You are on page 1of 54

Infoblox User Guide

For the Infoblox-1050, 1550, and 1552 Appliances

Version 4.0

P/N 400-0107-100 Rev. A

Infoblox User Guide


For the Infoblox-1050, -1550, and -1552 Appliances Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 Infoblox-1050, -1550, and -1552 Hardware Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 System, Environmental, and Power Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Installing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Rack Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Powering the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Cabling the Device to a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Changing Power Supplies (Infoblox-1552) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Accessing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Infoblox GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Infoblox CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Example 1 Single Infoblox Device for External DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 1.1 Cable the Device to the Network and Turn On Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 1.2 Specify Initial Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 1.3 Specify Device Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 1.4 Define a NAT Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 1.5 Enable Zone Transfers on the Legacy Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 1.6 Import Zone Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 1.7 Designate the New Primary on the Secondary Name Server (at the ISP Site). . . . . . . . . . . . . . . . . Task 1.8 Configure NAT and Policies on the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example 2 HA Pair for Internal DNS and DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.1 Cable Devices to the Network and Turn On Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.2 Specify Initial Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.3 Specify Device Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.4 Enable Zone Transfers on the Legacy Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.5 Import Zone Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.6 Define Networks, Reverse-Mapping Zones, DHCP Ranges, and Infoblox Hosts . . . . . . . . . . . . . . . Task 2.7 Define Multiple Forwarders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.8 Enable Recursion on External DNS Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.9 Modify the Firewall and Router Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.10 Enable DHCP and Switch Service to the Infoblox Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 2.11 Manage and Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 18 19 20 21 21 22 24 25 26 27 27 28 30 30 32 35 36 36 37 38

Infoblox User Guide

For the Infoblox-1050, -1550, -1552 Appliances

Contents

Example 3 Infoblox Devices in an ID Grid. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 3.1 Cable All Devices to the Network and Turn On Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 3.2 Create the ID Grid Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 3.3 Define Members on the Grid Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 3.4 Join Devices to the Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 3.5 Import DHCP Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 3.6 Import DNS Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task 3.7 Enable DHCP and Switch Service to the ID Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

40 41 42 44 45 47 48 52

Copyright Statements
2006, Infoblox Inc. All rights reserved. The contents of this document may not be copied or duplicated in any form, in whole or in part, without the prior written permission of Infoblox, Inc. The information in this document is subject to change without notice. Infoblox, Inc. shall not be liable for any damages resulting from technical errors or omissions which may be present in this document, or from use of this document. This document is an unpublished work protected by the United States copyright laws and is proprietary to Infoblox, Inc. Disclosure, copying, reproduction, merger, translation, modification, enhancement, or use of this document by anyone other than authorized employees, authorized users, or licensees of Infoblox, Inc. without the prior written consent of Infoblox, Inc. is prohibited. For Open Source Copyright information, see Open Source Copyright and License Statements in the Online Help.

Trademark Statements
Infoblox, the Infoblox logo, and DNSone are trademarks or registered trademarks of Infoblox Inc. All other trademarked names used herein are the properties of their respective owners and are used for identification purposes only.

Warranty Information
Your purchase includes a 90-day software warranty and a one year limited warranty on the Infoblox appliance, plus an Infoblox Warranty Support Plan and Technical Support. For more information about Infoblox Warranty information, refer to Infoblox website, or contact Infoblox Technical Support.

Company Information
Infoblox is located at: 4750 Patrick Henry Drive Santa Clara, CA 95054-1851, USA Web: www.infoblox.com www.infoblox.com/support Phone: 408.625.4200 Toll Free: 888.463.6259 Outside North America: +1.408.716.4300 Fax: 408.625.4201

Infoblox User Guide

Introduction
This guide provides an overview of Infoblox-1050, -1550, and -1552 network identity appliances running Infoblox NIOS (Network Identity Operating System) version 4.0 and later, and explains how to install and configure them. There are three configuration examples. The first describes how to deploy a single device as an independent external DNS server. The second describes how to deploy two devices as an HA (high availability) pair for internal DNS and DHCP services. The third describes how to set up several devices in an ID grid for internal DNS and DHCP services in a large multi-site corporation. Figure 1 Tasks in This Guide

Learn about the Infoblox devices. Introduction on page 3

Install devices. Installing a Device on page 9 Equipment Rack Power Source (Second Power Source for the Infoblox-1552)

To Network

Configure devices. Configuration Examples on page 17 Infoblox GUI


> blox Info

Access devices. Accessing a Device on page 13 Management System

Infoblox CLI

Product Overview
Infoblox-1050, -1550, and -1552 appliances provide powerful, cost-effective solutions for small to large businesses that need integrated DNS (Domain Name System) and DHCP (Dynamic Host Configuration Protocol) services. In addition, these devices also provide IPAM (IP address management), RADIUS proxy and TFTP network services, andwith a Keystone license installedID grid functionality. You can configure and manage Infoblox-1050, -1550, and -1552 appliances through an easy-to-use GUI that works seamlessly in both Windows and Linux environments using standard web browsers. These Infoblox appliances are RoHS and WEEE compliant, and their hardware meets the mechanical requirements for FIPS 140-2 compliance.
For the Infoblox-1050, -1550, and -1552 Appliances 3

Introduction

Infoblox-1050, -1550, and -1552 Hardware Components


Infoblox-1050, -1550, and -1552 appliances are 1-U platforms that you can easily mount in a standard equipment rack using the mounting brackets and bolts that ship with each device. The front panel components include the LCD (liquid crystal display) panel and navigation buttons, communication ports, and indicator lights. The back panel components include the power connector and switch, fan, air vent, and the model and serial number label.

Front Panel
The front panel components are the same for Infoblox-1050, -1550, and -1552 appliances. These components are shown in Figure 2 and described in Table 1. For explanations of the ethernet port LEDs, and console and ethernet port connector pin assignments, see Ethernet Port LEDs on page 5 and Connector Pin Assignments on page 6. Figure 2 Infoblox Device, Front View
MGMT Port HA Port

LAN2 Port LCD Panel Navigation Buttons USB Port LAN1 Port Power Indicator (Infoblox-1050) Drive Indicator Console Port Power Indicator (Infoblox-1550, Infoblox-1552)

Table 1 Front Panel Components

Component
LCD Panel

Description
An LCD screen that displays HA (high availability) status, network settings, software version number, hardware serial number, and software licenses. Additionally, you can view and configure the IP address, netmask, and gateway for the LAN1 port. Buttons that allow you to enter the IP address, subnet mask, and gateway of the LAN1 port through the LCD. Use the Up and Down arrow buttons to specify numbers and the Left and Right buttons to navigate across digits. You must specify whether to save input (OK) or discard it (CNCL). Selecting CNCL at any time returns you to the previous entry. Entering OK on the third screen returns you to the system status screen.

Navigation Buttons

Infoblox User Guide

Infoblox-1050, -1550, and -1552 Hardware Components

Component
USB Port Console Port

Description
Reserved for future use. A male DB-9 serial port for a console connection to change basic configuration settings and view basic system functions through the CLI (command line interface). Use the serial cable and connection adapters that ship with the device to make a console connection to this port. An LED that flashes green to indicate when the hard drive processes data. An LED that glows green when there is power to the device. When it is dark, the device is not receiving power. (For the Infoblox-1552, the Power LED on the front panel is green if at least one power supply has power and is dark if neither power supply has power.) A 10/100/1000-Mbps fast ethernet port that you can use for device management or DNS service. You can enable the MGMT port and define its use through the GUI. A 10/100/1000-Mbps fast ethernet port through which the active node in an HA (high availability) pair connects to the network using a VIP (virtual IP) address. HA pair nodes also use their HA ports for VRRP (Virtual Router Redundancy Protocol) advertisements. LAN1 Port: A 10/100/1000-Mbps fast ethernet port that connects a single device to the network. If the MGMT port is not in use, the device uses the LAN1 port for management traffic. The passive node in an HA pair uses this port to synchronize the database with the active node. Reserved for future use.

