Skip to main content
Skip table of contents

2552 - Configuring DNS default forwarders in NIOS with fallback to root

Scenario

The NIOS Grid you are responsible for has two members performing recursive lookups. Currently, they are configured to query the DNS root servers directly. Due to architectural changes, your team has decided to forward all recursive queries to 2 external IP addresses provided by your DNS service provider. Please make the necessary configurations in the NIOS Grid.

Estimate Completion Time

10 to 20 minutes

Credentials

Description

Username

Password

URL or IP

Grid Manager UI

admin

infoblox

https://10.100.0.100/

Requirements

Administrative access to the Grid

Course References

  • 2009: Configuring NIOS DNS Services

  • 2023: Configuring NIOS DNS Zones

Lab Initiation

Access jump-desktop

Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:

Username: training

Password: infoblox

Initiate lab

To initiate the lab, double-click the Launch Lab icon on the Desktop.

Launch Lab

Launch Lab

Choose the lab number from the list and click OK.

After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.

Lab initiation will take a couple of minutes to finish.

Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.

Screenshot 2024-05-06 at 3.16.57 PM.png

Tasks

Task 1: Adding default forwarders for DNS members

The IP addresses from your DNS providers are 8.8.8.8 and 9.9.9.9. Please add these as the Forwarders for your members ibns1 and ibns2.


Solutions

Why configure this at the member level? You might be wondering why we are repeating the same set of steps twice, once on each member. Why can’t we just do this once at the Grid level? We could, but that will apply this setting to every member on the Grid. That is rarely the case when configuring something like enabling DNS forwarding. This is usually configured on a per-member basis. Our instructions assume this common use-case.

Task 1 Solution: Adding default forwarders for DNS members

Follow the steps below to add default forwarders for ibns1 and ibns2 to forward all recursive queries to the IP address 8.8.8.8 and 9.9.9.9.

  1. Navigate to Data Management → DNS → Members

  2. Check the box next to the member (such as ibns1.techblue.net or ibns2.techblue.net) and click Edit

  3. This displays the Member DNS Properties dialog window. Click on the Forwarders tab.

  4. Click the Override button.

  5. Click + to add a row. In the empty Address field, enter the address 8.8.8.8.

  6. Click + to add another row. In the empty Address field, enter the address 9.9.9.9.

  7. Leave the checkbox next to Use Forwarders Only unchecked. (See notes below).

  8. Click Save & Close

  9. Do not restart service yet, repeat the same steps on the second member.

After you have updated both ibns1 and ibns2, restart Grid services following the system banner across the top of the screen.

Use Forwarders Only. This checkbox controls the behavior of the NIOS member whether or not to fall back to using the DNS root servers for name resolution. When this box is checked, NIOS will only use the forwarder(s) defined in the section above. When this box is unchecked, NIOS will prefer the forwarder(s) defined above and fall back to using the root servers if needed. In this scenario, since we are forwarding to external or public IP addresses, this implies the NIOS members already have Internet access. Thus, it makes sense to assume that if the forwarders (8.8.8.8 and 9.9.9.9 in this case) become unreachable, the NIOS members (ibns1 and ibns2) has the ability to fall back to querying the root servers directly.

Ultimately, the decision whether or not to check this box is up to you. There is no right or wrong answer, it’s how you want your DNS resolution to behave. If you want all queries to only go through the forwarder (8.8.8.8 and 9.9.9.9 in this case), then you can check the box. With the box checked, should 8.8.8.8 and 9.9.9.9 become unreachable, your DNS members (ibns1 and ibns2) will stop resolving domain names that require recursion (i.e. domain names that are outside of the Grid).

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.