Page tree

Contents

When you schedule a full upgrade from NIOS 6.6.x or later to a later NIOS release, the Grid Master immediately replicates the following to the Grid members, including those that have not been upgraded:
DNS resource records, DNS zones, DNS views, name server groups, shared record groups, IPv4 and IPv6 host addresses, roaming hosts, IPv4 and IPv6 networks, IPv4 and IPv6 shared networks, fixed addresses, DHCP ranges, DHCP failover association, DHCP option spaces, DHCP options, DHCP filters, MAC filter items, blacklist & NXDOMAIN rules, DNSSEC key pairs, DNSSEC import keyset operation, sign and unsign zones, DNSSEC rollover KSK and ZSK operations.
You can also perform the following tasks:

  • Upgrade a specific member during the scheduled Grid upgrade. For information about how to upgrade a single member during a scheduled Grid upgrade, see Upgrading a Single Member Immediately.
  • Revert a single member that has already been upgraded so you can troubleshoot issues, such as service outages, on the specific member. You can then reschedule its upgrade. For more information, see Reverting a Single Member.
  • Clear authentication cache and authentication records.
  • Perform AD (Active Directory) configurations. Note that you must upload the keytab file before the upgrade starts.

When you schedule a full upgrade for your Grid, ensure that you understand the following restrictions related to service restarts:

  • When upgrading from NIOS 7.1.x or earlier releases to any NIOS releases, you will not be able to restart services on Grid members that have not been upgraded.
  • When you upgrade from NIOS 7.2.7 or earlier 7.2.x releases to NIOS 7.3.3 and earlier 7.3.x releases, you will not be able to restart services on Grid members that have not been upgraded. If necessary, you may use the restart service CLI command to manually restart services on the Grid members that have not been upgraded.
  • When you upgrade from NIOS 7.2.7 and earlier 7.2.x releases to NIOS 7.2.8 and later releases or NIOS 7.3.4 and later releases, you will be able to restart services.

Note

The service restart restriction does not exist for future scheduled full upgrades once your Grid has been upgraded to NIOS 7.3.0 and later 7.3.x releases.

The appliance also puts certain rules in place to ensure data integrity and controls data that can cause undesirable results during the upgrade process. When you schedule a full upgrade from NIOS 6.6.x or later to a later NIOS release, the following rules apply:

  • You cannot modify member properties for the following: DNS, DHCP, TFTP/HTTP/FTP, bloxTools, Captive Portal, Reporting, and load balancing until the member has completed the upgrade and exited its revert time windows.
  • You cannot delete DNS views.
  • You cannot delete DNS zones and IPv4 and IPv6 networks that are under Microsoft Management until the managing member of the Microsoft servers has completed its upgrade and exited its revert time window. Certain Microsoft management restrictions also apply, as described in Managing Upgrade Groups.
  • Synchronization between load balancers and the appliance is disabled until the load balancer managing member has completed its upgrade and exited its revert time window. You cannot change the managing member during the upgrade.
  • You cannot add, modify, or delete network views, rulesets, and DNS64 synthesis groups.
  • Replication of Grid and member DNS and DHCP properties is not supported.
  • You can create named ACLs (access control lists) only after the entire Grid has been upgraded. For information about named ACLs, see Configuring Access Control.

During a scheduled full upgrade from a previous NIOS release to later releases, the Grid Master skips those Grid members that do not complete their NIOS upgrade within 10 minutes, which is the default upgrade policy time, and moves to the next Grid member as per the upgrade schedule.

Note that during a scheduled full upgrade, you cannot perform the following tasks on a Grid member that has not been upgraded yet:

  • Start or stop the DNS and DHCP services on members that have not been upgraded, have been reverted, or are in the revert time window.
  • Import the DHCP lease history file
  • Use the DHCP expert mode configuration feature
  • Clear the NAC authentication cache of a DHCP member
  • Set the time zone for a Grid member
  • View the capacity report of a Grid member
  • Test the email configuration settings of a Grid member
  • Check whether an IPv6 address is already configured on a Grid member

When you schedule a full upgrade from a previous NIOS release to a release that includes the DHCP fingerprint detection feature, the following rules apply until the entire Grid has been upgraded:

  • DHCP fingerprint detection is disabled
  • You cannot add DHCP fingerprint filters
  • You cannot apply DHCP fingerprint filters to any DHCP address range

When you schedule a full upgrade from a previous NIOS release to a release that includes the multi-primary zone feature, the following rules apply until the entire Grid has been upgraded:

  • You cannot configure multiple primary servers for an authoritative zone or configure a name server group that contains multiple primary servers.
  • You cannot assign or unassign a Grid member to an authoritative zone or name server group.
  • You cannot change the stealth state of an authoritative zone or name server group.

When you schedule a full upgrade from a previous NIOS release to a release that includes the Infoblox Threat Protection feature, you cannot complete the following on a Grid member until the member has completed the upgrade:

  • Start or stop the Threat Protection and DNS services.
  • Activate a ruleset.
  • Perform any threat protection related tasks such as adding custom rules and activating rulesets.

