Differences

This shows you the differences between two versions of the page.

--- infoblox_nios:forwarding [2025/01/13 12:04] – [Forwarding] bstafford
+++ infoblox_nios:forwarding [2025/07/01 18:47] (current) – bstafford
@@ Line 29: / Line 29: @@
 In short, No. The order in which the forwarders are listed has no bearing on the order in which they are used.
-====== DNSSEC ======
+===== DNSSEC =====
 If DNSSEC validation is not enabled in NIOS, and if NIOS is configured to forward to another DNS server (e.g. NIOS caching/recursive layer) then NIOS sends DNS queries to the caching box with DNSSEC "CD" (Check Disabled) flag bit set to "1", and the caching server, irrespective of the local DNSSEC validation setting,  will not perform any validation locally and provides the response to the "forwarding DNS server", and the same response is sent back to the client. i.e. if you have full DNSSEC validation enabled on the external caching server but the Internal NIOS server does not have DNSSEC enabled then the external caching server will NOT perform DNSSEC validation for that query.
@@ Line 35: / Line 35: @@
 If you enabled DNSSEC and have NO Trust Anchors configured, then the internal DNS NIOS box will add CD (Check Disabled) flag bit set to "0" and it will mean that it is telling the external caching server to do the DNSSEC validation on its behalf.
+[[https://support.infoblox.com/s/article/302|Infoblox KB article]].
 ===== DFP Forwarding =====
+[[https://docs.infoblox.com/space/nios90/1468465491/Specifying+Forwarders|Documentation]]
 When enabling the "Add" and "Copy" options under DNS Properties > Forwarding, we see the following notices/warnings
@@ Line 65: / Line 68: @@
 In the scenario below, the key is to ensure that the first layer has "Add" enabled and that the second and third layer have "Copy" enabled. If we assume that all clients query layer 1, we are good. We include "Add" in the second and third layers to allow for clients querying these layers directly.
-^Source IP ^ 1 Add ^ 1 Copy ^ 2 Add ^ 2 Copy ^ 3 Add ^ 3 Copy ^ IP Recorded ^ MAC Recorded ^
+MAC Address will only get ADDED if the client IP is in the same subnet as the NIOS/NIOS-X appliance receiving it. Once added, it can be copied.
-| 192.168.99.73 | _ | _ | _ | _ | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | _ | _ | _ | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | _ | _ | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | _ | _ | X | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | _ | X | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | _ | X | _ | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | _ | X | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | _ | X | X | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | X | _ | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | X | _ | _ | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | _ | _ | X | _ | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | X | _ | X | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | _ | _ | X | X | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | X | X | _ | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | _ | _ | X | X | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | _ | X | X | X | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | _ | X | _ | _ | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | _ | _ | _ | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | _ | _ | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | _ | _ | X | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | _ | X | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | _ | X | _ | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | _ | X | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | _ | X | X | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | X | _ | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | X | _ | _ | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | _ | X | X | _ | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | X | _ | X | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | _ | X | X | X | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | X | X | _ | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | _ | X | X | X | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | _ | X | X | X | X | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | X | _ | _ | _ | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | _ | _ | _ | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | _ | _ | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | _ | _ | X | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | _ | X | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | _ | X | _ | X | 192.168.99.73 | N/A |
-| 192.168.99.73 | X | _ | _ | X | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | _ | X | X | X | 192.168.99.73 | N/A |
-| 192.168.99.73 | X | _ | X | _ | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | X | _ | _ | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | X | _ | X | _ | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | X | _ | X | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | X | _ | X | X | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | X | X | _ | X | 192.168.99.73 | N/A |