Drive Indicator Power Indicator

MGMT Port HA Port

LAN1 Port

LAN2 Port

Ethernet Port LEDs


To see the link activity and connection speed of an ethernet port, you can look at its Link/Act and Speed LEDs. The status the LEDs convey through their color and illumination (steady glow or blinking) are presented in Figure 3. Figure 3 LEDs

Link/Act

Speed Link/Act

Speed

Label Link/Act

Color Steady Green Blinking Green Dark

Port Status Link is up but inactive Link is up and active Link is down 1000 Mbps 100 Mbps 10 Mbps

MGMT
Link/Act

HA
Speed

Speed Link/Act

LAN1

LAN2

Speed

Steady Amber Steady Green Dark

For the Infoblox-1050, -1550, and -1552 Appliances

Introduction

Connector Pin Assignments


An Infoblox device has three types of ports on its front panel: USB port (reserved for future use) Male DB-9 console port RJ-45 10Base-T/100Base-T/1000Base-T auto-sensing fast ethernet ports The DB-9 and RJ-45 connector pin assignments are described in Figure 4. The DB-9 pin assignments follow the EIA232 standard. To make a serial connection from your management system to the console port, you can use the RJ-45 rollover cable and two female RJ-45-to-female DB-9 adapters that ship with the device, or a female DB-9-tofemale DB-9 null modem cable. The RJ-45 pin assignments follow IEEE 802.3 specifications. All Infoblox ethernet ports are auto-sensing and automatically adjust to standard straight-through and cross-over ethernet cables. 10Base-T ethernet and 100Base-T fast ethernet use the same two pairs of wires. The twisted pair of wires connecting to pins 1 and 2 transmit data, and the twisted pair connecting to pins 3 and 6 receive data. For 1000Base-T connections, all four twisted-pair wires are used for bidirectional traffic. Figure 4 Connector Pin Assignments
Male DB-9 Console Port
1 2 3 4 5

DB-9 Connector Pin Assignments Pin 1 2 3 4 5 6 7 8 9 Signal (not used) Receive Transmit DTE Ready Ground DCE Ready RTS (Request to Send) CTS (Clear to Send) (not used) Input Output Output Input Output Output Direction

(Looking into the console port on an Infoblox device)

RJ-45 Ethernet Ports

RJ-45 Connector Pin Assignments Pin 10Base-T 100Base-T Signal Transmit + Transmit Receive + (not used) (not used) Receive (not used) (not used) 1000Base-T Signal BI_DA+ BI_DABI_DB+ BI_DC+ BI_DCBI_DBBI_DD+ BI_DDT568A Straight-Through Wire Color White/Green Green White/Orange Blue White/Blue Orange White/Brown Brown T568B Straight-Through Wire Color White/Orange Orange White/Green Blue White/Blue Green White/Brown Brown

1 2
8 7 6 5 4 3 2 1 1 2 3 4 5 6 7 8

3 4 5 6 7 8

(Looking into RJ-45 ethernet ports on an Infoblox device)

Legend: BI_D = bidirectional; A, B, C, D = wire pairings

Infoblox User Guide

Infoblox-1050, -1550, and -1552 Hardware Components

Rear Panel
The front panel on Infoblox-1050, -1550, and -1552 appliances is identical. However, because the Infoblox-1050 and -1550 have a single power supply and the Infoblox-1552 has dual power supplies, their rear panels differ. Figure 5 Infoblox Devices, Rear View
Infoblox-1050 and -1550 Power Outlet

Model Number Serial Number Infoblox-1552

Air Vent

Fan

On/Off Switch

Note: The label with the model and serial numbers is on the underside of the Infoblox-1552.

Fan

Power LED

On/Off Switch

Air Vent

Power Outlet

Power Outlet

Redundant Power Supplies

Redundant Power Outlets

Table 2 Rear Panel Components

Component
Model Number Serial Number Air Vent Fan Power Outlet On/Off Switch Power LED

Description
An identifier of the hardware model type, software type, and power cord type. The serial number of the device. Use it to register the device to obtain software upgrades and technical support services. An air vent that allows warm air to flow out of the device. Do not obstruct. A fan to help maintain optimum operating temperature. Do not obstruct. A three-prong power outlet for connecting the device to a standard AC power source. A power switch to turn the power supply of the device on and off. An LED that glows green when a power supply has power. It is dark when it does not.

For the Infoblox-1050, -1550, and -1552 Appliances

Introduction

System, Environmental, and Power Specifications


System specifications describe the physical characteristics of each device. Environmental specifications describe the temperature and moisture limits it can withstand. Power specifications describe the electrical range within which the device circuitry can operate.

System Specifications
Form Factor: 1-U rack-mountable appliance Dimensions: Infoblox-1050 and -1550: 1.75 H x 17.25 W x 15 D (4.45 cm H x 43.82 cm W x 38.1 cm) Infoblox-1552: 1.75 H x 17.25 W x 21.65 D (4.45 cm H x 43.82 cm W x 55 cm) Weight: Infoblox-1050 and -1550: Approximately 13 pounds (5.9 kg) Infoblox-1552: Approximately 20 pounds (9.07 kg) Ethernet Ports: MGMT, HA, LAN1, LAN2 auto-sensing 10Base-T/100Base-T/1000Base-T Serial Port: DB-9 (9600/8n1, Xon/Xoff) LCD Panel: LCD (liquid crystal display) with input buttons

Environmental Specifications
Operating Temperature: 41 to 95 degrees F (5 to 35 degrees C) Storage Temperature: -40 to 122 degrees F (-40 to 50 degrees C) Relative Humidity: 5% to 95%, relative humidity (non-condensing)

Electrical Power Specifications


Infoblox-1050 and -1550: Input Voltage: 100 240 VAC switchable, 47 63 HZ, 3A Output Power: 250 watts Infoblox-1552: Input Voltage: 100 240 VAC switchable, 47 63 HZ, 4 A, redundant, dual input Output Power: 250 watts each Power plug and cable specifications by region: Region North America Japan Europe United Kingdom
8

Plug Type NEMA5-15P 3-prong male plug NEMA5-15P 3-prong male plug CEE7 standard VII 2-prong male plug LP-60L 3-prong male plug with fuse

Cable Type VCTF 3C 18 AWG VCFI 3G H05VV-F H05VV-F

Max Power Rating Max Temperature Rating 7A, 125 V 12A, 125 V 6A, 250 V 10A, 250 V 75 C 60 C 70 C 70 C

Infoblox User Guide

Installing a Device
Follow these instructions to rack mount the device, connect it to a power source, and cable it to a network. However, before proceeding review the Infoblox Safety Guide and follow the necessary precautions.

Rack Mounting
The device mounts into a standard 19 (48 cm) equipment rack. In addition to the screws and brackets that ship with the product, you also need a screwdriver with a cross-headed tip. Attach the brackets to the device, and mount it to an equipment rack. 1. 2. 3. Remove the four screws that ship attached to the left and right sides of the devicetwo screws per side. Remove the pair of brackets from the accessory kit that also ships with the device. Position one bracket so that the two holes in the bracket align with two of the holes on one side of the device. Note: There are five evenly spaced holes on each side of the device. You can secure the brackets to any two adjacent holes so that you can mount the device more or less deeply in the rack. 4. 5. 6. Secure the bracket to the device with two of the screws that you removed previously. Secure the second bracket in the same position on the other side of the device. Using the screws from the accessory kit, attach the brackets to the equipment rack.

Powering the Device


Use the power cable that ships with the Infoblox device to connect it to a power source. For the Infoblox-1552, use both power cables to connect it to separate power circuits if possible. If one power circuit fails, the other might still be operative. 1. 2. Make sure the power switch on the Infoblox-1050 and -1550 is turned off. For the Infoblox-1552, make sure both power switches are off. Connect a power cable between the power connector on the back of the appliance and a properly grounded and rated power circuit that meets the provisions of the current edition of the National Electrical Code, or other wiring rules that apply to your location. Make sure the outlet is near the appliance and is easily accessible. For the Infoblox-1050 and -1550, turn on the power switch. For the Infoblox-1552, turn on both switches.

3.

