Skip to main content
Skip table of contents

3517 - Troubleshooting External DNS Resolution in NIOS


There is an external-facing domain name that is intended for the Internet. However, internal users are reporting that when they query ibns1 ( or ibns2 ( this name fails to resolve. Identify any issues and correct them.

Estimate Completion Time

  • 15 to 20 minutes






Grid Manager UI




  • Administrative access to the Grid

Course References

  • 3011: DNS Troubleshooting Methodology

  • 3014: NIOS DNS Zones Expert Topics

Lab Initiation

Access jump-desktop

Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:

Username: training

Password: infoblox

Initiate lab

To initiate the lab, double-click the Launch Lab icon on the Desktop.

Launch Lab

Launch Lab

Choose the lab number from the list and click OK.

After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.

Lab initiation will take a couple of minutes to finish.

Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.

Screenshot 2024-05-06 at 3.16.57 PM.png


Task 1: Troubleshooting internal resolvers

Investigate and resolve name resolution issues for domain from our internal resolvers ibns1 and ibns2


Task 1 Solution: Troubleshooting internal resolvers

When using the command dig to query ibns1 (, we get this output:

dig @

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> @
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 41800
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

; EDNS: version: 0, flags:; udp: 1220
; COOKIE: 85a66043fb06626ee9dd2eb964905dc76e8ec5242c06683e (good)
;        IN    A

;; Query time: 4 msec
;; WHEN: Mon Jun 19 13:53:11 UTC 2023
;; MSG SIZE  rcvd: 78

The REFUSED code in line 7 and the warning in line 9 indicate that recursion is not enabled on this server ( Repeating this

Enabling recursion on the members

The recommended method is to allow recursion on each member individually. Enabling recursion at the Grid level to turn it on for every Grid member is not recommended.

To enable recursion on a member:

  1. Navigate to Data Management → DNS → Members.

  2. Select and Edit the member (ibns1 or ibns2).

  3. In Member DNS Properties, select the Queries tab.

  4. Scroll down to check the Allow recursion configuration.

  5. Click Save & Close, restart service when prompted.

You may run the same dig command again, it should now produce the following output:

training@jump-desktop:~ $ dig @

; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> @
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1872
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1220
; COOKIE: e037c5c66896c2fa4423f20464c3c345bcdbdfc7336c7650 (good)
;		IN	A

;; ANSWER SECTION:	3600	IN	A	3600	IN	A	3600	IN	A	3600	IN	A

;; Query time: 431 msec
;; WHEN: Fri Jul 28 13:31:49 UTC 2023
;; MSG SIZE  rcvd: 142
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.