Migrating DNS and DHCP

Remember, although the “console” has a buffer of about 1,000 lines and on large imports, data might scroll off the top of the buffer, if you click the 'save' button then you will get all data generated regardless of whether it is visible in the buffer.

• Get DHCP and DNS exports from all servers.
• Document all authoritative zones(A, AAAA and PTR), forward zones, delegation zones, etc.
• Import using Data Import Wizard
• Make sure you check the log window at the back of the Data Import Wizard. Search for fail and error
• The main window and top right window must be perfect. The top left window must be perfect or the red must just be “not used” or “Infoblox uses a different type” for all standard values. All custom values must be set correctly for Infoblox to import (DHCP). Double check the console log to ensure there are no import errors.
• When importing DNS, ensure that the advanced setting of “Delete A records associated with NS records is disabled”. If you do not do this, all the Microsoft DNS server A records will be removed. Thes servers will quite possibly be domain controllers which is a very bad thing.
• If something breaks, document it and fix it until the import is clean.
• Search the console logs of the DHCP import for “Failed: A host with IP address x.x.x.x is already configured to use MAC address xx:xx:xx:xx:xx:xx. or is already configured to use MAC address. This indicates that there is bad data in the configuration (a clash of MAC addresses).
• When importing DNS, make sure the Name Server Groups already exist. Set the zones to be imported to use the Name Server Groups and also the correct view (if Views are being used).
• Ensure Grid DHCP lease time is set to 2 hours or less to allow for rollback. Ensure that we do NOT import the TTL to ensure we inherit Grid Settings. By default, this setting is not imported. Do not allow dotted hostnames to be left alone. You must create a proper sub-domin if you want dynamic DNS updates to work. We found that Infoblox did not apply DDNS updates when it was both DNS sever and DHCP server until we make changed the dotted hostnames into a proper subdomain. This didn't affect either Windows domain domain1.example.local or domain2.domain1.example.local.
• After the DNS is imported, you will need to go to each zone you imported that needs Dynamic Updates from Active Directory to allow unsigned updates from all Active Directory servers.
• When importing DHCP, if Infoblox is DNS, make sure you set DNS Name Servers in top right section to “do not import”. This will cause all imported scopes to use Infoblox.
• When importing DHCP, set all subnets to to correct DHCP member servers (probably two servers as normally we have two Grid members as DHCP servers). Set all ranges to use the correct DHPC Failover Association (assuming a failover association is being used (only one DHCP failover association can be set).
• When running the data import wizard, you do not want to see any errors. DHCP failover pairs will generate 'duplicate' errors that we can ignore.
• Always migrate a test subnet first to ensure that the end user provided accurate information and that all systems work.
• Where you have split scope DHCP servers being migrated to Infoblox, be careful. Windows Server 1 can have an exclusion 192.168.1.10-192.168.1.20 and Windows Server 2 can have an exclusion 192.168.1.30-192.168.1.40. Clients that use Windows Server 1 can happily have endpoints in the exclusion zone of Windows Server 2. When you merge these two servers onto Infoblox, you can then get a conflict.
• Delegations can be converted to forwarders to work.
• When importing, make sure no one else is logged onto the Grid master.
• If you import DNS export from Microsoft DNS servers, if you see the text string \302\240, this will cause an error. It is the representation of a space in the DNS record in Microsoft.

When you export DNS from Microsoft, this script will add the zone file names.

awk '{n=split($3,a,"\\"); print $0, "\r\n\"DatabaseFile\"=\"" , a[3], ".expdb\"" }' dns_export.reg | sed 's/]$//g' | sed 's/"DatabaseFile"="\ /"DatabaseFile"="/g' | sed 's/] .expdb"/.expdb"/g' | sed 's/"DatabaseFile"="\ .expdb"//g' | sed '/^\s*$/d' | dos2unix > new_dns_export.reg

Batch file command for running the Data Import Wizard is

START java -jar -Xms128m -Xmx1024m C:\Users\user\Documents\Infoblox\Tools\DIW\diw-8.3.0.jar IgnoreSSLErrors

1. Install BIND on all Windows DNS servers to runon port 5353 and foward all requests to Infoblox. Test this.
2. Export DNS and DHCP Data
3. Import DNS
4. Restart services on Infoblox
5. Validate DNS authoritative data and forwarders using DIG.
6. Import a DHCP subnet/range.
7. Disable that DHCP scope on the legacy DHCP servers.
8. Restart services on the Infoblox to start handing out leases.
9. Monitor and test. Ensure that devices on the test subnet are getting leases and are being pointed to the Infoblox for DNS and that dynamic updates are happening. Run DNS tests again.
10. Import all remaining DHCP data.
11. Restart services on the Infoblox to start handing out leases.
12. Monitor and test. Ensure that devices on the test subnet are getting leases and are being pointed to the Infoblox for DNS and that dynamic updates are happening. Run DNS tests again.
13. Update all Windows DNS servers. Disable (not set to manual) the DNS server. Shutdown BIND. Configure BIND to run on port 53 instead of 5353. Start BIND and ensure it is set to automatically start on boot. Verify the DNS fowarding is working.
14. Update all Windows Domain Controllers so that their network card interfaces have the DNS server set to the Infoblox DNS servers.