Document toolboxDocument toolbox

Configuring Google Cloud DNS Synchronization in NIOS

Owned by Jyothi KP
Sept 05, 2024
10 min read

Starting from NIOS 9.0.5, you can configure NIOS to synchronize DNS data from Google Cloud to NIOS. To configure the import of DNS data from Google Cloud DNS zones to NIOS, complete the Prerequisites and follow the steps described in this topic. You can synchronize DNS data from a single or multiple GCP projects of a GCP organization.

To configure NIOS for Cloud DNS synchronization, complete the following steps:

  1. Create a sync group and add sync tasks to the sync group, as described in the Configuring Sync Groups for Google Cloud DNS Synchronization section.

  2. Optionally, if you want NIOS to serve DNS for the DNS zones synchronized from Google Cloud, configure the primary and secondary servers accordingly. For information about how to configure the DNS servers, refer to the Infoblox NIOS Documentation.

After you set up the DNS integration you can do the following:

  • View all configured DNS sync groups.

  • View detailed information about the configured sync groups.

  • Modify sync groups and their sync tasks.

  • View the DNS data imported from GCP.

Configuring Sync Groups for Google Cloud DNS Synchronization

You can configure a sync group to include multiple synchronization tasks for different hosted zones in the same GCP cloud end point. Before you create a sync group, ensure that you have configured the GCP user accounts (on the NIOS appliance) that you want to use for configuring the sync tasks. Note that in NIOS, all sync tasks in a sync group are performed for the same GCP service account. If you have set up the GCP environment for multi-project synchronization, you must enable Multiple Project Sync for a sync group and define the settings for its sync tasks to discover and synchronize DNS data in multiple GCP projects. If you disable individual sync tasks, the appliance skips those sync tasks during synchronization.

When you configure a sync group, you can define a network view in which synchronized data resides. You cannot change the network view for the sync group once you save the configuration. If you want to change the network view for subsequent synchronization, create a new sync group. If you want to remove stale DNS data in a specific network view, you can search for the data by using the extensible attribute "DNS Source" = "GCP DNS" in that network view and then remove the data accordingly. You can also use the CSV Import feature to export this data for removal. For more information about extensible attributes and CSV Import, refer to the Infoblox NIOS Documentation.

You can also select a specific DNS view to synchronize zones and records from GCP to NIOS. This way, you can serve all those zones in a consolidated way from NIOS by querying a single Grid member. Depending on which network view you have selected, you may or may not be able to select a specific DNS view for consolidating zones and records. Ensure that you understand the various scenarios about how the appliance handles the consolidated data before you configure the Consolidate zone data into this DNS view option while adding or modifying a sync group.

Creating Cloud DNS Sync Groups

Note

  • Ensure that you have installed the Cloud Network Automation license on the Grid Master. For information about licenses, refer to the Infoblox NIOS Documentation.

  • After creating a sync group, wait for few minutes for the necessary processes to start in the background before starting a sync task.

To create a sync group and add sync tasks, complete the following steps:

  1. Log in to Grid Manager (the Infoblox GUI).

  2. From the Grid tab, click the Cloud DNS tab.

  3. Expand the Toolbar and click Add.
    The Cloud DNS Sync Wizard is displayed.

  4. In Step 1 of 4 of the Cloud DNS Sync Wizard, complete the following, and then click Next:

    • Sync Group Name: Enter the name of the sync group.

    • Disable Synchronization: Select this to disable synchronization for this sync group. This allows you to keep the current configuration including all sync tasks in the group, and enable them at a later time.

    • Member: Click Select to choose the Grid member that will pull DNS data from Google Cloud DNS. Infoblox suggests that you select a member that is not running other services and can handle the synchronization load for this feature. If you have only one Grid member in the Grid, the appliance automatically displays the member's name here. Select Clear if you want to remove the current member. You can also specify a proxy server to pull data from GCP. For information about how to set up a proxy server, refer to the Infoblox NIOS Documentation.

    • Comment: Enter additional information about this sync group. In the Sync Tasks section, do the following:
      Note that all sync tasks in the same sync group are performed for the same GCP service account. Create a new sync group if you want to synchronize data using another service account.

