2802 - Enabling DNS Forwarding Proxies on BloxOne Hosts
Cloud Services Portal (CSP) is now Infoblox Portal
In early September, Cloud Services Portal (CSP) became Infoblox Portal with a new look-and-feel, and a new URL (https://portal.infoblox.com). As a result of this change, the layout and organization of several menus have been updated.
Unfortunately, this means that our video courseware and lab guides no longer match the new user interface. However, we are currently in the process of updating them, and they should be ready soon.
In the meantime, we have some resources to help you navigate the new interface:
We have created a mapping of the previous menu locations and their new breadcrumb location.
Additionally, you can find a walkthrough video of the new User Interface on Launchpad.
We apologize for any inconvenience this may cause and kindly ask for your patience as we work through this transition.
Scenario
You're tasked to enable the DNS Forwarding Proxy (DFP) service on two of your organization's Hosts OPH1 and OPH2, the service instances you will create on CSP will carry the names DFP-OPH1 and DFP-OPH2 and are connected to oph1.techblue.net and oph2.techblue.net, both instances will have PoP selection set to auto.
Estimate Completion Time
30-40 Minutes
Course Reference
2101: BloxOne Threat Defense Architecture
Prerequisites
Administrative access to the CSP
Lab 2801: Deploying Bloxone Hosts
Tasks
Task 1: Enable DNS Forwarding Proxies (DFP) on both BloxOne Hosts
Task 2: Verify DNS Forwarding Proxies (DFP) service does work
Lab β2801:Deploying BloxOne Hostsβ is a prerequisite for this lab to work, please finish 2801 before you start this lab
Click here to access the lab guide
Task 1: Enable DNS Forwarding Proxies (DFP) on both BloxOne Hosts
Create two DFP Instances named "DFP-OPH1" and "DFP-OPH2" and connect them to oph1.techblue.net and oph2.techblue.net in this order.
Task 2: Verify DNS Forwarding Proxies (DFP) service does work
Using testing-linux machine dig infoblox.com and google.com through oph1 and oph2 IP addresses (10.100.0.110 and 10.200.0.110) and make sure the responses are valid.
The command "sudo set-network-static-bloxone" is used to set an IP address for testing-linux, to verify an IP was configured enter the command ifconfig.
Solutions
Task 1 solution: Enable DFP on both BloxOne Hosts
Navigate to Manage > Infrastructure > Services, click on the Create Service button, and choose DNS Forwarding Proxy from the list.
In the newly opened pop-up wizard use DFP-OPH1 as the name and DFP for oph1 as a description.
Click the Select Host button and choose oph1.techblue.net from the list and click Select then Next, notice the interface binding page being populated, and verify that the IP address listed is 10.100.0.110.
Click Next, under the DNS Forwarding Proxy tab, expand the POP Settings section, switch the Auto Selection toggle to OFF, and expand the Point of Presence list to examine the available options.
Switch the Auto Selection toggle back to ON. DO NOT LEAVE AUTO SELECTION OFF, finally, click Finish then Save & Close.
Click on the Create Service button once more and choose DNS Forwarding Proxy from the list.
In the newly opened pop-up wizard use DFP-OPH2 as the name and "DFP for oph2" as a description.
Click the Select Host button and choose "oph2.techblue.net" from the list and click Select then Next, notice the interface binding page being populated, and verify that the IP address listed is 10.200.0.110.
Click Next, under the DNS Forwarding Proxy tab, expand the POP Settings section, switch the Auto Selection toggle to OFF, and expand the Point of Presence list to examine the available options.
Switch the Auto Selection toggle back to ON. DO NOT LEAVE AUTO SELECTION OFF, finally, click Finish then Save & Close.
Task 2 solution : Verify DFP service does work
Switch to the testing-linux machine, open a terminal window, and enter the command "sudo set-network-static-bloxone".
Using dig we will test if DFP is running on both noa-1 and noa-2 instances, type the command dig @10.100.0.110 infoblox.com and dig @10.200.0.110 google.com both commands should return valid answers.