Skip to main content
Skip table of contents

Enabling the DNS Forwarding Proxy Service (DFP) on a NIOS-X Server (2802)


Scenario

Your organization is enhancing infrastructure security across headquarters and branch offices by enabling the DNS Forwarding Proxy (DFP) service on all NIOS-X servers. This configuration ensures that all DNS traffic is forwarded to the Threat Defense cloud, where it can be inspected. You are tasked with the following:

  • Enable DFP on the NIOS-X servers:

    • oph1.techblue.net

    • oph2.techblue.net

  • Connect these servers to their respective service instances in the Infoblox Portal:

    • oph1.techblue.net → DFP-OPH1

    • oph2.techblue.net → DFP-OPH2

Estimated Completion Time

  • 20 to 30 minutes

Prerequisites


Tasks

  • Enabling DNS Forwarding Proxies (DFP) on both NIOS-X Servers

  • Verifying DFP services are working

Task 1: Enabling DNS Forwarding Proxies (DFP) on both NIOS-X Servers

  • In the Infoblox Portal, create two DFP Instances named DFP-OPH1 and DFP-OPH2 and connect them to the NIOS-X servers oph1.techblue.net and oph2.techblue.net.

  • Verify that DFP services are enabled on all NIOS-X server interfaces.

  • Add the IP address 10.100.0.100 as an internal and a fallback DNS resolver with no Encryption.

    • 10.100.0.100is the IP address of a local NIOS grid.

  • Ensure POP auto selection is enabled.

Task 2: Verifying DNS Forwarding Proxies (DFP) Services Are Working

  • In the lab environment, provision the VM testing-linux with a static IP address (with the command sudo set-network-static-bloxone) to reach the NIOS-X servers.

  • From the VM testing-linux, perform DNS lookups using the NIOS-X servers (10.100.0.110 and 10.200.0.110) to ensure the DNS Forwarding Proxy services are working.


Solutions

Task 1 Solution: Enabling DNS Forwarding Proxies (DFP) on both NIOS-X Servers

In this task, we will create two new protocol service instances of the DNS Forwarding Proxy type: DFP-OPH1 and DFP-OPH2. During the creation process, we will choose which NIOS-X server each service will be attached to: for DFP-OPH1, we will select oph1.techblue.net, and for DFP-OPH2, we will choose oph2.techblue.net. We will also verify that the “All Interface Binding“ checkbox is selected for both NIOS-X servers to ensure that DFP services will be enabled on all interfaces. Finally, under the DNS Forwarding Proxy tab, we will add the IP address 10.100.0.100 as an internal and fallback DNS resolver. 10.100.0.100is the IP address for a NIOS grid that will be used as a backup for when the connection between NIOS-X servers and the Threat Defense Cloud gets interrupted.

  1. Log in to your lab’s VM jump-desktop.

  2. While logged in to jump-desktop, use your Education Infoblox Portal Credentials to log into the Infoblox Portal.

  3. Navigate to Configure → Service Deployment → Protocol Services.

  4. Click Create Service and choose DNS Forwarding Proxy from the list.

    1. Enter DFP-OPH1 for the name.

    2. Click Select Server.

    3. Choose oph1.techblue.net from the list.

      image-20241107-175405.png
  5. Click the Interface Binding tab.

    1. Verify that the All Interface Binding checkbox is selected.

      image-20250625-140508.png
  6. Click the DNS Forwarding Proxy tab

    1. Under the Internal and Fallback DNS Resolvers section.

      1. Click Add.

      2. Use the IP address 10.100.0.100 as the DNS Resolver

      3. Enable the INTERNAL RESOLVER, FALLBACK RESOLVER, and UNENCRYPTED DNS toggles.

    2. Under the POP Settings section.

      1. Verify that the Auto selection toggle is enabled.

        image-20250625-141210.png
    3. Click Finish and then Save & Close.

  7. Repeat steps 4, 5, and 6 to create the second DFP service.

    1. Enter DFP-OPH2 for the name.

    2. Select oph2.techblue.net as the server.

      image-20250625-141454.png

Task 2 Solution: Verifying DNS Forwarding Proxies (DFP) Services Are Working

In this task, we will jump to the new virtual machine testing-linux to simulate a user utilizing the DFP services we enabled on both NIOS-X servers. We will use the command dig to look up several popular domains while specifying the IP addresses of oph1.techblue.net and oph2.techblue.net as the servers.

  1. Log in to the VM testing-linux in your lab environment with the credentials training / infoblox.

  2. Open a terminal window and enter the command sudo set-network-static-bloxone. If prompted for a password, enter infoblox. This command sets a static IP address for the testing-linux VM to reach the NIOS-X servers.

    image-20241031-150125.png
  3. Using the command dig against oph1.techblue.net (10.100.0.110) and. oph2.techblue.net (10.200.0.110), resolve the domains www.infoblox.com and www.google.com. Both domains should be resolved with a NOERROR response code. The commands are:

    • dig @10.100.0.110 www.infoblox.com.

    • dig @10.100.0.110 www.google.com.

    • dig @10.200.0.110 www.infoblox.com.

    • dig @10.200.0.110 www.google.com.

image-20241104-094632.png
image-20241107-181144.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.