Skip to main content
Skip table of contents

2558 - Navigating DNS Views in NIOS

Scenario

Your organization utilizes DNS views to differentiate network traffic. VPN clients access the VPN DNS view, while external clients use the Default DNS view. This lab examines how DNS views function by verifying DNS resolution for both client types and analyzing query logs to understand the resulting DNS responses.

Estimate Completion Time

25 to 35 minutes

Credentials

Description

Username

Password

URL or IP

Grid Manager UI

admin

infoblox

https://10.100.0.100/

Requirements

  • Administrative access to the Grid

Course References

  • 2015: Configuring NIOS DNS Views

  • 2307: Exploring ACLs and DNS Views

Lab Initiation

Access jump-desktop

Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:

Username: training

Password: infoblox

Initiate lab

To initiate the lab, double-click the Launch Lab icon on the Desktop.

Launch Lab

Launch Lab

Choose the lab number from the list and click OK.

After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.

Lab initiation will take a couple of minutes to finish.

Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.

Screenshot 2024-05-06 at 3.16.57 PM.png

Tasks

Here we use the VM testing-windows as a client connected over VPN, and the VM jump-desktop is used to simulate a client not on VPN.

Task 1: Check DNS Resolution on Jump-Desktop

Log in to the VM Jump-Desktop. Use the dig command to look up www.techblue.net. Observe the IP address returned by the DNS server.

Task 2: Check DNS Resolution on Testing-Windows

Log in to the VM testing-windows. Use the nslookup command to look up www.techblue.net. Observe the IP address returned by the DNS server.

Task 3: Review the DNS Views Configured in NIOS GUI

Log in to the Grid Manager web interface. Navigate to Data Management → DNS. Check the DNS views configured as “VPN” and “default”.

Task 4: Review Query and Response Logs

Log in to the GM web interface. Navigate to Data Management → DNS → Logs. Check the query and response logs for entries from tasks 1 and 2.

Solutions

Task 1 Solution: Check DNS Resolution on Jump-Desktop

To verify DNS resolution on the jump-desktop VM, follow these steps:

  1. Log in to the VM jump-desktop.

  2. Open the Terminal application on the application taskbar.

  3. Use the dig command to verify DNS lookup behavior:

    CODE 
    $ dig @10.100.0.105 www.techblue.net. +short
128.171.133.11

  4. Verify the answer returned contains only a public IP address.

Task 2 Solution: Check DNS Resolution on Testing-Windows

To verify DNS resolution on the testing-windows VM, follow these steps:

  1. Switch to the testing-windows VM.

  2. Launch a Command Prompt window.

  3. Use the nslookup command to verify DNS lookup behavior:

    CODE 
    C:\Users\training>nslookup www.techblue.net.
Server:  ibns1.techblue.net
Address:  10.100.0.105

Name:    www.techblue.net
Address:  10.100.0.11

  4. Verify the answer returned contains only a private IP address.

The DNS lookups for www.techblue.net in Tasks 1 and 2 demonstrate how DNS views provide different responses based on the client's connection.

Task 3 Solution: Review the DNS Views Configured in NIOS GUI

To review the current DNS views configuration, follow these steps:

  1. Log in to the GM web interface.

  2. Navigate to Data Management → DNS → Zones.

  3. Verify that the “VPN” and “default” views are configured.

    4-20240807-133046.png

  4. Select the view VPN and click Edit.

  5. In the view settings, check the Match Clients configuration.

  6. Repeat steps 4 and 5 for the default view.

You will notice that the VPN view has a match-client rule for clients from a particular network, allowing the DNS server to provide different responses based on the client's network segment. This is typically configured using a set of Access Control Entries (ACEs) to define which clients fall under the VPN view. For example, clients from the 172.31.101.0/24 network are matched to the VPN view, ensuring they receive internal IP addresses for specific DNS queries.

25.png

Task 4 Solution: Review Query and Response Logs

To review the query and response logs, follow these steps:

  • Log in to the GM web interface.

  • Navigate to Administration → Log → Syslog.

  • Select member ibns1.techblue.net and select DNS View Filter from the quick filter.

In the logs, you should see entries indicating the different responses provided based on the client's IP address.

Screenshot_2024-08-07_14-30-27 (1)-20240807-145007.png

These entries show how the DNS server provided different answers to different clients, depending on which DNS view was used. The logs will capture details such as the querying client's IP address, the query itself, and the response provided, illustrating how DNS views are applied in real-time.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close