2566 - Verifying DNS Traffic Control Configuration
This lab requires a NIOS 9.0 Lab Environment
This lab guide has been developed using the new NIOS 9.0 Lab Environment (experimental) lab. Please ensure that you deploy a NIOS 9.0 lab environment to complete these lab tasks. If you use a different lab environment, this is untested, and the lab likely will not work.
Scenario
Your organization is implementing DNS Traffic Control (DTC) to enhance DNS query handling. You are tasked with confirming that DTC licenses are active for key Grid Members and verifying that the Traffic Control option is accessible in the UI. You will also review permissions for the DTC Admin role. Additionally, you will check that DTC data is indexed for reporting and configure the specific behavior for DNS queries when no DNS Traffic Control responses are available, along with confirming DNSSEC settings specific to DTC.
Estimate Completion Time
10 to 15 minutes
Credentials
Description | Username | Password | URL or IP |
|---|---|---|---|
Grid Manager UI | admin | infoblox |
Requirements
Administrative access to the Grid
Lab Initiation
Access jump-desktop
Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:
Username: training
Password: infoblox
Initiate lab
To initiate the lab, double-click the Launch Lab icon on the Desktop.
Launch Lab
Choose the lab number from the list and click OK.
After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.
Lab initiation will take a couple of minutes to finish.
Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.
Tasks
Task 1: Confirm DNS Traffic Control License Installation
Ensure the Grid Members , ibns1.techblue.net and ibns2.techblue.net have DNS Traffic Control (DTC) license added. After confirming the licenses, you will verify that the Traffic Control option is available in the Grid Manager UI.
Task 2: Review Permissions Assigned to the DTC Admin Role
Review the permissions assigned to the DTC Admin role to understand what actions this role can perform on the Grid.
Task 3: Verify Reporting Indexing for DTC
Confirm that DNS Traffic Control data is indexed for reporting. Ensure that DTC indexing is set to 10% in the lab environment.
Task 4: Verify Fallback and DNSSEC Settings for DTC
In this task, you will confirm that the Grid is configured to return DNS responses when DTC responses are unavailable. Also, verify that signed responses are configured to be returned for DNSSEC-signed zones.
Solutions
Task 1 Solution: Confirm DNS Traffic Control License Installation
To ensure DTC functionality is enabled, verify that both ibns1.techblue.net and ibns2.techblue.net have active DTC licenses.
Log in to the Grid Manager web interface.
Navigate to Grid → Licenses.
Click Show Filter, select Feature equals DNS Traffic Control, and click on Apply.
Verify that DTC licenses are applied to ibns1.techblue.net and ibns2.techblue.net.
.png?inst-v=e318b8e2-a160-48cc-bdb4-50693d73aed1)
If DTC licenses are missing:
Click the + symbol to add the DTC license.
Select the Upload License File option and click Select File.
Navigate to shared Drive/Licenses, select DTC.txt, and click Open.
Click Verify Licenses(s).
.png?inst-v=e318b8e2-a160-48cc-bdb4-50693d73aed1)
On the Verify Licenses(s) window, click Save All Valid License(s)
Click Filter On and use Quick Filter again to verify that both members have active DTC licenses.
Once licenses are confirmed, Navigate to Data Management → DNS.
Verify that the Traffic Control option is available in the UI.
.png?inst-v=e318b8e2-a160-48cc-bdb4-50693d73aed1)
Task 2 Solution: Review Permissions Assigned to the DTC Admin Role
To verify the permissions assigned to the DTC Admin role, follow these steps:
Navigate to Administration → Administrators → Permissions.
Select the DTC Admin role from the list of Roles.
.png?inst-v=e318b8e2-a160-48cc-bdb4-50693d73aed1)
Review the permissions assigned to this role and note what actions it can perform related to DNS Traffic Control.
Task 3 Solution: Verify Reporting Indexing for DNS Traffic Control
Use the steps below to verify that the indexing setting for DNS Traffic Control is configured at 10%.
Navigate to Grid → Grid Manager and select the Reporting service.
Click Edit from the toolbar to open the Grid Reporting Properties window.
.png?inst-v=e318b8e2-a160-48cc-bdb4-50693d73aed1)
Scroll down to confirm that the Index percentage for DNS Traffic Control is set to 10.
.png?inst-v=e318b8e2-a160-48cc-bdb4-50693d73aed1)
Click Save and Close.
Task 4 Solution: Verify Fallback and DNSSEC Settings for DNS Traffic Control
To verify Fallback and DNSSEC settings for DNS Traffic Control, follow these steps:
Navigate to Data Management → DNS
Click Grid DNS Properties from the toolbar.
Select Traffic Control section.
.png?inst-v=e318b8e2-a160-48cc-bdb4-50693d73aed1)
Check the following settings:
Verify ‘Return DNS responses if there are no DNS Traffic Control responses available’ setting is selected.
Under Return the following type of response from DNSSEC signed zones, confirm that Signed is selected.
Click Save & Close.