3517 - Troubleshooting External DNS Resolution in NIOS
Scenario
There is an external-facing domain name training.infoblox.com that is intended for the Internet. However, internal users are reporting that when they query ibns1 (10.100.0.105) or ibns2 (10.200.0.105) this name fails to resolve. Identify any issues and correct them.
Estimate Completion Time
15 to 20 minutes
Credentials
Description | Username | Password | URL or IP |
|---|---|---|---|
Grid Manager UI | admin | infoblox |
Requirements
Administrative access to the Grid
Course References
3011: DNS Troubleshooting Methodology
3014: NIOS DNS Zones Expert Topics
Lab Initiation
Access jump-desktop
Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:
Username: training
Password: infoblox
Initiate lab
To initiate the lab, double-click the Launch Lab icon on the Desktop.
Launch Lab
Choose the lab number from the list and click OK.
After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.
Lab initiation will take a couple of minutes to finish.
Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.
Tasks
Task 1: Troubleshooting internal resolvers
Investigate and resolve name resolution issues for training.infoblox.com domain from our internal resolvers ibns1 and ibns2.
Solutions
Task 1 Solution: Troubleshooting internal resolvers
When using the command dig to query ibns1 (10.100.0.105), we get this output:
dig @10.100.0.105 training.infoblox.com
; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> @10.100.0.105 training.infoblox.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 41800
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
; COOKIE: 85a66043fb06626ee9dd2eb964905dc76e8ec5242c06683e (good)
;; QUESTION SECTION:
;training.infoblox.com. IN A
;; Query time: 4 msec
;; SERVER: 10.100.0.105#53(10.100.0.105) (UDP)
;; WHEN: Mon Jun 19 13:53:11 UTC 2023
;; MSG SIZE rcvd: 78The REFUSED code in line 7 and the warning in line 9 indicate that recursion is not enabled on this server (10.100.0.105). Repeating this
Enabling recursion on the members
The recommended method is to allow recursion on each member individually. Enabling recursion at the Grid level to turn it on for every Grid member is not recommended.
To enable recursion on a member:
Navigate to Data Management → DNS → Members.
Select and Edit the member (ibns1 or ibns2).
In Member DNS Properties, select the Queries tab.
Scroll down to check the Allow recursion configuration.
Click Save & Close, restart service when prompted.
You may run the same dig command again, it should now produce the following output:
training@jump-desktop:~ $ dig @10.100.0.105 training.infoblox.com.
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> @10.100.0.105 training.infoblox.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1872
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
; COOKIE: e037c5c66896c2fa4423f20464c3c345bcdbdfc7336c7650 (good)
;; QUESTION SECTION:
;training.infoblox.com. IN A
;; ANSWER SECTION:
training.infoblox.com. 3600 IN A 151.101.130.253
training.infoblox.com. 3600 IN A 151.101.66.253
training.infoblox.com. 3600 IN A 151.101.2.253
training.infoblox.com. 3600 IN A 151.101.194.253
;; Query time: 431 msec
;; SERVER: 10.100.0.105#53(10.100.0.105) (UDP)
;; WHEN: Fri Jul 28 13:31:49 UTC 2023
;; MSG SIZE rcvd: 142