When you deploy DNS forwarding proxy, you can configure the service either on a standalone on-prem host or on NIOS.
On a standalone DNS forwarding proxy, you can configure internal domains and have queries for these domains sent to local resolvers, instead of BloxOne cloud. However, if you configure DNS forwarding proxy on NIOS, queries for these internal domains are sent to BloxOne cloud, rather than to local resolvers. Therefore, for DNS forwarding proxy on NIOS, NXDOMAIN/SERVFAIL responses are sent to the DNS client because these domains do not exist in the cloud.
For standalone DNS forwarding proxy, if you want to add internal domains, you must also add local resolvers to update the DNS forwarding proxy configuration in the cloud. On the other hand, for DNS forwarding proxy on NIOS, you are unable to specify a local DNS resolver because DNS forwarding proxy on NIOS does not have a configuration to specify local resolvers. When you add a name server in the Name Server for DNS Forwarding Proxy field, the name server is used as a DNS resolver for internal name resolution, not for internal or bypass domains. As a result, for NIOS server on which DNS forwarding proxy is configured, Infoblox recommends that you create authoritative or forward zones for these internal domains. For more information, see Configuring DNS Zones.
The DNS Forwarding Proxy service must be enabled prior to adding an internal domain list.
To add local resolvers and internal domains to the DNS forwarding proxy, complete the following:
- From the Cloud Services Portal, click Manage -> On-Prem Hosts.
- On the On-Prem Hosts page, select the on-prem host on which you have enabled the DNS forwarding proxy service.
- Click the Service -> DNS Forwarding -> Configure in the Action bar at the top of the page to open the DNS Forwarding Proxy page.
- In the DNS Forwarding Proxy dialog, expand the Local Resolvers section, click Add, and complete the following:
- IP ADDRESS: Enter the IP address for the DNS local resolver.
- LOCAL RESOLVER: Move the switch to Enable to use this IP address as the local resolver for internal domains.
- DNS FALLBACK: Move the switch to Enable to use this IP address as DNS fallback. For more information, see DNS Forwarding Proxy Fallback to Local DNS Server.
- To add internal domains, expand the Internal Domain Lists section, click Add, and complete the following:
NAME: Choose a domain or CIDR you want to add as an internal domain. For information about internal domains, see Configuring Internal Domains.
By default, when a new DNS forwarding proxy is created, the default internal domains list is already associated with it. A maximum of 3000 internal domains can be synced or associated with a DNS forwarding proxy.
To add multiple local resolvers or internal domains, click Add again in the respective sections.
- Click Save & Close to save your configuration.
This page has no comments.