  5. In Step 2 of 4 of the Cloud DNS Sync Wizard, complete the following, and then click Next:

    • Cloud Service Provider: Select GCP as the cloud platform on which the server from which DNS data needs to be synchronized, is deployed.

    • Credentials: Select the GCP CMP user that you configured in NIOS to use the credentials in the linked GCP service account required to access the GCP resources from NIOS. To select:

      1. Click Select.

      2. In the Cloud Account Selector dialog box, choose a GCP CMP user and click OK.

    • Multiple Project Sync: Select this check box to enable the synchronization of DNS data from multiple GCP projects on the selected member. For more information, see the Enabling Multi-Project DNS Synchronization in a Sync Group section.

  6. In Step 3 of 4 of the Cloud DNS Sync Wizard, complete the following, and then click Next:

    1. Under Synchronize DNS data into, select the network view to which you want the appliance to add synchronized data.

      • This network view: From the drop-down list, select the NIOS network view to which you want to add the synchronized data. The default network view is displayed by default. When you select this option, you can choose to consolidate zone data into a specified DNS view by enabling the Consolidate zone data into this DNS view option and selecting a specific DNS view.

      • The tenant's network view (if it does not exist, create a new one): This option is recommended. When you select this option, the synchronized data is saved to the tenant's network view. If the network view does not exist, the appliance creates it (only if a cloud license is installed in the Grid). The appliance uses tenant information to create a new NIOS network view for the synchronized data. For example, GCP tenants by default are associated with the project ID, a 6 to 30 digit alpha-numeric number, which is the identifier for all objects that are created by that project in GCP. This value becomes the identifier for the new network view as its data is synchronized.
        Note:

        • You cannot modify the network view selection once you save the configuration. Create a new sync group if you want to change the network view.

        • When you remove an old sync task from a sync group, the data remains in the database, and you can manually remove the old data by searching for all GCP zones that are associated with a particular network view.

    2. Consolidate zone data into this DNS view: Depending on which network view you have selected to synchronize the zone data, you may or may not be able to select a specific DNS view to which the zone data is being synchronized and consolidated. When this option is enabled, there is no restriction on the number of VPCs that a private DNS zone can have in GCP.
      Consider the following scenarios before selecting or clearing the selection on this option:

      • If you have selected a NIOS network view to add synchronized DNS data, you can select a specific DNS view to which you can add the synchronized GCP zone data. When you select this option, all zone data will be synchronized into the selected DNS view. If there are duplicate zones, the appliance places them in an order based on their VPC names and adds the first duplicate zone to the corresponding DNS view (depending on your configuration). It then creates new DNS views for subsequent zones that have the same zone name. For example, if your DNS view is "corp100view", the first duplicate zone is added to "corp100view", the second duplicate zone to "corp100view_1", and so on until all duplicate zones are added to their corresponding DNS views.
        If you choose to synchronize Cloud DNS data into a NIOS network view but you do not select this option, you are not allowed to select a specific DNS view and the appliance synchronizes all private zones into a newly created DNS view using the name "private%", where % stands for the key of the DNS view. A new DNS view is created for each VPC in which the zones reside. On the other hand, all public zones are synchronized into the default DNS view, and all duplicate zones are ignored.

      • If you have selected to add synchronized DNS data to a tenant's network view, you are not allowed to select a specific DNS view for the synchronized data. In this case, the appliance synchronizes all private zones into a newly created DNS view using the name "private%" where % stands for the key of the DNS view. A new DNS view is created for each VPC in which the zones reside. On the other hand, all public zones are synchronized into the default DNS view, and all duplicate zones are ignored.
        Note that you must not perform a DNS sync on multiple DNS views that reside in the same network view. Performing a DNS sync in more than one DNS view deletes the data from the other DNS views in which synchronization has taken place. To prevent this, create multiple network views each having a single DNS view and perform DNS sync on each of the DNS views.

