2802 - Enabling DNS Forwarding Proxies on BloxOne Hosts

Cloud Services Portal (CSP) is now Infoblox Portal

In early September, Cloud Services Portal (CSP) became Infoblox Portal with a new look-and-feel, and a new URL (https://portal.infoblox.com). As a result of this change, the layout and organization of several menus have been updated.

Unfortunately, this means that our video courseware and lab guides no longer match the new user interface. However, we are currently in the process of updating them, and they should be ready soon.

In the meantime, we have some resources to help you navigate the new interface:

We apologize for any inconvenience this may cause and kindly ask for your patience as we work through this transition.

Scenario

You're tasked to enable the DNS Forwarding Proxy (DFP) service on two of your organization's Hosts OPH1 and OPH2, the service instances you will create on CSP will carry the names DFP-OPH1 and DFP-OPH2 and are connected to oph1.techblue.net and oph2.techblue.net, both instances will have PoP selection set to auto.

Estimate Completion Time

30-40 Minutes

Course Reference

2101: BloxOne Threat Defense Architecture

Prerequisites

Administrative access to the CSP
Lab 2801: Deploying Bloxone Hosts

Tasks

Task 1: Enable DNS Forwarding Proxies (DFP) on both BloxOne Hosts
Task 2: Verify DNS Forwarding Proxies (DFP) service does work

Lab “2801:Deploying BloxOne Hosts” is a prerequisite for this lab to work, please finish 2801 before you start this lab
Click here to access the lab guide

Task 1: Enable DNS Forwarding Proxies (DFP) on both BloxOne Hosts

Create two DFP Instances named "DFP-OPH1" and "DFP-OPH2" and connect them to oph1.techblue.net and oph2.techblue.net in this order.

Task 2: Verify DNS Forwarding Proxies (DFP) service does work

Using testing-linux machine dig infoblox.com and google.com through oph1 and oph2 IP addresses (10.100.0.110 and 10.200.0.110) and make sure the responses are valid.

The command "sudo set-network-static-bloxone" is used to set an IP address for testing-linux, to verify an IP was configured enter the command ifconfig.

Solutions

Task 1 solution: Enable DFP on both BloxOne Hosts

Navigate to Manage > Infrastructure > Services, click on the Create Service button, and choose DNS Forwarding Proxy from the list.
In the newly opened pop-up wizard use DFP-OPH1 as the name and DFP for oph1 as a description.
Click the Select Host button and choose oph1.techblue.net from the list and click Select then Next, notice the interface binding page being populated, and verify that the IP address listed is 10.100.0.110.
Click Next, under the DNS Forwarding Proxy tab, expand the POP Settings section, switch the Auto Selection toggle to OFF, and expand the Point of Presence list to examine the available options.
Switch the Auto Selection toggle back to ON. DO NOT LEAVE AUTO SELECTION OFF, finally, click Finish then Save & Close.
Click on the Create Service button once more and choose DNS Forwarding Proxy from the list.
In the newly opened pop-up wizard use DFP-OPH2 as the name and "DFP for oph2" as a description.
Click the Select Host button and choose "oph2.techblue.net" from the list and click Select then Next, notice the interface binding page being populated, and verify that the IP address listed is 10.200.0.110.
Click Next, under the DNS Forwarding Proxy tab, expand the POP Settings section, switch the Auto Selection toggle to OFF, and expand the Point of Presence list to examine the available options.
Switch the Auto Selection toggle back to ON. DO NOT LEAVE AUTO SELECTION OFF, finally, click Finish then Save & Close.

Task 2 solution : Verify DFP service does work

Switch to the testing-linux machine, open a terminal window, and enter the command "sudo set-network-static-bloxone".
Using dig we will test if DFP is running on both noa-1 and noa-2 instances, type the command dig @10.100.0.110 infoblox.com and dig @10.200.0.110 google.com both commands should return valid answers.