Before scheduling a full upgrade from a previous NIOS release to a release that includes the IPv6 Grid feature, the following rules apply:

  • If the Grid has an HA Master or HA member and if it is configured with IPv6 VIP address, you must configure IPv6 addresses for both node 1 and node 2.
  • Both the Grid Master and the Grid Master Candidate should have the same type of network connectivity.
  • You have to back up the current configuration and database.

When you schedule a full upgrade from a previous NIOS release to a release that includes the Secure Dynamic Updates feature, the following rules apply until the Grid has completed the upgrade:

  • All dynamic updated records are labelled as static records. Infoblox suggests that you enable this feature only after all records are changed to Dynamic.
  • NIOS tags the RRsets that are not auto-generated as static records. For information about Secure Dynamic Updates, see Secure Dynamic Updates.

When you schedule a full upgrade from a previous release to NIOS 7.2.x or 7.3.x, the following rules apply until the entire Grid has been upgraded:

  • You cannot add, modify, or delete an NS group.
  • You cannot add, modify, or delete manually created NS records.
  • You cannot add, modify, or delete a zone.
  • You cannot assign or unassign an NS group to a zone.
  • You cannot change the NS group assigned to a zone.
  • You cannot change the host name of the Grid members that are assigned to a zone if the members have not been upgraded, have been reverted, or are in the revert time window.
  • You cannot restart DNS and DHCP services or schedule a restart for these services on Grid members that have not been upgraded. For more information, see Restarting Groups.

Note the following when you schedule a full upgrade from a previous release to NIOS 7.2.x and later:

  • You cannot start or stop the DNS and DHCP services.
  • You must not modify the settings for automated mitigation of phantom domain attacks using the CLI commands on a Grid member until the member has completed the upgrade. Otherwise, the changes made during the upgrade may get lost.

When you schedule a full upgrade from a previous NIOS release to NIOS 7.3.x or later that includes the DNS Traffic Control feature, the following rules apply until the entire Grid has been upgraded:

  • You cannot add an SNMP health monitor.
  • You cannot configure the All available load balancing method for a DTC pool.
  • The record types are reset to default record types (A and AAAA records) and you cannot modify the record types for an LBDN.

Note the following when you upgrade a Grid which includes members that support Infoblox Advanced DNS Protection:

  • When you schedule a full upgrade from a previous NIOS release to NIOS 7.3.x or later, the Threat Protection Statistics widget in the Dashboard is replaced by the Threat Protection Status for Member widget. For information about the Threat Protection Status for Member widget, see Threat Protection Status for Member.
  • When you schedule a full upgrade from NIOS 7.3.x release to NIOS 8.0.x and later releases, the Dig Request, Threat Analytics Status for Grid, and Threat Analytics Status for Member widgets will not be available in the Dashboard, by default. You have to add the widget to the Dashboard. But if you upgrade from NIOS 7.2.x or earlier releases to NIOS 8.0.x and later releases, the Dig Request, Threat Analytics Status for Grid, and Threat Analytics Status for Member widgets will be available in the Dashboard, by default. For information about the Dig Request, Threat Analytics Status for Grid, and Threat Analytics Status for Member widgets, see Dig Request, Threat Analytics Status for Grid, and Threat Analytics Status for Member respectively.

Upgrading Parental Control at DNS Cache Acceleration

Upgrading Infoblox subscriber services parental control at DNS Cache Acceleration using cached domain and subscriber data has the following restrictions:

  • Upgrade subscriber services using a staged upgrade. This will not affect subscriber data.
  • You must update parental control category data download credentials after the upgrade.
  • When you upgrade, designate a few members per site to run garbage collection as subscriber services does not perform garbage collection.
  • Restrictions when upgrading subscriber sites:
    • You cannot add or remove members from a site during an upgrade.
    • You cannot stop or start a subscriber secure service during an upgrade.
    • You cannot change any subscriber service configuration during an upgrade.

Microsoft Management Rules

On a member that synchronizes data with Microsoft DNS and DHCP servers, the following functions are deactivated during an upgrade:

  • Synchronization of Microsoft DNS and DHCP data
  • Rotation of Microsoft logs
  • Start and stop of Microsoft servers
  • Releases of DHCP leases from a Microsoft DHCP server

Note

The deactivation of these functions does not affect any data on the Microsoft servers. After the upgrade, the member automatically restarts the synchronization of Microsoft data.

On a member that synchronizes data with Microsoft DNS and DHCP servers, the following rules apply:

  • You cannot modify the managing member if the old and new members have not been upgraded and have not exited their revert time windows.
  • You cannot add, modify, or delete zones, IPv4 DHCP ranges, and IPv4 networks until the managing member has been upgraded and exits the revert time window.
  • You cannot add, modify, or delete DNS resource records if the associated zone is managed by a Microsoft server and the managing member is still in its revert time window.
  • You cannot add, modify, or delete fixed addresses that are assigned to a Microsoft server and the managing member is still in its revert time window.
  • You must wait until the new managing member is upgraded to configure it as a DNS primary or secondary.

This page has no comments.