For the Infoblox-1050, -1550, and -1552 Appliances

Installing a Device

Cabling the Device to a Network


Use the ethernet cables shipped with the product to connect the device to the network. 1. 2. Connect an ethernet cable from the LAN1 port on the device to your network switch or router. If you want to connect your device for HA (high availability), connect the HA ports on both devices to a switch on your network. The VIP (Virtual IP), LAN1, and HA port addresses must be on the same subnet and must be unique for that subnet.

Figure 6 Cabling a Single Device and an HA Pair to a Network


Ethernet Ports MGMT LAN1 HA LAN2 When cabling a single Infoblox device to the network, connect an ethernet cable from the LAN1 port on the device to a switch or router. Switch Infoblox Device Switch or Router Management System

Navigation Buttons LCD

Infoblox Device

When cabling a pair of devices to the network for high availability, connect ethernet cables from the LAN1 and HA ports on each device to a switch.

Note: By default, an Infoblox device automatically negotiates the optimal connection speed and transmission type (full or half duplex) on the physical links between its LAN1, HA, and MGMT ports and the ethernet ports on a connecting switch. If the two devices fail to auto-negotiate the optimal settings, see the Infoblox Administrator Guide for steps you can take to resolve the problem. 3. HA pair: To ensure that VRRP (Virtual Router Redundancy Protocol) works properly, configure the following settings on the connecting switch: Portfast: enable Trunking: disable Port list: disable Port channeling: disable Use the Infoblox GUI to access the Infoblox device from a management system. Through the GUI, you can set up and administer the device. For management system requirements and access instructions, see Accessing a Device on page 13.
Infoblox User Guide

4.

10

Changing Power Supplies (Infoblox-1552)

Changing Power Supplies (Infoblox-1552)


The Infoblox-1552 supportsand ships withtwo redundant, auto-switching AC power supplies. The power supplies are hot-swappable, so you can remove or replace one power supply without interrupting device operation and network services. When the Infoblox-1552 contains two functioning power supplies, they share the power load equally. If one power supply fails, the other assumes the full load automatically and the appliance sends a system alarm. Although the Infoblox-1552 can run with only one power supply, it is advisable to install two. This practice minimizes the chance of system failure due to an individual power supply failure. Each AC power supply weighs about three pounds (1.36 kg). The faceplate contains a power LED, a power switch, and a cooling fan vent. Each power supply links to a dedicated male power outlet. Figure 7 Removing the AC Power Supply

1 2 3

Turn off the power supply. The Power LED appears dark. Disconnect the power cable. Turn the thumbscrew counter-clockwise to release the power supply. Grip the handle and pull it out.

Cooling Fan Vent

On/Off Switch

Thumbscrew Lock Release Handle Power LED

The LED for a power supply glows green to indicate that the power supply is fully seated in the bay, is powered on, and is functioning properly. The LED appears dark to indicate the power supply is not fully seated, is not turned on, or has failed. To replace a power supply: 1. 2. 3. 4. 5. 6. 7. 8. Turn off the power supply that you want to replace. (Keep the power for the other supply on so that the device can continue providing service.) Disconnect the power cable from the outlet for this power supply. Turn the thumbscrew lock release counter-clockwise to release the power supply. Swivel the handle outward, grip the handle, and pull the power supply straight out. Position the new power supply in the bay, and push it forward until it is fully seated against the back plane. Tighten the thumbscrew lock release to lock the power supply in place, and fold back the handle. Reconnect the power cable. Turn on the power supply. If it is fully seated, powered on, and operating properly, the LED glows green.

For the Infoblox-1050, -1550, and -1552 Appliances

11

Installing a Device

12

Infoblox User Guide

Accessing a Device
The management system is the computer from which you configure and monitor the Infoblox device. You can access the device from the management system remotely across an ethernet network or directly through a serial cable. After completing the steps in Cabling the Device to a Network on page 10, you can make an HTTPS connection to the device and access the Infoblox GUI through Java Web Start (JWS) or make an SSHv2 connection and access the CLI through an SSHv2 client. You can also access the CLI by connecting a serial cable directly from the console port of a management system to the console port on the device, and then using a terminal emulation program. The management system must meet the following requirements to operate an Infoblox device. Table 3 Software and Hardware Requirements for the Management System Management System Software Requirements GUI ACCESS Microsoft Internet Explorer 6.0 or higher on Microsoft Windows NT 4.0, Microsoft Windows 2000, Microsoft Windows XP or Mozilla 1.7 or higher on Linux or variants of UNIX (Irix, Solaris, HP-UX, AIX) and Sun Java Runtime Environment (JRE) versions 1.5.0_06 or later JWS application, which is automatically installed with JRE 1.5.0_06 or later CLI ACCESS Secure Socket Shell (SSH) client that supports SSHv2 Terminal emulation program, such as minicom or Hilgraeve Hyperterminal. Management System Hardware Requirements Minimum System: 500 MHz CPU with 256 MB RAM available to the product GUI, and 56 Kbps connectivity to an Infoblox device Recommended System: 1 GHz (or higher) CPU with 512 MB RAM available for the product GUI, and network connectivity to an Infoblox device Monitor Resolution: 1024 x 768 (minimum) to 1600 x 1200 (maximum)

For the Infoblox-1050, -1550, and -1552 Appliances

13

Accessing a Device

Infoblox GUI
You can view data and configuration settings and make configuration changes through the Infoblox GUI. When an Infoblox device functions as an independent device, you launch the ID Device Manager to access the GUI. When the device is in an ID grid, you log in to the grid master and launch the ID Grid Manager. Figure 8 Infoblox GUI Overview

Menu Tool Bar Perspectives

Panels View and select items to edit.

Editor Enter and edit information.

Detach and move panels, viewers and editors to customize the GUI layout.

Properties Viewer View object properties.

When you make an HTTPS connection to the device and access the Infoblox GUI through JWS, the Java installation typically associates JNLP file types with the JWS application automatically, although not in all UNIX environments. If the browser does not automatically associate a JNLP file with the JWS application, when you click Launch ID Grid Manager or Launch ID Device Manager, you receive a prompt. Internet Explorer running on a Windows system and Mozilla running on a Linux system provide different prompts: Internet Explorer prompts you to save the JNLP file. Click Cancel, and make the file association as follows: 1. 2. 3. 4. 5. Click Start -> Control Panel -> Folder Options -> File Types -> New. In the File Extension field, type JNLP, and then click Advanced. From the Associated File Type drop-down list, choose JNLP File, and then click OK. To close the Folder Options dialog box, click Close. You can now continue logging in to the device.

Mozilla prompts you to save the JNLP file or choose an application to open it. 1. 2. 3. Select the Open with button, and then choose Other from the drop-down list. Navigate to the Java directorytypically in a standard system directory like /usr/java/ on Linux systems. Open the jre1.5.0_06 (or later) subdirectory, and select the JWS application, which is usually named javaws. Although the exact path and directory names can differ, it might be in a directory named javaws or bin.

14

Infoblox User Guide

Infoblox CLI

Infoblox CLI
The Infoblox CLI allows you to configure and monitor the device using a small set of Infoblox commands. There are some tasks, such as resetting the device, that you can only do through the CLI. You can access the Infoblox CLI through a direct console connection from your management system to the Infoblox device. You can also enable remote console accessthat is, SSHv2 (Secure Shell version 2) accessthrough the GUI or CLI, and then access the CLI from a remote location using an SSHv2 client.

Using the Console Port


The Infoblox device has a male DB-9 console port on its front panel. You can log in to the device through this port to access the Infoblox CLI. 1. 2. Connect a console cable from the console port on your management system to the console port on the Infoblox device. Using a serial terminal emulation program such as Hilgraeve Hyperterminal (provided with Windows operating systems), launch a session. The connection settings are: Bits per second: 9600 Data bits: 8 Parity: None Stop bits: 1 Flow control: Xon/Xoff Log in using the default user name and password admin and infoblox. User names and passwords are case-sensitive.

3.

