Document toolboxDocument toolbox

Configuring Azure DNS Synchronization in NIOS

Owned by Jyothi KP
Last updated: Jul 15, 2024
10 min read

To import a zone’s DNS data from Azure to NIOS, complete the Prerequisites and follow the steps described in this topic. You can set up synchronization of DNS data from a single or multiple subscriptions of a tenant to a NIOS admin account.

Configuring a DNS Synchronization

To configure a DNS Synchronization, complete the following steps:

  1. Create a sync group and add sync tasks to the sync group, as described in the Configuring Sync Groups for Azure DNS Synchronization section.

  2. Optionally, if you want NIOS to serve DNS for the hosted zones synchronized from Azure, configure the primary and secondary servers accordingly. For information about how to configure the DNS servers, refer to the Infoblox NIOS Documentation.

After you set up the Azure DNS integration and synchronization, you can do the following:

  • View all configured DNS sync groups.

  • View detailed information about the configured sync groups.

  • Modify sync groups and their sync tasks.

  • View the DNS data imported from Azure.

Note

The DNS sync task can freeze during its run due to the following reasons:

  • Loss of network connectivity with the member node. To prevent this scenario, ensure that the member node is connected to the network.

  • RabbitMQ queue overflow. This can be confirmed with the error message "error:The AMQP connection was closed" found in Administration -> Logs -> Syslog in Grid Manager. To fix this scenario, restart all NIOS services or reboot the NIOS node.

Configuring Sync Groups for Azure DNS Synchronization

You can configure a sync group to include multiple synchronization tasks for different hosted zones in the same Azure cloud end point. Before you create a sync group, ensure that you have configured the Azure user accounts (on the NIOS appliance) that you want to use for configuring the sync tasks. Each account in NIOS corresponds to a registered Azure DNS application in the Azure management portal. Note that all sync tasks in a sync group are performed for the same user account in NIOS. If the user account belongs to a Tenant that is associated with multiple subscriptions, a sync task is performed on multiple subscriptions based on the option you have configured in the sync group. If you disable individual sync tasks, the appliance skips those sync tasks during synchronization.

When you configure a sync group, you can define a network view in which synchronized data resides. You cannot change the network view for the sync group once you save the configuration. If you want to change the network view for subsequent synchronization, create a new sync group. If you want to remove stale DNS data in a specific network view, you can search for the data by using the extensible attribute "DNS Source" = "Azure DNS" in that network view and then remove the data accordingly. You can also use the CSV Import feature to export this data for removal. For more information about extensible attributes and CSV Import, refer to the Infoblox NIOS Documentation.

You can also select a specific DNS view to synchronize zones and records from Azure to NIOS. This way, you can serve all those zones in a consolidated way from NIOS by querying a single Grid member. Depending on which network view you have selected, you may or may not be able to select a specific DNS view for consolidating zones and records. Ensure that you understand the various scenarios about how the appliance handles the consolidated data before you configure the Consolidate zone data into this DNS view option while adding or modifying a sync group.

Creating Azure DNS Sync Groups

Note

After creating a sync group, wait for few minutes for the necessary processes to start in the background before starting a sync task.

To create a sync group and add sync tasks, complete the following steps:

  1. Log in to Infoblox NIOS Grid Manager.

  2. From the Grid tab, click the Cloud DNS tab.

  3. Expand the Toolbar and click Add.
    The Cloud DNS Sync Wizard is displayed.

  4. In Step 1 of 4 of the Cloud DNS Sync Wizard, complete the following, and then click Next:

    • Sync Group Name: Enter the name of the Azure DNS sync group.

    • Disable Synchronization: Select this if you want to disable synchronization for this sync group. This allows you to keep the current configuration including all sync tasks in the group, and enable them at a later time.

    • Member: Click Select to choose the Grid member that will pull DNS data from Azure. Infoblox suggests that you select a member that is not running other services and can handle the synchronization load for this feature. If you have only one Grid member in the Grid, the appliance automatically displays the member's name here. Select Clear if you want to remove the current member. You can also specify a proxy server to pull data from Azure. For information about how to set up a proxy server, refer to the Infoblox NIOS Documentation.

    • Comment: Enter additional information about this sync group.