-| 192.168.99.73 | X | _ | X | X | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | _ | X | X | X | X | 192.168.99.73 | N/A |
-| 192.168.99.73 | X | X | _ | _ | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | _ | _ | _ | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | _ | _ | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | _ | _ | X | X | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | _ | X | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | _ | X | _ | X | 192.168.99.73 | N/A |
-| 192.168.99.73 | X | X | _ | X | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | _ | X | X | X | 192.168.99.73 | N/A |
-| 192.168.99.73 | X | X | X | _ | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | X | _ | _ | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | X | X | X | _ | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | X | _ | X | X | 192.168.11.211 | 00:0c:29:a0:b1:fe |
-| 192.168.99.73 | X | X | X | X | _ | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | X | X | _ | X | 192.168.99.73 | N/A |
-| 192.168.99.73 | X | X | X | X | X | _ | 192.168.11.212 | 00:0c:29:c8:ac:ed |
-| 192.168.99.73 | X | X | X | X | X | X | 192.168.99.73 | N/A |
+^Source IP ^ 1 Add ^ 1 Copy ^ 2 Add ^ 2 Copy ^ 3 Add ^ 3 Copy ^ IP Recorded ^
+| 192.168.99.73 | _ | _ | _ | _ | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | _ | _ | _ | X | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | _ | _ | X | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | _ | _ | X | X | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | _ | X | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | _ | X | _ | X | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | _ | X | X | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | _ | X | X | X | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | X | _ | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | X | _ | _ | X | 192.168.11.211 |
+| 192.168.99.73 | _ | _ | X | _ | X | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | X | _ | X | X | 192.168.11.211 |
+| 192.168.99.73 | _ | _ | X | X | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | X | X | _ | X | 192.168.11.211 |
+| 192.168.99.73 | _ | _ | X | X | X | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | _ | X | X | X | X | 192.168.11.211 |
+| 192.168.99.73 | _ | X | _ | _ | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | X | _ | _ | _ | X | 192.168.11.212 |
+| 192.168.99.73 | _ | X | _ | _ | X | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | X | _ | _ | X | X | 192.168.11.212 |
+| 192.168.99.73 | _ | X | _ | X | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | X | _ | X | _ | X | 192.168.11.212 |
+| 192.168.99.73 | _ | X | _ | X | X | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | X | _ | X | X | X | 192.168.11.212 |
+| 192.168.99.73 | _ | X | X | _ | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | X | X | _ | _ | X | 192.168.11.211 |
+| 192.168.99.73 | _ | X | X | _ | X | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | X | X | _ | X | X | 192.168.11.211 |
+| 192.168.99.73 | _ | X | X | X | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | X | X | X | _ | X | 192.168.11.211 |
+| 192.168.99.73 | _ | X | X | X | X | _ | 192.168.11.212 |
+| 192.168.99.73 | _ | X | X | X | X | X | 192.168.11.211 |
+| 192.168.99.73 | X | _ | _ | _ | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | X | _ | _ | _ | _ | X | 192.168.11.212 |
+| 192.168.99.73 | X | _ | _ | _ | X | _ | 192.168.11.212 |
+| 192.168.99.73 | X | _ | _ | _ | X | X | 192.168.11.212 |
+| 192.168.99.73 | X | _ | _ | X | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | X | _ | _ | X | _ | X | 192.168.99.73 |
+| 192.168.99.73 | X | _ | _ | X | X | _ | 192.168.11.212 |
+| 192.168.99.73 | X | _ | _ | X | X | X | 192.168.99.73 |
+| 192.168.99.73 | X | _ | X | _ | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | X | _ | X | _ | _ | X | 192.168.11.211 |
+| 192.168.99.73 | X | _ | X | _ | X | _ | 192.168.11.212 |
+| 192.168.99.73 | X | _ | X | _ | X | X | 192.168.11.211 |
+| 192.168.99.73 | X | _ | X | X | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | X | _ | X | X | _ | X | 192.168.99.73 |
+| 192.168.99.73 | X | _ | X | X | X | _ | 192.168.11.212 |
+| 192.168.99.73 | X | _ | X | X | X | X | 192.168.99.73 |
+| 192.168.99.73 | X | X | _ | _ | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | X | X | _ | _ | _ | X | 192.168.11.212 |
+| 192.168.99.73 | X | X | _ | _ | X | _ | 192.168.11.212 |
+| 192.168.99.73 | X | X | _ | _ | X | X | 192.168.11.212 |
+| 192.168.99.73 | X | X | _ | X | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | X | X | _ | X | _ | X | 192.168.99.73 |
+| 192.168.99.73 | X | X | _ | X | X | _ | 192.168.11.212 |
+| 192.168.99.73 | X | X | _ | X | X | X | 192.168.99.73 |
+| 192.168.99.73 | X | X | X | _ | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | X | X | X | _ | _ | X | 192.168.11.211 |
+| 192.168.99.73 | X | X | X | _ | X | _ | 192.168.11.212 |
+| 192.168.99.73 | X | X | X | _ | X | X | 192.168.11.211 |
+| 192.168.99.73 | X | X | X | X | _ | _ | 192.168.11.212 |
+| 192.168.99.73 | X | X | X | X | _ | X | 192.168.99.73 |
+| 192.168.99.73 | X | X | X | X | X | _ | 192.168.11.212 |
+| 192.168.99.73 | X | X | X | X | X | X | 192.168.99.73 |