Using an SSHv2 Client


In addition to making a direct serial connection to the Infoblox device through its console port, you can also access the Infoblox CLI remotely across a network connection by using an SSHv2 (Secure Shell version 2) client. By default, remote console access (SSHv2 access) is disabled. To access the Infoblox CLI using SSHv2, perform the following steps: 1. 2. Make either an HTTPS or console connection to the Infoblox device, and then log in. To enable remote console access through the GUI: From the ID Grid perspective, click id_grid -> Edit -> Grid Properties -> Security, select Enable remote console access, and then click the Save icon. From the ID Device perspective, click hostname -> Edit -> ID Device Properties -> Security, select Enable remote console access, and then click the Save icon. To enable remote console access through the CLI:
Infoblox > set remote_console Enable remote console access (grid-level)? (y or n): y

Confirm the setting. 3. 4. 5. On the management system, open a remote console connection using an SSHv2 client. In a shell window (or terminal window), log in through SSHv2 using an account with superuser privileges. Enter the user name and host name or IP address of the device. For example: ssh admin@192.168.1.2 Optionally, you can launch a graphical SSHv2 client and enter the information into the appropriate fields.
For the Infoblox-1050, -1550, and -1552 Appliances 15

Accessing a Device

Using CLI Help


You can display a list of available CLI commands by typing help at the command prompt. For example:
> help exit help ping reboot reset set show shutdown traceroute dig exit command interpreter display help send ICMP ECHO reboot device reset system settings set current system settings show current system settings shut down the device route path diagnostics perform a DNS lookup and print the results

To view an in-depth explanation of a CLI command and its syntax, type help command after the command prompt. For example:
> help ping Synopsis: ping [ hostname | IP address ] <numerical> Description: Send 5 sequential ICMP ECHO requests to a remote host and display the results. Use optional <numerical> to avoid DNS lookups.

The two main groups of Infoblox CLI commands are set and show. To see the complete list of the set commands, enter help set after the command prompt. Likewise, to see a complete list of the show commands, enter help show . The following are some CLI commands that you might find particularly useful:
reset all Resets the system to factory defaults. set network Sets the system network settings. show interface Displays network interface details. show network Displays current network settings.

16

Infoblox User Guide

Configuration Examples
This chapter explains some possible deployment scenarios as examples that you can refer to when setting up your Infoblox device: Example 1 Single Infoblox Device for External DNS on page 18 Example 2 HA Pair for Internal DNS and DHCP on page 26 Example 3 Infoblox Devices in an ID Grid on page 40

To perform the configuration examples in this chapter, you need to use the Infoblox device LCD or console, and the Infoblox GUI and CLI. For Example 3 Infoblox Devices in an ID Grid on page 40, you also need to download and use the Infoblox Data Import Wizard. For management system requirements and an introduction to the Infoblox GUI and CLI, see Accessing a Device on page 13.

For the Infoblox-1050, -1550, and -1552 Appliances

17

Configuration Examples

Example 1 Single Infoblox Device for External DNS


In this example, you configure the Infoblox device as the external primary DNS server for corp100.com. Its FQDN (fully-qualified domain name) is ns1.corp100.com. The interface IP address of the LAN1 port is 10.1.5.2/24. Because this is a private IP address, you must also configure the firewall to perform NAT (network address translation), mapping the public IP address 1.1.1.2 to 10.1.5.2. Using its public IP address, ns1 can communicate with devices on the public network. The FQDN and IP address of the external secondary DNS server are ns2.corp100.com and 2.2.2.2. The ISP hosts this server. The primary and secondary servers answer queries for the following public-facing servers in the DMZ: www.corp100.com mail.corp100.com ftp.corp100.com When you create the corp100.com zone on the Infoblox device, you import zone data from the legacy DNS server at 10.1.5.3. Figure 9 Example 1 Network Diagram
The Infoblox device is the external primary DNS server for the corp100.com domain. It answers queries from the Internet for the three public-facing servers in the DMZ network: www.corp100.com mail.corp100.com ftp.corp100.com ethernet1 1.1.1.1/24 Firewall All host names shown here belong to the corp100.com domain. NTP Server 3.3.3.3 The Infoblox device is in the Pacific time zone (UMT 8:00). Internet ISP External Secondary DNS Server ns2; 2.2.2.2 ethernet2 10.1.5.1/24 Infoblox Device External Primary DNS Server ns1; 10.1.5.2 Switch Legacy Primary DNS Server ns1; 10.1.5.3 (Replaced by the Infoblox device) mail 10.1.5.6 www 10.1.5.5 ftp 10.1.5.7 NAT on Firewall 1.1.1.2 1.1.1.5 1.1.1.6 1.1.1.7 10.1.5.2 10.1.5.5 10.1.5.6 10.1.5.7

DMZ Network 10.1.5.0/24

To Internal Network

Task 1.1

Cable the Device to the Network and Turn On Power

Connect an ethernet cable from the LAN1 port of the Infoblox device to a switch in the DMZ network and turn on the power. See Installing a Device on page 9.

18

Infoblox User Guide

Example 1 Single Infoblox Device for External DNS

Task 1.2

Specify Initial Network Settings

Before you can configure the Infoblox device through the GUI, you must be able to make a network connection to it. The default network settings of the LAN1 port are 192.168.1.2/24 with a gateway at 192.168.1.1 (the HA and MGMT ports do not have default network settings). To change these settings to suit your network, use either the LCD or the console port. In this example, you change the IP address/netmask of the LAN1 port to 10.1.5.2/24, and the gateway to 10.1.5.1.

LCD
The Infoblox device has an LCD and navigation buttons on its front panel. At startup, the Infoblox logo appears in the LCD on the front panel of the device. Then the LCD scrolls repeatedly through a series of display screens. 1. To change the network settings from the default, press one of the navigation buttons. The LCD immediately goes into input mode, in which you can enter the IP address, netmask, and gateway for the LAN1 port. Use the navigation buttons to enter the following information: IP Address: 10.1.5.2 Netmask: 255.255.255.0 Gateway: 10.1.5.1

2.

Note: To learn how to disable LCD input functionality, see the Infoblox Administrator Guide.

Console Port
The Infoblox device has a male DB-9 console port on the front panel. You can log in to the device through this port and specify initial network settings using the Infoblox CLI. 1. 2. 3. Connect a console cable from the console port of the management system to the console port of the Infoblox device. For more information, see Using the Console Port on page 15. Access the Infoblox CLI. For more information, see Infoblox CLI on page 15. To change the network settings from the default, enter the set network command. Then enter information as prompted to change the IP address, netmask, and gateway for the LAN1 port.
Infoblox > set network NOTICE: All HA configuration is performed from the GUI. This interface is used only to configure a standalone node or to join an ID grid. Enter IP address: 10.1.5.2 Enter netmask: [Default: 255.255.255.0]: Enter gateway address [Default: 10.1.5.1]: Become grid member? (y or n): n

After you confirm your network settings, the device automatically restarts.

For the Infoblox-1050, -1550, and -1552 Appliances

19

Configuration Examples

Task 1.3

Specify Device Settings

When you make the initial HTTPS connection to the Infoblox device, you see the Appliance Startup Wizard, which guides you through the basic deployment of the device on your network. Use the wizard to enter the following information: Deployment: single independent device (standalone node) Host name: ns1.corp100.com Password: SnD34n534 NTP (Network Time Protocol) server: 3.3.3.3; time zone: (UMT 8:00 Pacific Time (US and Canada), Tijuana Note: For more information about using an NTP server, refer to the Infoblox Administrator Guide, or use the integrated online Help and perform a search for NTP. 1. 2. Open a browser window and enter https://10.1.5.2. Accept the certificate when prompted. Several certificate warnings appear during the login process. This is normal because the preloaded certificate is self-signed (and, therefore, is not in the trusted certificate stores in your browser, Java application, and Java Web Start application) and has the hostname www.infoblox.com, which does not match the destination IP address you entered in step 1. To stop the warning messages from occurring each time you log in to the GUI, you can generate a new self-signed certificate or import a third-party certificate with a common name that matches the FQDN (fully-qualified domain name) of the device. This is a very simple process. For information about certificates, see the Infoblox Administrator Guide. Click LAUNCH ID DEVICE MANAGER. If the browser prompts you for an application to use, see Infoblox GUI on page 14. Log in using the default user name and password admin and infoblox. Note: User names and passwords are case-sensitive. 6. The Infoblox Appliance Startup Wizard opens with a splash screen that provides basic information about the wizard, and then displays license agreement information. Beginning on the third screen, enter the following: Wizard Screen Deployment type Node type Node information Default password Time settings Enter or Select Standalone Standalone appliance Host name: ns1.corp100.com Change admins password: (select), SnD34n534 Enable NTP: (select) NTP Server: 3.3.3.3 (click Add) Time zone: (UMT 8:00 Pacific Time (US and Canada), Tijuana

3. 4. 5.

