NOS 9.0.4 onwards, NIOS will not use static UTC offsets such as (UTC+2:00). Instead, it will only have time zone names with DST changes. To achieve this, NIOS fetches the time zone list from the Ubuntu tzdata package and updates the same in the database.

After upgrading to NIOS 9.0.4, certain time zone names are mapped to different names. For the list of the changed time zone names, see the General Upgrade Guidelines topic. Note that some of the new time zone formats contain an underscore “_”  in the name.

vDiscovery to Support Discovery Across Multiple AWS and GCP Accounts (RFE-8680)

You can now configure a vDiscovery job on NIOS 9.0.4 or later to discover and synchronize data across multiple AWS or GCP accounts across a single or across multiple regions. For more information, see the vDiscovery on AWS VPCs topic in the vNIOS for AWS and the Performing GCP vDiscovery topic in the vNIOS for GCP documentation at Virtual Appliances.

Configuring the Network Insight Polling Frequency Modifier (RFE-13024)

NIOS 9.0.4 introduces the Polling Frequency Modifier field that allows you to specify the polling frequency to occur once every two days or twice a day. You can set values between 0.5 and 2 in this field. For more information, see the Configuring Discovery Properties topic.

Support DNS Authoritative with DNS Cache Acceleration Recursive (RFE-11029)

You can now configure the virtual DNS Cache Acceleration (vDCA) member to also be an authoritative member. When the virtual DNS Cache Acceleration member is configured to authoritative zones, those authoritative queries will not be cached in virtual DNS Cache Acceleration.

TCP DNS Query Support for DNS Cache Acceleration (RFE-12976)

From NIOS 9.0.4 onwards, virtual DNS Cache Acceleration caches TCP queries and the cached queries are responded to from virtual DNS Cache Acceleration instead of BIND. The following new CLI commands are introduced that display the DNS Over TCP details such as the configuration settings, current status of DNS over TCP service, statistics related to DNS over TCP traffic, and so on. For more information see the show dns-over-tcp-dca-stats, show dns-over-tcp-dca-status, show dns-over-tcp-dca-config, and set vdca-tcp-mode topics.

  • show dns-over-tcp-dca-stats

  • show dns-over-tcp-dca-status

  • show dns-over-tcp-dca-config

  • set vdca-tcp-mode

If you send a TCP DNS query load and features that push new configurations to the virtual DNS Cache Acceleration file (For example: enable/disable TCP support on vDCA, Toggling ADP First/DCA First and Toggling Single/multi TCP query in a session), a DNS force restart may cause the Grid member to go offline. To recover, it is recommended to perform a product reboot.

TLS 1.3 Support (RFE-7727)

NIOS 9.0.4 supports TLS version 1.3 which provides the ability to enable or disable the TLS 1.3 protocol and the respective cipher suites in the CLI. TLS 1.3 will be enabled by default. However, Splunk does not support TLS version 1.3 and therefore NIOS reporting will not work when only TLS version 1.3 is enabled. A warning to this effect is displayed if you disable TLS version 1.2. If you have a reporting server in the NIOS Grid, you must ensure that TLS 1.2 is not disabled.

Specifying the Source IP Address using WAPI (RFE-10242)

From NIOS version 9.0.4 onwards, the query_fqdn_on_member WAPI function allows you to specify the source IP address. In versions prior to NIOS 9.0.4, the source IP address was automatically selected (internally), typically defaulting to LAN1.

Shared VPC Support in GCP (RFE-10561)

From NIOS 9.0.4 onwards, if you want to discover shared resources (resources deployed in a shared Virtual Private Cloud) using vDiscovery, ensure that the host project(s) and its service project(s) run on the same member or virtual node. Also ensure that you discover the host project(s) first followed by the service project(s).

vDiscovery Across Multiple AWS GovCloud Accounts (RFE-12012)

From NIOS 9.0.4 onwards, you can use vDiscovery to perform discovery across multiple AWS accounts for AWS GovCloud accounts.

Integrating the Cloud Sync Service for AWS Route 53 DNS Synchronization (NIOS-94340)

From NIOS 9.0.4 onwards when configuring Route 53 integration, you can enable the multi-account synchronization option on an existing or a new sync group. The option enables NIOS to discover multiple AWS accounts in an AWS organization and to synchronize the DNS data using the Route 53 service. You can configure the option to synchronize DNS data from all or specific accounts (children) in an AWS organization (parent). For more information, see the Configuring Amazon Route 53 Integration topic in the vNIOS for AWS documentation at Virtual Appliances.

vDiscovery Migration to the Cloud Sync Service in GCP (NIOS-95597)

From NIOS 9.0.4 onwards, the Cloud Sync Service needs be started before starting GCP vDiscovery.

Synchronization of Azure DNS (RFE-11046)

In NIOS 9.0.4, you can use the Azure DNS synchronization feature to enable NIOS to span across Azure virtual networks to discover and integrate Azure DNS data with the NIOS database to get a unified console experience in NIOS. You can configure it to discover and synchronize data across multiple subscriptions of an Azure tenant. For more information, see the Integrating Azure DNS with NIOS in the vNIOS Infoblox Installation Guide for Microsoft Azure at Virtual Appliances.

