Page tree

Contents

To import DNS zone data from Amazon Route 53 to NIOS, you must first complete a few prerequisites, as described in Prerequisites for Amazon Route 53 Integration. After you complete all the prerequisites, you must then create a sync group in which you add one or more sync tasks. For a sync group, you define the Grid member on which the synchronization occurs, the synchronization interval, the type of hosted zones to import and other configurations. For information about how to configure sync groups, see Configuring Amazon Route 53 Sync Groups.

Prerequisites for Amazon Route 53 Integration

Before you configure sync groups and sync tasks in NIOS, complete the following prerequisites:

  1. Ensure that you have installed the Cloud Network Automation license on the Grid Master. For information about licenses, refer to the Infoblox NIOS Documentation.
  2. Set up AWS user accounts and record the AWS credentials for these accounts. You may need the credentials when configuring Route 53 sync tasks. For information about how to set up AWS account, see the AWS documentation. You can also configure AWS accounts and credentials through Grid Manager, as described in Configuring AWS Access for NIOS Cloud Admins.

Note

All sync tasks in the same sync group are performed for the same AWS user account.


3. Ensure that the time on the NIOS or vNIOS appliance is synchronized with the actual time so that AWS Route 53 synchronization functions properly. You can configure NTP servers on the NIOS appliance and enable the NTP service to synchronize time on the appliance. For information about how to set up the NTP server, refer to the Infoblox NIOS Documentation.

4. Configure DNS resolvers on the Grid member that is synchronizing Route 53 data so the AWS API can reach the Route 53 endpoints. For information about how to configure DNS resolvers, refer to the Infoblox NIOS Documentation.

Configuring Amazon Route 53 on NIOS

To configure Amazon Route 53 integration, complete the following:

  1. Create an Amazon Route 53 sync group and add sync tasks to the sync group, as described in Configuring Amazon Route 53 Sync Groups.
  2. Optionally, if you want NIOS to serve DNS for the synchronized hosted zones from Amazon Route 53, configure the primary and secondary servers accordingly. For information about how to do that, refer to the Infoblox NIOS Documentation.

After you set up Amazon Route 53 integration, you can do the following:

Note

The AWS Route 53 job can get stuck during its run due to the following reasons:

  • Loss of network connectivity with the member node. To prevent this scenario, ensure that the member node is connected to the network.
  • RabbitMQ queue overflow. This can be confirmed with the error message "error:The AMQP connection was closed" found in Administration -> Logs -> Syslog in the NIOS GUI, Grid Manager. To fix this scenario, restart all NIOS services or reboot the NIOS node.


Configuring Amazon Route 53 Sync Groups

You can configure an Amazon Route 53 sync group to include multiple synchronization tasks for different hosted zones in the same Route 53 end point. Before you create a sync group, ensure that you have configured the AWS user accounts (on the NIOS appliance) you want to use for configuring sync tasks. Note that all sync tasks in the same sync group are performed for the same AWS user account. When you disable individual sync tasks, the appliance skips those sync tasks during synchronization with Amazon Route 53. For information about prerequisites, see Prerequisites for Amazon Route 53 Integration.

When you configure a sync group, you can define a network view in which synchronized data resides. You cannot change the network view for the sync group once you save the configuration. If you want to change the network view for subsequent synchronization, create a new sync group. If you want to remove stale DNS data in a specific network view, you can search by the extensible attribute "DNS Source" = "AWS Route 53" in that network view and then remove the data accordingly. You can also use the CSV Import feature to export this data for removal. For information about extensible attributes and CSV Import, refer to the Infoblox NIOS Documentation.

You can also select a specific DNS view so you can synchronize Route 53 zones and records from AWS into NIOS. This way, you can serve all those zones in a consolidated way from NIOS by querying a single Grid member. Depending on which network view you have selected, you may or may not be able to select a specific DNS view for consolidating your Route 53 zones and records. Ensure that you understand the various scenarios about how the appliance handles the consolidated data before you configure the Consolidate zone data into this DNS view option while adding or modifying a Route 53 sync group, as described in Creating Route 53 Sync Groups.

Creating Route 53 Sync Groups

To create a Route 53 sync group and add sync tasks, complete the following:

  1. Ensure that you have installed the Cloud Network Automation license on the Grid Master. For information about licenses, refer to the Infoblox NIOS Documentation.
  2. Log in to Grid Manager (the Infoblox GUI).
  3. From the Grid tab, click the Amazon tab.
  4. Expand the Toolbar and then click the Add icon.
  5. In the Add Amazon Route 53 Sync Group Wizard, complete the following:
    • Sync Group Name: Enter the name of the Amazon Route 53 sync group.
    • Disable Synchronization: Select this to disable synchronization for this sync group. This allows you to keep the current configuration, including all sync tasks in the group, and enable them at a later time.
    • Member: Click Select to choose the Grid member that will pull DNS data from Amazon Route 53. Infoblox suggests that you select a member that is not running other services and can handle the synchronization load for this feature. If you have only one Grid member in the Grid, the appliance automatically displays the member name here. Select Clear to remove the current member. You can also specify a proxy server to pull data from Amazon Route 53. For information about how to set up a proxy server, refer to the Infoblox NIOS Documentation.
    • Credentials: Select the method you want to use to authenticate the connection between the Grid member and AWS for this sync group. You can select one of the following:
      • Use instance profile: An instance profile is a container for an IAM role that you use to pass role information to an EC2 instance when the instance is up and running. Select this option if you want to collect information from AWS by waiving a user's credentials and using configuration of a predefined IAM role to get a temporary token that allows cloud API calls. Note that you must first configure the option for "instance profile" in AWS, define an IAM role in the instance profile, and then set permissions for this role before you can select this option. Otherwise, this option is disabled. When you select this, you do not need to provide user credentials.
      • Use IAM credential: Select this if you want to authenticate by using IAM roles to grant secure access to AWS resources from your EC2 instances. Click Select to choose the IAM role and use its credentials to access AWS resources from your EC2 instances when they are up and running.