The last screen of the wizard states that the changed settings require the application to restart. When you click Finish, the Infoblox GUI application restarts.

20

Infoblox User Guide

Example 1 Single Infoblox Device for External DNS

7.

Log back in to the device. When you log in the second time, you access the Infoblox GUI application. For system requirements to use the GUI, see Table 3 on page 13.

Task 1.4

Define a NAT Address

Because the firewall translates the public IP address 1.1.1.2 to the interface IP address 10.1.5.2, all DNS queries originating outside the firewall use 1.1.1.2 (not 10.1.5.2) to reach the Infoblox device. Accordingly, you must configure the device to indicate to other external DNS servers that its address is 1.1.1.2. 1. 2. From the ID Device perspective, click ns1.corp100.com -> Edit -> ID Device Properties. In the ID Device editor, click NAT and enter the following: Enable NAT compatibility: Select check box. Group: None NAT (V)IP Address: 1.1.1.2 Click the Save icon.

3.

The glue record is an A record for a name server. The device automatically generates the A record for ns1.corp100.com using either the interface address or NAT address (if configured). To verify that the A record uses the NAT address (1.1.1.2) instead of the interface address (10.1.5.2): 1. 2. 3. 4. 5. Click DNS to open the DNS perspective, and then click DNS Members -> + (for Infoblox) -> ns1.corp100.com -> Edit -> Member DNS Properties. In the Member DNS Properties editor, click General. In the table labelled Member address for glue record inside view, select the default view and click Modify. In the Select Member Address dialog box, select NAT IP address. Click the Save and Restart Services icons.

Task 1.5

Enable Zone Transfers on the Legacy Name Server

To allow the device to import zone data from the legacy server at 10.1.5.3, you must configure the legacy server to allow zone transfers to the device at 10.1.5.2.

Legacy BIND Server


1. Open the named.conf file using a text editor and change the allow-transfer statement as shown below: For All Zones To set the allow-transfer statement as a global statement in the named.conf file for all zones:
options { zone-statistics yes; directory "/var/named/named_conf"; version ""; recursion yes; listen-on { 127.0.0.1; 10.1.5.3; }; allow-transfer { 10.1.5.2; }; transfer-format many-answers; };

For the Infoblox-1050, -1550, and -1552 Appliances

21

Configuration Examples

For a Single Zone To set the allow-transfer statement in the named.conf file for the corp100.com zone:
zone "corp100.com" in { type master; allow-transfer { 10.1.5.2; }; notify yes; };

2.

After editing the named.conf file, restart DNS service for the change to take effect.

Legacy Windows 2000/2003 Server


1. 2. 3. 4. Click Start -> All Programs -> Administrative Tools -> DNS. Click + (for ns1) -> + (for Forward Lookup Zones) -> corp100.com. Right-click corp100.com, and then select Properties -> Zone Transfers. On the Zone Transfers page in the corp100.com Properties dialog box, enter the following: Allow zone transfers: Select check box. Only to the following servers: Select. IP address: Enter 10.1.5.2, and then click Add. To save the configuration change and close the corp100.com Properties dialog box, click OK.

5.

Task 1.6

Import Zone Data

You can import zone data from a legacy server or manually enter it. When you import both forward- and reverse-mapping zone data, the Infoblox device automatically creates Infoblox host records if corresponding A and PTR records are present. You can then modify the host records to add MAC addresses. However, if you only import forward-mapping zone data, the Infoblox device cannot create host records from just the A records. In that case, because you cannot later convert A records to host records, it is more efficient to create the corp100.com zone, and define host records manually. Infoblox host records are data models that represent IP devices within the Infoblox semantic database. The Infoblox device uses a host object to define A, PTR, and CNAME resource records in a single object as well as a DHCP fixed address if you include a MAC address in the host object definition. The host object prevents costly errors because you only maintain a single object for multiple DNS records and a DHCP fixed address. Therefore, it is advantageous to use host records instead of separate A, PTR, and CNAME records. Note: If you only have forward-mapping zones on your legacy servers and you want to add reverse-mapping zones and automatically convert A records to host records in the imported forward-mapping zones and create reverse host records in corresponding reverse-mapping zones, create the reverse-mapping zones on the Infoblox device and then import the forward-mapping zones data. The Infoblox device automatically converts the imported A records to host records in the forward-mapping zones and creates reverse host records in the reverse-mapping zones. You also have the option of using the Data Import Wizard for loading DNS and DHCP configurations and data. For large data sets, this option is an efficient approach. To download the Data Import Wizard, visit www.infoblox.com/support, log in with your support account, and then click the Data Import Wizard hyperlink in the DNSone section.

22

Infoblox User Guide

Example 1 Single Infoblox Device for External DNS

In this example, when you create the corp100.com forward-mapping zone, you import zone data for the existing corp100.com zone from the legacy server at 10.1.5.3. When you create the 1.1.1.0/24 reverse-mapping zone, you also import the reverse-mapping zone records from the legacy server. After the device has both the forward- and reverse-mapping zone data, it converts the A and PTR records to Infoblox host records. 1. 2. 3. Open a browser window, and log in to the device at https://10.1.5.2, using the user name admin and the password SnD34n534. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Forward Mapping Zones -> Edit -> Add Forward Mapping Zone -> Authoritative. In the Authoritative Zone Properties section of the Add Forward Authoritative Zone editor, enter the following: Name: corp100.com Comment: External DNS zone In the Primary Server Assignment section, click Select Member to open the Select ID Grid Member dialog box. Select ns1.corp100.com, and then click OK to close the dialog box. In the Secondary Server Assignment section, click Add in the External Secondaries table to open the Zone External Secondary Server dialog box. Enter the following information, and then click OK to close the dialog box: Name: ns2.corp100.com IP Address: 2.2.2.2 Stealth: Clear check box. Click the Save icon. In the Infoblox Views panel of the DNS perspective, click + (for Forward Mapping Zones) -> corp100.com -> Edit -> Authoritative Zone Properties.

4. 5. 6. 7.

8. 9.

10. In the Forward Authoritative Zone editor, click Settings and enter the following: E-mail address: admin@corp100.com Import zone from: Select check box, and enter 10.1.5.3 in the adjacent text field. 11. Click the Save icon. 12. After successfully importing the zone data, click corp100.com in the Infoblox Views panel. You can see all the imported forward-mapping zone data in the Records panel. Because you have not yet imported the reverse-mapping zone data, most of the records appear as A records. 13. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Reverse Mapping Zones -> Edit -> Add Reverse Mapping Zone -> Authoritative. 14. In the Authoritative Zone Properties section of the Add Reverse Authoritative Zone editor, enter the following: Network Address: 1.1.1.0 Subnet Mask: /24 (255.255.255.0) Comment: External DNS zone 15. In the Primary Server Assignment section, click Select Member to open the Select ID Grid Member dialog box. 16. Select ns1.corp100.com, and then click OK to close the dialog box. 17. In the Secondary Server Assignment section, click Add in the External Secondaries table to open the Zone External Secondary Server dialog box.