Advanced DNS Protection and DNS Cache Acceleration Support on Mellanox Cards (RFE-12983)

The Advanced DNS Protection and DNS Cache Acceleration features are now supported on NVIDIA Mellanox 25 GbE cards.

IB-FLEX Support on Trinzic X6 Series Appliances (NIOS-87387)

All of the Trinzic X6 Series appliances can now function as IB-FLEX appliances if the hardware type is set to IB-FLEX using the set hardware-type CLI command. The DNS Cache Acceleration service runs on all Trinzic X6 Series appliances when used as IB-FLEX. However, Infoblox recommends to use DNS Cache Acceleration only on TE-2306 and TE-4106 appliances.

Splunk Updates

NIOS 9.0.4 supports Splunk version 9.1.3. NIOS 9.0.4 contains a new dashboard called the jQuery Upgrade dashboard in the Reporting > Administration tab that provides comprehensive instructions to identify affected dashboards and ensures their compatibility with jQuery 3.5 or higher.

Accelerated Advanced DNS Protection Support for TE-906 Appliances

The TE-906 series of appliances now supports fastpath enabled services such as encrypted DNS (DoH/DoT), Advanced DNS Protection  (Threat Protection with acceleration), and DNSTAP.

Search Functionality for the binding_state Field (RFE-9219)

From NIOS 9.0.4 onwards, the DHCP Lease object binding_state WAPI field is available for search.

Removal of the Deprioritize caching of NXDOMAIN responses option

From NIOS 9.0.4 onwards, in the Grid DNS Properties or Member DNS Properties editor, Security tab > Bogus-query alerting and mitigation section, the Deprioritize caching of NXDOMAIN responses option has been removed.

Support for Virtual Advanced DNS Protection and Virtual DNS Cache Acceleration in vNIOS for AWS (RFE-8736)

vNIOS AWS instances running on NIOS 9.0.1 or later can be configured with virtual Advanced DNS Protection (vADP) to detect DNS threats and prevent possible network attacks.

vNIOS AWS instances running on 9.0.1 or later also support virtual DNS Cache Acceleration, which when enabled configure the instances as high-speed DNS caching-only name servers.

For more information on virtual Advanced DNS Protection, see the About Infoblox Advanced DNS Protection topic in the NIOS documentation and for the list of supported vNIOS for AWS appliances, see the Installation Guide for vNIOS for AWS at Virtual Appliances.

VLAN Support for NIOS Appliances (RFE-99636)

VLAN tagging is now supported on all Trinzic X5 and X6 Series appliances.

What’s New in NIOS 9.0.2

Support for IPv6 Relay Agent Option Filters (RFE-12987)

NIOS 9.0.2 introduces three IPv6 relay agent filters for the DHCPv6 option filter:

  • dhcp6.subscriber-id(38) string

  • dhcp6.remote-id(37) string

  • dhcp6.interface-id(18) string

You can use the IPv6 Option Filter option to selectively filter and process specific options sent by the IPv6 relay agent. You can set the Relay Agent field to a value from 0 to 33.

For more information, see the Defining Option Filters topic.

DNS Type 64/ Type 65 Caching Support on Virtual DNS Cache Acceleration (RFE-12820)

NIOS 9.0.2 introduces the expand argument to the show dns-accel-cache CLI command. The expand argument displays the expanded DNS type 64/DNS type 65 records stored in the virtual DNS Cache Acceleration cache.

For more information, see the show dns-accel-cache topic.

X6 Series Appliance Support for vNIOS for OCI (RFE-13528)

From NIOS 9.0.2 onwards, vNIOS for Oracle Cloud Infrastructure (OCI) is supported on X6 series of appliances. Also from NIOS 9.0.2 onwards, you can deploy a vNIOS for OCI node as a Grid Master as well a Grid member.  For more information, see Infoblox Installation Guide vNIOS for Oracle Cloud Infrastructure at docs.infoblox.com.

What’s New in NIOS 9.0.1

X6 Series Appliances

Infoblox NIOS 9.0.1 introduces the new Trinzic X6 series of appliances that are more reliable, higher in
performance, rich in features, and which have a lower carbon footprint than their earlier counterparts. The X6 series of hardware appliances comprises the following: TE-906, TE-1506, TE-1606, TE-2306, TE-4106
For detailed information about the hardware and software appliances that comprise the X6 series, see the detailed appliance documentation on the Appliances tab at docs.infoblox.com.

Verifying Licenses

In NIOS 9.0.1, you can check if the licenses are valid, view the comparison between the existing and newly added licenses, and verify for any license conflicts by clicking Verify License(s) on the Licenses tab > Member tab or Pool tab or Grid-Wide tab. If the licenses pass validation, they will be applied. You can either confirm or cancel applying new licenses. You can also view the licenses will be discarded or overwritten.