  5. In Step 2 of 4 of the Cloud DNS Sync Wizard, complete the following, and then click Next:

    • Cloud Service Provider: Select Azure as the cloud platform on which the server from which DNS data needs to be synchronized, is deployed.

    • Credentials: Select the credentials of the registered Azure DNS application that is required to authenticate the connection between the Grid member and Azure for this sync group.
      These credentials are retrieved from the admin user that you configured in NIOS parallel to an application registered in Azure. For more information see, Adding an Azure Admin User in NIOS.
      Click Select.

      • If you have added only one Azure admin user in the Grid, the appliance automatically selects the available credentials.

      • If you have added multiple Azure admin users, the Cloud Account Selector dialog box is displayed. Click the name of the user to select.

    • Multi Subscription Options: Select one of the options to retrieve DNS data from multiple subscriptions of a tenant. For more information, see the Enabling Multi-Subscription DNS Synchronization on a Sync Group section.

  6. In Step 3 of 4 of the Cloud DNS Sync Wizard, complete the following, and then click Next:

    1. Under Synchronize DNS data into, select the network view to which you want the appliance to add synchronized data.

      • This network view: From the drop-down list, select the NIOS network view to which you want to add the synchronized data. The default network view is displayed by default. When you select this option, you can choose to consolidate zone data into a specified DNS view by enabling the Consolidate zone data into this DNS view option and selecting a specific DNS view.

      • The tenant's network view (if it does not exist, create a new one): This option is recommended. When you select this option, the synchronized data is saved to the tenant's network view. If the network view does not exist, the appliance creates it (only if a cloud license is installed in the Grid). The appliance uses tenant information to create a new NIOS network view for the synchronized data. For example, Azure tenants by default are associated with the tenant ID, a 36-digit alpha-numeric number, which is the identifier for all objects that are created by that account in Azure. This tenant value becomes the identifier for the new network view as its data is synchronized.
        Note that you cannot modify the network view selection once you save the configuration. Create a new sync group if you want to change the network view. When you remove an old sync task from a sync group, the data remains in the database, and you can manually remove the old data by searching for all Azure zones that are associated with a particular network view.

    2. Consolidate zone data into this DNS view: Depending on which network view you have selected to synchronize the zone data, you may or may not be able to select a specific DNS view to which the zone data is being synchronized and consolidated. When this option is enabled, there is no restriction on the number of virtual network that a private hosted zone can have in Azure.
      Note that when Consolidate zone data into this DNS view is not enabled for a private hosted zone, if the number of characters in the zone’s virtual network ID is more than 255 characters, Azure DNS will not synchronize that specific DNS zone. This is due to the restriction that the value of an extensible attribute in NIOS cannot exceed 255 characters.
      Consider the following scenarios before selecting or clearing the selection on this option:

      • If you have selected a NIOS network view to add synchronized DNS data, you can select a specific DNS view to which you can add the synchronized Azure zone data. When you select this option, all zone data will be synchronized into the selected DNS view. If there are duplicate zones, the appliance places them in an order based on their virtual network names and adds the first duplicate zone to the corresponding DNS view (depending on your configuration). It then creates new DNS views for subsequent zones that have the same zone name. For example, if your DNS view is "corp100view", the first duplicate zone is added to "corp100view", the second duplicate zone to "corp100view_1", and so on until all duplicate zones are added to their corresponding DNS views.
        If you choose to synchronize DNS data into a NIOS network view but you do not select this option, you are not allowed to select a specific DNS view and the appliance synchronizes all private zones into a newly created DNS view using the name "private%", where % stands for the key of the DNS view. A new DNS view is created for each virtual network in which the zones reside. On the other hand, all public zones are synchronized into the default DNS view, and all duplicate zones are ignored.

      • If you have selected to add synchronized DNS data to a tenant's network view, you are not allowed to select a specific DNS view for the synchronized data. In this case, the appliance synchronizes all private zones into a newly created DNS view using the name "private%" where % stands for the key of the DNS view. A new DNS view is created for each virtual network in which the zones reside. On the other hand, all public zones are synchronized into the default DNS view, and all duplicate zones are ignored.
        Note that you must not perform an Azure DNS sync on multiple DNS views that reside in the same network view. Performing a sync in more than one DNS view deletes the data from the other DNS views in which synchronization has taken place. To prevent this, create multiple network views each having a single DNS view and perform an Azure DNS sync on each of the DNS views.