For the Infoblox-1050, -1550, and -1552 Appliances

23

Configuration Examples

18. Enter the following information, and then click OK to close the dialog box: Name: ns2.corp100.com IP Address: 2.2.2.2 Stealth: Clear check box. 19. Click the Save icon. 20. In the Infoblox Views panel of the DNS perspective, click + (for Reverse Mapping Zones) -> 1.1.1.in-addr.arpa -> Edit -> Authoritative Zone Properties. 21. In the Authoritative Reverse Zone editor, click Settings and enter the following: E-mail address: admin@corp100.com Import zone from: Select check box, and enter 10.1.5.3 in the adjacent text field. 22. Click the Save and Restart Services icons. 23. Click 1.1.1.in-addr.arpa -> View -> Records. You can see all the imported reverse-mapping zone data in the Records panel. 24. Click corp100.com in the Forward Mapping Zones list. Because you have now imported both the forward- and reverse-mapping zone data, most of the records appear as host records. 25. Finally, you must remove the ns1 host record for the legacy server (value 1.1.1.3). To remove it, select ns1 (the host record for 1.1.1.3), and then click Edit -> Remove.

Task 1.7

Designate the New Primary on the Secondary Name Server (at the ISP Site)

In this example, the external secondary name server is maintained by an ISP, so you must contact your ISP administrator to change the IP address of the primary (or master) name server. (If you have administrative access to the secondary name server, you can make this change yourself.) Because a firewall performing NAT exists between the secondary and primary name servers, specify the NAT address 1.1.1.2 for the primary name server instead of 10.1.5.2.

Secondary BIND Server


1. Open the named.conf file using a text editor and set ns1 (with NAT address 1.1.1.2) as the primary (or master) from which ns2 receives zone transfers in the named.conf file for the corp100.com zone:
zone "corp100.com" in { type slave; masters { 1.1.1.2; }; notify yes; file /var/named/db.corp100.com; };

2.

After editing the named.conf file, restart DNS service for the change to take effect.

Secondary Windows 2000/2003 Server


1. 2. 3.
24

Click Start -> All Programs -> Administrative Tools -> DNS. Click + (for ns2) -> + (for Forward Lookup Zones) -> corp100.com. Right-click corp100.com, and then select Properties -> General.
Infoblox User Guide

Example 1 Single Infoblox Device for External DNS

4.

On the General page in the corp100.com Properties dialog box, enter the following: Zone file name: corp100.com.dns IP address: Enter 1.1.1.2, and then click Add. In the IP Address field, select 1.1.1.3 (the NAT IP address of the legacy DNS server), and then click Remove. To save the configuration change and close the corp100.com Properties dialog box, click OK.

5.

Task 1.8

Configure NAT and Policies on the Firewall

Change the NAT and policy settings on the firewall to allow bidirectional DNS traffic to and from ns1.corp100.com and NTP traffic from ns1.corp100.com to the NTP server at 3.3.3.3. For example, enter the following commands on a Juniper firewall running ScreenOS 4.x or later:
set address dmz ns1 10.1.5.2/32 set address untrust ntp_server 3.3.3.3/32 set interface ethernet1 mip 1.1.1.2 host 10.1.5.2 set policy from dmz to untrust ns1 any dns permit set policy from untrust to dmz any mip(1.1.1.2) dns permit set policy from dmz to untrust ns1 ntp_server ntp permit

At this point, the new DNS server can take over DNS service from the legacy server. You can remove the legacy server and unset any firewall policies permitting traffic to and from 10.1.5.3.

For the Infoblox-1050, -1550, and -1552 Appliances

25

Configuration Examples

Example 2 HA Pair for Internal DNS and DHCP


In this example, you set up an HA pair of Infoblox devices to provide internal DNS and DHCP services. The HA pair answers internal queries for all hosts in its domain (corp100.com). It forwards internal queries for external sites to ns1.corp100.com at 10.1.5.2 and ns2.corp100.com at 2.2.2.2. It also uses DHCP to provide dynamic and fixed addresses. The HA pair consists of two devices (nodes). The IP addresses of the VIP (virtual IP) address of the HA pair and the HA and LAN1 ports on each node, are as follows: HA Pair IP Addresses VIP 10.1.4.10 (the address that the active node of the HA pair uses) Node 1 LAN1 10.1.4.6 HA 10.1.4.7 Node 2 LAN1 10.1.4.8 HA 10.1.4.9

The virtual router ID number for the HA pair is 150. (The ID number must be unique for this network segment.) When you create the corp100.com zone on the HA pair, you import DNS data from the legacy server at 10.1.4.11.

26

Infoblox User Guide

Example 2 HA Pair for Internal DNS and DHCP

Figure 10 Example 2 Network Diagram


An HA pair of Infoblox devices provides internal DNS services. It answers internal queries for all hosts in its domain. It forwards internal queries for external sites to ns1 and ns2. It also serves DHCP, providing both dynamic and fixed addresses. All host names shown here belong to the corp100.com domain. The first six hexadecimal characters of all MAC addresses in this example are 00:00:00. Only the last six hexadecimal characters are shown here. = Switch Note: The section of this illustration pertaining to material covered in the first example appears dimmed. MGT Network 10.1.1.0/24 10.1.1.10 10.1.1.50 Router (Relay Agent on e1 and e2 interfaces) ethernet0 10.1.6.1/24 printer1 10.1.1.2 aa:aa:aa ethernet1 10.1.1.1/24 ethernet2 10.1.2.1/24 ethernet4 10.1.4.1/24 HA Pair Internal Primary DNS Server DHCP, IPAM ns3 VIP 10.1.4.10 mail 10.1.5.6 66:66:66 Internet ISP External Secondary DNS Server ns2; 2.2.2.2

NTP Server 3.3.3.3 The Infoblox device is in the Pacific time zone (UMT 8:00).

NAT on Firewall 1.1.1.2 1.1.1.5 1.1.1.6 1.1.1.7 1.1.1.8 10.1.5.2 10.1.5.5 10.1.5.6 10.1.5.7 10.1.4.10

ethernet1 1.1.1.1/24 Firewall (Relay Agent on e2 interface) ethernet3 10.1.6.2/24

ethernet2 10.1.5.1/24 Infoblox Device External Primary DNS Server ns1; 10.1.5.2

www 10.1.5.5 55:55:55

ftp 10.1.5.7 77:77:77

DMZ Network 10.1.5.0/24

Address Range

Server Network

Dev Network 10.1.2.0/24 10.1.2.10 10.1.2.100

10.1.4.0/24

Address Range

printer2 10.1.2.2 bb:bb:bb

Legacy Primary DNS Server ns3; 10.1.4.11 (Replaced by the HA Pair)

storage1 proxymail 10.1.4.2 10.1.4.4 dd:dd:dd ff:ff:ff storage2 proxyweb 10.1.4.3 10.1.4.5 ee:ee:ee 11:11:11

Task 2.1

Cable Devices to the Network and Turn On Power

Connect ethernet cables from the LAN1 and HA ports on both Infoblox devices to a switch in the Server network and turn on the power for both devices. See Installing a Device on page 9.

Task 2.2

Specify Initial Network Settings

Before you can configure the devices through the GUI, you must be able to make a network connection to them. The default network settings of the LAN1 port are 192.168.1.2/24 with a gateway at 192.168.1.1 (the HA and MGMT ports do not have default network settings). To change these settings, you can use the LCD or make a console connection to each device.

For the Infoblox-1050, -1550, and -1552 Appliances

27

Configuration Examples

Note: For details about using the LCD, see Task 1.2 Specify Initial Network Settings on page 19. For details on using the console, see Accessing a Device on page 13 first, and then Console Port on page 19.

Node 1
Using the LCD or console port on one of the devices, enter the following information: IP Address: 10.1.4.6 (for the LAN1 port) Netmask: 255.255.255.0 Gateway: 10.1.4.1

Node 2
Using the LCD or console port on the other device, enter the following information: IP Address: 10.1.4.8 (for the LAN1 port) Netmask: 255.255.255.0 Gateway: 10.1.4.1 After you confirm your network settings, the Infoblox GUI application automatically restarts.

Task 2.3

Specify Device Settings

When you make the initial HTTPS connection to an Infoblox device, you see the Infoblox Appliance Startup Wizard, which guides you through the basic deployment of the device on your network. To set up an HA pair, you must connect to and configure each device individually.