  7. In Step 4 of 4 of the Cloud DNS Sync Wizard, complete the following:
    Under Sync Tasks, click the Add icon to add a sync task to this group. Grid Manager displays the Add Sync Task panel. Complete the following steps in the panel, and then click Add to add the task to the Sync Tasks table:

    • Name: Enter the name of the sync task. Use a name that best represents the task so that you can differentiate it from the other tasks.

    • Public Hosted Zone: Select this if you want to synchronize data from the GCP public DNS zones. In GCP, public zones contain information about routing traffic and resource record sets for domains and sub domains of queries that come from the public Internet, and are resolved within the GCP infrastructure.

    • Private Hosted Zone: Select this if you want to synchronize data from the GCP private DNS zones. In GCP, private zones contain information about routing traffic and resource record sets for a domain and its sub domains of queries that come from instances and resources of any given GCP VPC, and are resolved within one or more VPCs.

    • Filter: You can add a filter to select a specific zone or zones for synchronization purposes. To specify multiple zones, use commas to separate the values. You can also use wildcard characters in the filter. For example, you can enter “*abc*, ab?c.com, [a-z].com” in this field.

    • Interval: Define how often you want the synchronization to happen by entering the time interval and selecting the interval unit from the drop-down list.

    • Disable Synchronization: Select this to disable synchronization for this specific task. This allows you to keep the current configuration for the task and enable it at a later time.

    • Click the Add icon again to add more tasks.
      Grid Manager displays the following information for each saved task in the Sync Tasks table:

      • Name: The sync task name.

      • Interval: The synchronization interval.

      • Filter: The filter that you entered for synchronizing data from the specified zones.

  8. Save the configuration.

Enabling Multi-Project DNS Synchronization in a Sync Group

When the multi-project synchronization options are enabled for a sync group linked to a Grid member, NIOS uses the Cloud Sync service to discover GCP projects linked to a parent project and synchronize the DNS data to the NIOS database. You can define the settings to synchronize DNS data from all child projects of a parent located in a folder or from selected projects of a parent project.

To enable the multi-project support, complete the following:

  1. Log in to Grid Manager (the Infoblox GUI).

  2. From the Grid tab, click the Cloud DNS tab.

  3. According to the GCP sync group, do one of the following:

    • For an existing sync group:

      1. Select the sync group, and then click the Actions icon > Edit.
        The Cloud DNS Sync Group Properties windows is displayed.

      2. Click the Account Details tab.

    • For a new GCP sync group:

      1. Click the Add icon and follow the steps defined in the Creating Cloud DNS Sync Groups section.

      2. Go to Step 2 of 4 of the Cloud DNS Sync Wizard.

  4. Select the Multiple Project Sync checkbox and configure the Multi Project Options to either discover and synchronize data from all or selected child projects of a parent GCP project.
    Select one of the following options:

    • Discover Projects: Select this option if you want a sync task to discover and synchronize DNS data from all child projects (of a parent GCP project) located within a folder in the GCP organization.

    • Add or Upload Project IDs: Select this option to specify the list of child projects of a parent GCP project that a sync task must discover and synchronize DNS data from.
      Note:
      The multi-project synchronization option synchronizes DNS data from the selected child GCP projects and also their parent project.
      Additionally, you can do the following:

      • Export the added list to a .csv file by clicking the Export icon.

      • Delete a GCP project entry by selecting the checkbox next to the project to be removed and then clicking the Delete icon.

      To add child projects, do one of the following:

      • Upload a CSV file:

        1. Click the CSV Import icon.

        2. In the Upload dialog box, click Select to browse for the CSV file containing the list of project IDs of child projects you want to add.

        3. Select the file and click Open.

        4. Click Upload, and then click Close after the file is uploaded.

      • Manually specify the project IDs of child projects for which DNS data must be synchronized:

        1. Click the Add icon to add a row in the Project IDs table.

        2. Click the new row and specify the Project ID of a child project.

        3. Repeat the preceding steps 1 and 2 for every child project that you want to add.

  5. Click Next and perform the remaining steps as explained in the Creating Cloud DNS Sync Groups section.

  6. Save the configuration.