For more information about instance profiles and IAM roles, refer to the AWS documentation.

    • Synchronize Route 53 data into: Select the network view to which you want the appliance to add synchronized data.
      • This network view: From the drop-down list, select the NIOS network view to which you want to add synchronized data. The default network view is displayed by default. When you select this option, you can choose to consolidate zone data into a specified DNS view by enabling the Consolidate zone data into this DNS view option and selecting a specific DNS view.

      Note

      When you synchronize Route 53 data from two or more different AWS endpoints, you must assign each AWS endpoint to a different network view.

      • The tenant's network view (if it does not exist, create a new one): This option is recommended. When you select this option, the synchronized data is saved to the tenant's network view. If the network view does not exist, the appliance creates it (only if a cloud license is installed in the Grid). The appliance uses tenant information to create a new NIOS network view for the synchronized data. For example, AWS tenants by default are associated with the 12-digit user account number (such as 2233441247523), which is the identifier for all objects that are created by that account in AWS. This tenant value becomes the identifier for the new network view as its data is synchronized.

      Note

      You cannot modify the network view selection once you save the configuration. Create a new sync group if you want to change the network view. When you remove an old sync task from a sync group, the data remains in the database and you can manually remove the old data by searching for all Route 53 zones that are associated with a particular network view; or you can use CSV import and export the stale data you want to remove from the database.

  • Consolidate zone data into this DNS view: Depending on which network view you have selected to synchronize Route 53 zone data, you may or may not be able to select a specific DNS view to which the zone data is being synchronized and consolidated. Note that NIOS supports up to 19 VPCs per zone. Consider the following scenarios before selecting or deselecting this option:
    • If you have selected a NIOS network view to add synchronized DNS data, you can select a specific DNS view to which you add the synchronized Route 53 zone data. When you select this option, all zone data will be synchronized into the selected DNS view. If there are duplicate zones, the appliance places them in an order based on their VPC names and adds the first duplicate zone to the corresponding DNS view (depending on your configuration). It then creates new DNS views for subsequent zones that have the same zone name. For example, if your DNS view is "corp100view", the first duplicate zone is added to "corp100view", the second duplicate zone to "corp100view_1", and so on until all duplicate zones are added to their corresponding DNS views.
      If you choose to synchronize Route 53 data into a NIOS network view but you do not select this option, you are not allowed to select a specific DNS view and the appliance synchronizes all private zones into a newly created DNS view using the name "private%", where % stands for the key of the DNS view. A new DNS view is created for each VPC in which the zones reside. On the other hand, all public zones are synchronized into the default DNS view, and all duplicate zones are ignored.
    • If you have selected to add synchronized DNS data to a tenant's network view, you are not allowed to select a specific DNS view for the synchronized data. In this case, the appliance synchronizes all private zones into a newly created DNS view using the name "private%" where % stands for the key of the DNS view. A new DNS view is created for each VPC in which the zones reside. On the other hand, all public zones are synchronized into the default DNS view, and all duplicate zones are ignored.

      Note

      You must not perform a Route 53 sync on multiple DNS views that reside in the same network view. Performing a Route 53 sync in more than one DNS view deletes the data from the other DNS views in which synchronization has taken place. To prevent this, create multiple network views each having a single DNS view and perform Route 53 sync on each of the DNS views.

  • Comment: Enter additional information about this sync group. In the Sync Tasks section, do the following:

    Note

    All sync tasks in the same sync group are performed for the same AWS user account. Create a new sync group if you want to synchronize data using another AWS user account.

  • Sync Tasks: Click the Add icon to add a sync task to this group. Grid Manager displays the Add Sync Task panel. Complete the following in the panel and then click Add to add the task to the Sync Tasks table:
    • Name: Enter the name of the sync task. Use a name that best represents the task so you can differentiate it from other tasks.
    • Public Hosted Zone: Select this if you want to synchronize data from the Route 53 public hosted zones. In Amazon Route 53, public hosted zones contain information about routing traffic and resource record sets for domains and sub domains of queries that come from the public Internet and are resolved within the AWS infrastructure.
    • Private Hosted Zone: Select this if you want to synchronize data from the Route 53 private hosted zones. In Amazon Route 53, private hosted zone contain information about routing traffic and resource record sets for a domain and its sub domains of queries that come from instances and resources of any given AWS VPCs and are resolved within one or more AWS VPCs.
    • Filter: You can add a filter to select a specific zone or zones for synchronization purposes. To specify multiple zones, use commas to separate the values. You can also use wildcard characters in the filter. For example, you can enter “*abc*, ab?c.com, [a-z].com” in this field.

    • Interval: Define how often you want the synchronization to happen by entering the time interval and selecting the interval unit from the drop-down list.
    • Disable Synchronization: Select this to disable synchronization for this specific task. This allows you to keep the current configuration for the task and enable it at a later time.

Click Add to save the sync task. Click the Add icon again to add more tasks. Grid Manager displays the following information for each saved task in the Sync Tasks table:

  • Name: The sync task name.
  • AWS User: The AWS credential for this task.
  • Interval: The synchronization interval.
  • Filter: The filter you entered for synchronizing data from specified zones.

6. Save the configuration.

  • No labels

This page has no comments.