Node 1
1. Open a browser window and connect to https://10.1.4.6. Note: For details about making an HTTPS connection to an Infoblox device, see Task 1.3 Specify Device Settings on page 20. 2. Log in using the default user name and password admin and infoblox. Note: User names and passwords are case-sensitive. 3. The Infoblox Appliance Startup Wizard opens with a splash screen that provides basic information about the wizard, and then displays license agreement information. Beginning on the third wizard screen, enter or select the following to set up node 1 of the HA pair: Wizard Screen Deployment type Node type ID Grid information Enter Stand alone First HA node ID Grid Name: Infoblox Shared Secret: 37eeT1d (Note: The nodes use the shared secret to form an encrypted VPN tunnel between themselves. They synchronize the shared database through this tunnel.)

28

Infoblox User Guide

Example 2 HA Pair for Internal DNS and DHCP

Wizard Screen Node information

Enter Virtual IP: 10.1.4.10 Subnet Mask: 255.255.255.0 Gateway: 10.1.4.1 Host Name: ns3.corp100.com Node 1: LAN1 Address: 10.1.4.6 HA Address: 10.1.4.7 Node 2: LAN1 Address: 10.1.4.8 HA Address: 10.1.4.9 Virtual Router ID: 150 New admin password: SnD34n534 Enable NTP: Select check box. IP address: 3.3.3.3 Time zone: (UMT 8:00 Pacific Time (US and Canada), Tijuana

Default password Time settings

The last screen of the wizard states that the changed settings require the application to restart. When you click Finish, the Infoblox GUI application restarts.

Node 2
1. In the JWS (Java Web Start) login window, type 10.1.4.8 in the Hostname field. When you enter the IP address, JWS queries the device at that address, checking for a login banner. The following default Infoblox banner appears above the Hostname field: Restricted Access Login Required. Log in using the default user name and password admin and infoblox. Note: User names and passwords are case-sensitive. 3. The Infoblox Appliance Startup Wizard opens with a splash screen that provides basic information about the wizard, and then displays license agreement information. Beginning on the third wizard screen, enter or select the following to set up node 2 of the HA pair: Wizard Screen Deployment type Node type Node information Enter or Select Stand alone Second HA node IP Address: 10.1.4.8 Subnet Mask: 255.255.255.0 Gateway: 10.1.4.1

2.

For the Infoblox-1050, -1550, and -1552 Appliances

29

Configuration Examples

Wizard Screen Node provisioning

Enter or Select Masters Virtual IP: 10.1.4.10 ID Grid Name: Infoblox Shared Secret: 37eeT1d

On the last screen of the wizard, click Finish. The Infoblox GUI application terminates. The setup of the HA pair is complete. From now on, when you make an HTTPS connection to the HA pair, use the VIP address 10.1.4.10.

Task 2.4

Enable Zone Transfers on the Legacy Name Server

To allow the Infoblox device to import zone data from the legacy server at 10.1.4.11, you must configure the legacy server to allow zone transfers to the device at 10.1.4.10.

Legacy BIND Server


1. Open the named.conf file using a text editor and change the allow-transfer statement to allow zone transfers to the device at 10.1.4.10. (For a sample of the required changes to the named.conf file, see Legacy BIND Server on page 21.) After editing the named.conf file, restart DNS service for the change to take effect.

2.

Legacy Windows 2000/2003 Server


Navigate to the corp100.com Properties dialog box, and add 10.1.4.10 to the list of IP addresses to which you want to allow zone transfers. (For more detailed navigation and configuration instructions, see Legacy Windows 2000/2003 Server on page 22.)

Task 2.5

Import Zone Data

You can import zone data from a legacy server or manually enter it. When you import both forward- and reverse-mapping zone data, the Infoblox device automatically creates Infoblox host records if corresponding A and PTR records are present. You can then modify the host records to add MAC addresses. However, if you only import forward-mapping zone data, the Infoblox device cannot create host records from just the A records. In that case, because you cannot later convert A records to host records, it is more efficient to create the corp100.com zone, and define host records manually. Infoblox host records are data models that represent IP devices within the Infoblox semantic database. The Infoblox device uses a host object to define A, PTR, and CNAME resource records in a single object as well as a DHCP fixed address if you include a MAC address in the host object definition. The host object prevents costly errors because you only maintain a single object for multiple DNS records and a DHCP fixed address. Therefore, it is advantageous to use host records instead of separate A, PTR, and CNAME records. Note: If you only have forward-mapping zones defined on your legacy servers and you want to add reverse-mapping zones and automatically create host records in the imported forward-mapping zones and reverse host records in corresponding reverse-mapping zones, create the reverse-mapping zones and then import the forward-mapping zones data. The Infoblox device automatically converts the imported A records to host records in the forward-mapping zones and creates the necessary reverse host records in the reverse-mapping zones.

30

Infoblox User Guide

Example 2 HA Pair for Internal DNS and DHCP

You also have the option of using the Data Import Wizard for loading DNS and DHCP configurations and data. For large data sets, this option is an efficient approach. To download the Data Import Wizard, visit www.infoblox.com/support, log in with your support account, and then click the Data Import Wizard hyperlink in the DNSone section. In this example, when you create the corp100.com forward-mapping zone, you import zone data for the existing corp100.com zone from the legacy server at 10.1.4.11. When you create the 1.10.in-addr.arpa reverse-mapping zone, you also import the zone records for the existing 1.10.in-addr.arpa zone from the legacy server. After the device has both the forward- and reverse-mapping zone data, it converts the A and PTR records to Infoblox host records. 1. 2. 3. 4. Open a browser window, and log in to the HA pair at https://10.1.4.10, using the user name admin and the password SnD34n534. To check that the HA pair is set up and functioning properly, from the ID Device perspective, click ns3.corp100.com and check that the status indicators are all green. Click DNS to open the DNS perspective, and then click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Forward Mapping Zones -> Edit -> Add Forward Mapping Zone -> Authoritative. In the Authoritative Zone Properties section of the Add Forward Authoritative Zone editor, enter the following: Name: corp100.com Comment: Internal DNS zone In the Primary Server Assignment section, click Select Member to open the Select ID Grid Member dialog box. Select ns3.corp100.com, and then click OK to close the dialog box. Click the Save icon. In the Infoblox Views panel of the DNS perspective, click + (for Forward Mapping Zones) -> corp100.com -> Edit -> Authoritative Zone Properties. In the Forward Authoritative Zone editor, click Settings and enter the following: E-mail address: admin@corp100.com Import zone from: Select check box, and enter 10.1.4.11 in the adjacent text field.

5. 6. 7. 8. 9.

10. Click the Save icon. 11. After successfully importing the zone data, click corp100.com in the Infoblox Views panel. You can see all the imported forward-mapping zone data in the Records panel. Because you have not yet imported the reverse-mapping zone data, most of the records appear as A records. 12. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Reverse Mapping Zones -> Edit -> Add Reverse Mapping Zone -> Authoritative. 13. In the Authoritative Zone Properties section of the Add Reverse Authoritative Zone editor, enter the following: Network Address: 10.1.0.0 Subnet Mask: 255.255.0.0 Comment: Internal DNS zone 14. In the Primary Server Assignment section, click Select Member to open the Select ID Grid Member dialog box. 15. Select ns3.corp100.com, and then click OK to close the dialog box. 16. Click the Save icon.

For the Infoblox-1050, -1550, and -1552 Appliances

31

Configuration Examples

17. In the Infoblox Views panel of the DNS perspective, click + (for Reverse Mapping Zones) -> 1.1.1.in-addr.arpa -> Edit -> Authoritative Zone Properties. 18. In the Authoritative Reverse Zone editor, click Settings and enter the following: E-mail address: admin@corp100.com Import zone from: Select check box, and enter 10.1.4.11 in the adjacent text field. 19. Click the Save and Restart Services icons. 20. Click 1.1.1.in-addr.arpa -> View -> Records. You can see all the imported reverse-mapping zone data in the Records panel. 21. Click corp100.com in the Infoblox Views panel. Because you have now imported both the forward- and reverse-mapping zone data, most of the records appear as host records. 22. Finally, you must remove the ns1 host record for the legacy server (value 10.1.4.11). To remove it, select ns3, and then click Edit -> Remove.