  7. In Step 4 of 4 of the Cloud DNS Sync Wizard, complete the following:
    Under Sync Tasks, click the Add icon to add a sync task to this group. Grid Manager displays the Add Sync Task panel. Complete the following steps in the panel, and then click Add to add the task to the Sync Tasks table:

    • Name: Enter the name of the sync task. Use a name that best represents the task so that you can differentiate it from the other tasks.

    • Public Hosted Zone: Select this if you want to synchronize data from the Azure public hosted zones. In Azure, public hosted zones contain information about routing traffic and resource record sets for domains and sub domains of queries that come from the public Internet, and are resolved within the Azure infrastructure.

    • Private Hosted Zone: Select this if you want to synchronize data from the Azure private hosted zones. In Azure, private hosted zones contain information about routing traffic and resource record sets for a domain and its sub domains of queries that come from instances and resources of any given Azure virtual network, and are resolved within one or more virtual networks.

    • Filter: You can add a filter to select a specific zone or zones for synchronization purposes. To specify multiple zones, use commas to separate the values. You can also use wildcard characters in the filter. For example, you can enter “*abc*, ab?c.com, [a-z].com” in this field.

    • Interval: Define how often you want the synchronization to happen by entering the time interval and selecting the interval unit from the drop-down list.

    • Disable Synchronization: Select this to disable synchronization for this specific task. This allows you to keep the current configuration for the task and enable it at a later time.

    • Click the Add icon again to add more tasks.
      Grid Manager displays the following information for each saved task in the Sync Tasks table:

      • Name: The sync task name.

      • Interval: The synchronization interval.

      • Filter: The filter that you entered for synchronizing data from the specified zones.

  8. Save the configuration.

Enabling Multi-Subscription DNS Synchronization on a Sync Group

When configuring Azure DNS integration in NIOS, you can configure Multi Subscription Options on an existing or a new sync group. The option enables NIOS to discover multiple subscriptions associated with a tenant’s application registered in Azure, and synchronize the DNS data. You can choose to synchronize DNS data from all or specific subscriptions associated with an Azure application.

For more information about settings defined in Azure, see Configuring Azure Environment for DNS Synchronization.

To enable the multi-subscription support, complete the following steps:

  1. Log in to Grid Manager.

  2. From the Grid tab, click the Cloud DNS tab.

  3. According to the sync group, do one of the following:

    • For an existing sync group:

      1. Select the sync group, and then click the Actions icon > Edit.
        The Cloud DNS Sync Group Properties windows is displayed.

      2. Click the Account Details tab.

    • For a new sync group:

      1. Click the Add icon and follow the steps defined in the Creating Azure DNS Sync Groups section.

      2. Go to Step 2 of 4 of the Cloud DNS Sync Wizard.

  4. Under Multi Subscription Options, configure one of the following options:

    • Discover Subscriptions: Select this option if you want a sync task to discover and synchronize DNS data from all subscriptions linked to the registered Azure application whose credentials you specified in a prior step.

    • Add or Upload Subscription IDs: Select this option to specify a list of subscriptions that a sync task must discover and synchronize DNS data from. Subscriptions that you specify must be linked to the registered Azure application whose credentials you specified in a prior step. The ways in which you can specify the subscriptions to discover are described below.

      Additionally, you can do the following:
      - Export the added data to a .csv file by clicking the Export icon.
      - Delete the account by selecting the checkbox next to the account to be removed and clicking the Delete icon.


      To add a list of subscriptions, do one of the following:

      • Upload a CSV file:

        1. Click the CSV Import icon.

        2. In the Upload dialog box, click Select to browse for the CSV file containing the list of subscription IDs that must be discovered.

        3. Select the file and click Open.

        4. Click Upload to upload the file, and then click Close.

      • Manually specify the Subscription IDs from which DNS data must be synchronized:

        1. Click the Add icon to add a row in the Account IDs table.

        2. Click the new row and specify the account ID of a child account.

        3. Repeat the previous two steps for every child account that you want to add.

  5. Click Next and perform the remaining steps explained in the Creating Azure DNS Sync Groups. section.

  6. Save the configuration.