Page tree

Contents

If your network infrastructure consists of an on-prem Infoblox Grid, you can select any Grid member to function as a DNS forwarder. Ensure that you configure your firewall to allow that Grid member to communicate with external DNS servers and enable DNS recursion on the member. You can define a list of forwarders for the entire Grid, individual Grid members, or individual DNS views. 

Domain Forwarding Proxy (DFP) in NIOS is the preferred way to connect to the Grid. DFP is a NIOS service and it automatically handles DNS query forwarding. You can start and stop the DFP service just like other NIOS services. You can configure the connection between NIOS and BloxOne Threat Defense Cloud Services Portal by using the new CSP Config tab in Grid Properties Editor or Grid Member Properties Editor. For additional information on DFP and how forwarding works when using NIOS 8.5, see Enabling a Grid Member to Forward Recursive Queries to BloxOne Threat Defense in the NIOS 8.5 documentation.

A recursive query requires the appliance to return requested DNS data, or locate the data through queries to other servers. When a NIOS appliance receives a query for DNS data it does not have and you have enabled recursive queries, it first sends a query to any specified forwarders. If a forwarder does not respond (and you have disabled the Use Forwarders Only option in the Forwarders tab of the Member DNS Properties editor), the appliance sends a non-recursive query to specified internal root servers. If no internal root servers are configured, the appliance sends a non-recursive query to the Internet root servers. For information on specifying root name servers, see About Root Name Servers.

You can enable recursion for a Grid, individual Grid members, and DNS views. For information about enabling recursion in a DNS view, see Configuring DNS Views. If you do not enable recursion, the appliance denies recursive queries from all clients.

Warning
On the on-prem host, if you have configured delegations in your subzones, ensure that you select the "Don't use forwarders to resolve queries in subzones" checkbox when you configure the parent’s authoritative zone properties. Otherwise, delegations will not function properly. Because forwarding has precedence over delegation, the query will be sent to the BloxOne Threat Defense Cloud instead of the delegated servers. For information about how to configure authoritative zone properties, see Configuring Authoritative Zone Properties. For information about delegations, see About Authority Delegation.


For information on enabling recursive queries using Grid Member, NIOS 8.5, or NIOS 8.4, see the following:

  • Enabling a Grid Member to Forward Recursive Queries to BloxOne Threat Defense Using DFP

DFP is a NIOS service which automatically handles DNS query forwarding. You can start and stop the DFP service just like other NIOS services. You can configure the connection between NIOS and BloxOne Threat Defense Cloud Services Portal by using the CSP Config tab in Grid Properties Editor or Grid Member Properties Editor. To enable a Grid member to forward recursive queries to BloxOne Threat Defense, see Enabling a Grid Member to Forward Recursive Queries Using DFP.

  • Enabling Recursive Queries in NIOS 8.5

To enable recursion on the Grid or member in NIOS 8.5, see Enabling Recursive Queries in NIOS 8.5.

  • Enabling Recursive Queries in NIOS 8.4

To enable recursion on the Grid or member in NIOS 8.4, see Enabling Recursive Queries in NIOS 8.4.


  • No labels

This page has no comments.