Skip to main content
Skip table of contents

2573 - Configuring DNS Services in Universal DDI

Scenario

You have just deployed two NIOS-X servers, oph1 and oph2. You need to enable and configure DNS services on these servers so you may use them to perform DNS lookups for external domain names, such as training.infoblox.com. For security considerations, only clients from the internal subnets can perform DNS lookups.

Estimated Completion Time

  • 20 to 30 minutes

Prerequisites

Course References

  • 2159: BloxOne DDI Configuring DNS Services

Tasks

  1. Creating DNS service instances for NIOS-X servers oph1 and  oph2.

  2. Configuring DNS hostnames for each service instance.

  3. Creating a Named ACL.

  4. Creating a DNS Config Profile with recursion enabled.

  5. Associating the DNS Config Profile with the DNS service instances.

  6. Verifying recursive DNS resolution on a client.

Task 1: Creating DNS service instances for NIOS-X servers

We do not have any DNS Service Instances ready to use yet. We can use our two online BloxOne Hosts as DNS nameservers for our clients. Create two DNS Service Instances for each of our BloxOne Hosts oph1.techblue.net and oph2.techblue.net. Name the Service Instances Techblue DNS service 1 and Techblue DNS service 2.

Task 2: Configuring DNS hostnames for each service instance

Our new DNS service instances need resolvable names. Use oph1.techblue.net and oph2.techblue.net for the respective service instances.

Task 3: Creating a Named ACL

We only want to allow trust subnets to use our DNS services. Create a Named ACL Training Subnets. We will use this profile later to restrict recursion:

Table 2573-1

Type

Value

Permission

IPv4 Network

172.31.0.0/16

Allow

IPv4 Network

10.100.0.0/24

Allow

IPv4 Network

10.200.0.0/24

Allow

Task 4: Creating a DNS Config Profile with recursion enabled

DNS Config Profile controls DNS server settings such as recursion. Create a profile called Techblue NYC Branch and configure it to allow recursion from the subnets we specified in the Named ACL Training Subnets.

Task 5: Associating the DNS Config Profile with the DNS service instances

Associate the DNS Config Profile to the DNS service instances so the DNS servers will apply the access control list and recursion settings.

Task 6: Verifying recursive DNS resolution on clients

Use the virtual machines jump-desktop and testing-linux to verify that the DNS resolution works as intended. Use the command sudo set-network-static-bloxone to set the IP address on the virtual machine and to allow a route to the DNS servers. Lookup names on the Internet such as training.infoblox.com.

Solutions

Task 1 Solution: Creating DNS service instances for NIOS-X servers

  1. Log into your lab’s jump-desktop.

  2. Use your Education Infoblox Portal Credentials to log into the Infoblox Portal.

  3. Navigate to ConfigureService DeploymentProtocol Services.

  4. Click on Create Service and choose DNS from the drop-down menu. This opens the Create DNS Service dialog window.

    Task1-1.png

  5. For the Name field, enter Techblue DNS Service 1.

  6. Click Select Server and choose oph1.techblue.net. Click the Select button.

  7. In the Create DNS Service dialog window, click Finish.

    Task1-2.png

  8. Review the setting and click Save & Close.

    Task1-3.png

  9. Repeat steps 4 to 8 to add another service instance named Techblue DNS Service 2 for the server oph2.techblue.net.

  10. The services take a few minutes to start the first time. Do not be alarmed if you see the Error state. Refresh the screen after a few minutes, and you should see the servers online and services started.

    Task1-4.png

Task 2 Solution: Configuring DNS hostnames for each service instance

  1. In the Infoblox Portal, navigate to ConfigureNetworkingDNS. Select the DNS Servers horizontal tab.

  2. Click the menu (hamburger icon) next to the service instance and click Edit.

    Task2-2.png

    • Edit Techblue DNS Service 1 so its DNS Name is oph1.techblue.net.

    • Edit Techblue DNS Service 2 so its DNS Name is oph2.techblue.net.

  3. Click Save & Close. The screenshot below shows both service instances with names updated.

    Task2-3.png

Task 3 Solution: Creating a Named ACL

  1. In the Infoblox Portal, navigate to ConfigureNetworkingDNS. Select the Access Control Lists horizontal tab.

  2. Click Create Named ACL. This brings up the Create Named ACL dialog window.

  3. Set the name to Training Subnets.

  4. In the List section:

    • Click Add and set a Type of IPv4 Network, Value 172.31.0.0/16, and Permission Allow.

    • Click Add and set a Type of IPv4 Network, Value 10.100.0.0/24, and Permission Allow.

    • Click Add and set a Type of IPv4 Network, Value 10.200.0.0/24, and Permission Allow.

  5. Review the settings and click Save & Close.

    Task3-1.png

Task 4 Solution: Creating a DNS Config Profile with recursion enabled

  1. In the Infoblox Portal, navigate to ConfigureNetworkingDNS. Select the DNS Config Files horizontal tab.

  2. Click Create DNS Config Profile. This brings up the Create DNS Config Profile dialog window.

  3. Set the profile name to Techblue NYC Branch.

  4. Expand the Allow Queries From section. Slide the Override bar. Click Add. Add an entry of Type Named ACL and Value Training Subnets. (This is what you configured in Task 3)

    Task4-1.png

  5. Scroll down and expand the Recursion section. Slide the Override bar and check the box for Allow Recursion.

    Task4-2.png

  6. Scroll down to the section Allow Recursive Queries From. Slide the Override bar and click Add. Add an entry of Type Named ACL and Value Training Subnets. (This is what you configured in Task 3)

    Task4-3.png

  7. Click Save & Close.

Task 5 Solution: Associating the DNS Config Profile with the DNS service instances

  1. Click on the menu icon next to the profile we just created (TechBlue NYC Branch) and select Edit.

  2. In the section Service Instances:

    • Click Add. Choose Techblue DNS Service 1 and click Select.

    • Click Add. Choose Techblue DNS Service 2 and click Select.

  3. Review the settings and click Save & Close.

    Task5-1.png

Task 6 Solution: Verifying recursive DNS resolution on clients

  1. On the virtual machine jump-desktop, open a Terminal window.

  2. Use the commands dig @10.100.0.110 training.infoblox.com. and dig @10.200.0.110 training.infoblox.com. to query oph1 and oph2. Since the named ACL is applied, we should receive the REFUSED status code.

    Task6-2.png

  3. Switch to the virtual machine testing-linux. Open a Terminal window.

  4. Use the command sudo set-network-static-bloxone to configure the machine with a static IP address. This removes DHCP from our test.

  5. Use the following dig commands to query oph1 and oph2:

    • dig @10.100.0.110 training.infoblox.com. A

    • dig @10.100.0.110 training.infoblox.com. A

  6. Examine the results. If we see ra in the flags section of the output, we can verify that the answers are obtained via recursion.

    Task6-1.png





JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close