Skip to main content
Skip table of contents

3514 - Troubleshooting a new authoritative zone in NIOS

Scenario

A new zone techblue.net has been added by someone on your team. However, users are reporting that they cannot resolve any names in techblue.net when querying against the member ibns1 (10.100.0.105) or ibns2 (10.200.0.105). Please identify any issues and correct them.

Estimate Completion Time

  • 15 to 20 minutes

Credentials

Description

Username

Password

URL or IP

Grid Manager UI

admin

infoblox

https://10.100.0.100/

Requirements

  • Administrative access to the Grid

Course References

  • 3011: DNS Troubleshooting Methodology

  • 3014: NIOS DNS Zones Expert Topics

Lab Initiation

Access jump-desktop

Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:

Username: training

Password: infoblox

Initiate lab

To initiate the lab, double-click the Launch Lab icon on the Desktop.

Launch Lab

Launch Lab

Choose the lab number from the list and click OK.

After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.

Lab initiation will take a couple of minutes to finish.

Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.

Screenshot 2024-05-06 at 3.16.57 PM.png

Tasks

Task 1: Troubleshooting name resolution

Clients are unable to resolve the domain name www.techblue.net while querying against the internal DNS servers 10.100.0.105 and 10.200.0.105.


Solutions

Task 1 Solution: Troubleshooting name resolution

First, you should verify that the zone is configured in the Grid, and the entry for the name www.techblue.net also exists in the Grid. Navigate through Data Management → DNS → Zones, you can verify that both the authoritative zone techblue.net exists, so does the DNS record for www.techblue.net.

However, when using the command dig you get this result from the jump-desktop:

CODE
training@jump-desktop:~ $ dig @10.100.0.105 www.techblue.net
;; communications error to 10.100.0.105#53: timed out
;; communications error to 10.100.0.105#53: timed out
;; communications error to 10.100.0.105#53: timed out

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> @10.100.0.105 www.techblue.net
; (1 server found)
;; global options: +cmd
;; no servers could be reached

IP address 10.100.0.105 is reachable:

CODE
training@jump-desktop:~ $ ping 10.100.0.105

PING 10.100.0.105 (10.100.0.105) 56(84) bytes of data.
64 bytes from 10.100.0.105: icmp_seq=1 ttl=63 time=1.99 ms
64 bytes from 10.100.0.105: icmp_seq=2 ttl=63 time=0.493 ms
64 bytes from 10.100.0.105: icmp_seq=3 ttl=63 time=4.43 ms
64 bytes from 10.100.0.105: icmp_seq=4 ttl=63 time=0.818 ms
^C
--- 10.100.0.105 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3034ms
rtt min/avg/max/mdev = 0.493/1.933/4.430/1.545 ms

This points to an issue with the DNS service on ibns1 (10.100.0.105) . If you check the configuration, you can see that DNS service is not running. 

Solution part 1: Enabling the DNS service

You may use dig again to verify name resolution:

CODE
training@jump-desktop:~ $ dig @10.100.0.105 www.techblue.net

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> @10.100.0.105 www.techblue.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13521
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
; COOKIE: 07e320880bc5c24bb7a8c305649052e47d5aa811719e79c7 (good)
;; QUESTION SECTION:
;www.techblue.net.        IN    A

;; AUTHORITY SECTION:
techblue.net.        900    IN    SOA    polaris.techblue.io. training-tech.infoblox.com. 26 10800 3600 2419200 900

;; Query time: 11 msec
;; SERVER: 10.100.0.105#53(10.100.0.105) (UDP)
;; WHEN: Mon Jun 19 13:06:44 UTC 2023
;; MSG SIZE  rcvd: 154

This time you get an NXDOMAIN response with RA flag, which tells you that the server 10.100.0.105 is not authoritative for the zone techblue.net. If you check the config files for ibns1 and ibns2, you will see that techblue.net configuration is absent, which means that techblue.net zone has not been assigned to these DNS members. Thus, the next step is:

Solution part 2: Assigning zone techblue.net to members

Assign techblue.net zone to Grid DNS members ibns1 and ibns2 to correct DNS configuration .

  1. Navigate to Data Management → DNS →Zones

  2. Check the box next to techblue.net and click Edit

  3. Switch to Name Servers tab

  4. Select Use this set of name servers

  5. Click + dropdown and select Grid Primary

  6. In the Add Grid Primary wizard, click Select

  7. Click on ibns1.techblue.net hyperlink

  8. Click the Add button

  9. Click + dropdown again and select Grid Secondary

  10. In the Add Grid Secondary wizard, click Select

  11. Click on ibns2.techblue.net hyperlink

  12. Click the Add button.

  13. Both Name Servers should now be present in the list.

  14. Click Save and Close.

  15. Restart service when prompted.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.