Task 2.6

Define Networks, Reverse-Mapping Zones, DHCP Ranges, and Infoblox Hosts

In this task, you enter data manually because the configuration is fairly simple. For large data sets, you have the option of using the Data Import Wizard for loading DNS and DHCP configurations and data to make the process more efficient. To download the Data Import Wizard, visit www.infoblox.com/support, log in with your support account, and then click the Data Import Wizard hyperlink in the DNSone section.

Networks
You can create all the subnetworks individually (which in this example are 10.1.1.0/24, 10.1.2.0/24, 10.1.4.0/24, and 10.1.5.0/24), or you can create a parent network (10.1.0.0/16) that encompasses all the subnetworks and then use the Infoblox split network feature to create the individual subnetworks automatically. The split network feature accomplishes this by using the IP addresses that exist in the forward-mapping zones to determine which subnets it needs to create. This example uses the split network feature. For information about creating networks, see the Infoblox Administrator Guide. 1. 2. From the DHCP and IPAM perspective, click Networks -> Edit -> Add Network -> Network. In the Network Properties section of the Add Configure Network editor, enter the following: Network Address: 10.1.0.0 Netmask: /16 (255.255.0.0) Click Member Assignment -> Add to open the the Select ID Grid Members dialog box. Select ns3.corp100.com, and then click OK to close the dialog box. Click the Save icon. Click + (for Networks) -> 10.1.0.0/16 -> Edit -> Split Network. Subnetworks: Move the slider to 24. Immediately add only networks with ranges and fixed addresses: Select check box.

3. 4. 5. 6.

32

Infoblox User Guide

Example 2 HA Pair for Internal DNS and DHCP

The device immediately creates the following 24-bit subnets for the imported Infoblox hosts: 10.1.1.0/24 10.1.2.0/24 10.1.4.0/24 10.1.5.0/24 7. 8. Click -> + (for Networks) -> + (for 10.1.0.0/16) -> 10.1.1.0/24 -> Edit -> Network Properties. In the Configure Network editor, enter information in the following sections: Network Properties Comment: MGT Member Assignment Members: ns3.corp100.com Click the Save icon.

9.

10. To modify the other networks, repeat steps #8 10 for each network and use the following information: 10.1.2.0/24 Network: Comment: Dev Members: ns3.corp100.com 10.1.4.0/24 Network: Comment: Server Members: ns3.corp100.com 10.1.5.0/24 Network: Comment: DMZ Members: ns3.corp100.com

Reverse-Mapping Zones
When you create a network, the device automatically creates a corresponding reverse-mapping zone and reparents the relevant resource records from the parent zone (10.1.0.0/16) to that zone. To enable DNS service for the new zone, you need to assign ns3.corp100.com as the primary DNS server for each zone. In this example, the device creates four reverse-mapping zones. You must modify each zone by assigning ns3.corp100.com as its primary DNS server. 1. 2. 3. 4. 5. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> + (for Reverse Mapping Zones) -> + (for 1.10.in-addr.arpa) -> 1.1.10.in-addr.arpa -> Edit -> Authoritative Zone Properties. In the Primary Server Assignment section, click Select Member to open the Select ID Grid Member dialog box. Select ns3.corp100.com, and then click OK to close the dialog box. Click the Save icon. Repeat steps #14 for the 2.1.10.in-addr.arpa, 4.1.10.in-addr.arpa, and 5.1.10.in-addr.arpa reverse-mapping zones.

For the Infoblox-1050, -1550, and -1552 Appliances

33

Configuration Examples

DHCP Ranges
1. 2. From the DHCP and IPAM Perspective, select Networks -> + (for Networks) -> + (for 10.1.0.0/16) -> 10.1.1.0/24 -> Edit -> Add DHCP Range. In the DHCP Range section, enter the following: Start Address: 10.1.1.10 End Address: 10.1.1.50 In the Member Assignment section, select ns3.corp100.com from the ID Grid Member drop-down list. Click the Save icon. From the DHCP and IPAM Perspective, select Networks -> + (for Networks) -> + (for 10.1.0.0/16) -> 10.1.2.0/24 -> Edit -> Add DHCP Range. In the DHCP Range section, enter the following: Start Address: 10.1.2.10 End Address: 10.1.2.100 In the Member Assignment section, select ns3.corp100.com from the ID Grid Member drop-down list. Click the Save icon.

3. 4. 5. 6.

7. 8.

Infoblox Hosts
Defining both a MAC and IP address for an Infoblox host definition creates a DHCP host entrylike a fixed address that you can manage through the host object. To add a MAC address to each host record that the device created when you imported forward- and reverse-mapping zone records, you must first delete the IP address for that host, and then add the same IP address with the MAC address. 1. 2. 3. 4. 5. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> + (for Forward Mapping Zones) -> + (for corp100.com). Double-click 10.1.1.2 to open the Host editor. In the Host Record Properties section, select 10.1.1.2, and then click Remove. Click Add next to the IP Address field to open the Host Address dialog box. Enter the following, and then click OK to close the dialog box: IP Address: 10.1.1.2 MAC Address: 00:00:00:aa:aa:aa Click the Save icon. Follow steps 1 6 to modify hosts with the following information: printer2 IP Address: 10.1.2.2 MAC Address: 00:00:00:bb:bb:bb storage1 IP Address: 10.1.4.2 MAC Address: 00:00:00:dd:dd:dd

6. 7.

34

Infoblox User Guide

Example 2 HA Pair for Internal DNS and DHCP

storage2 IP Address: 10.1.4.3 MAC Address: 00:00:00:ee:ee:ee proxymail IP Address: 10.1.4.4 MAC Address: 00:00:00:ff:ff:ff proxyweb IP Address: 10.1.4.5 MAC Address: 00:00:00:11:11:11 www IP Address: 10.1.5.5 MAC Address: 00:00:00:55:55:55 mail IP Address: 10.1.5.6 MAC Address: 00:00:00:66:66:66 ftp IP Address: 10.1.5.7 MAC Address: 00:00:00:77:77:77

Task 2.7

Define Multiple Forwarders

Because ns3.corp100.com is an internal DNS server, you configure it to forward DNS queries for external DNS name resolution to the primary and secondary DNS serversns1.corp100.com at 10.1.5.2 and ns2.corp100.com at 2.2.2.2. Note: You must also configure ns1 and ns2 DNS servers to allow recursion when resolving DNS queries on behalf of ns3. For information, see Task 2.8 Enable Recursion on External DNS Servers. 1. 2. From the DNS perspective, click DNS Members -> Infoblox -> Edit -> Grid DNS Properties. In the ID Grid DNS Properties editor, click Forwarders, and then enter the following: IP Address: Type 2.2.2.2, and then click Add. IP Address: Type 10.1.5.2, and then click Add. Use Forwarders Only: Clear check box. Click the Save icon.

3.

The Infoblox device initially sends outbound queries to forwarders in the order that they appear in the Forwarders list, starting from the top of the list. If the first forwarder does not reply, the device tries the second one. The device keeps track of the response time of both forwarders and uses the quicker one for future queries. If the quicker forwarder does not respond, the device then uses the other one.

For the Infoblox-1050, -1550, and -1552 Appliances

35

Configuration Examples

Task 2.8

Enable Recursion on External DNS Servers

Because the HA pair forwards outbound queries to the two external DNS servers ns1.corp100.com (10.1.5.2) and ns2.corp100.com (2.2.2.2) for resolution, you must enable recursion on those servers. When a DNS server employs recursion, it queries other DNS servers for a domain name until it either receives the requested data or an error that the requested data cannot be found. It then reports the result back to the queristin this case, the internal DNS server ns3.corp100.com (10.1.4.10), which in turn reports back to the DNS client.

Infoblox Server in the DMZ Network (ns1.corp100.com, 10.1.5.2)


1. 2. 3. 4. Log in to ns1.corp100.com at 10.1.5.2. From the DNS perspective, click DNS Members -> Infoblox -> Edit -> Grid DNS Properties. In the ID Grid DNS Properties editor, click Queries, and then select the Allow Recursion check box. Click the Save icon.

BIND Server at ISP Site (ns2.corp100.com, 2.2.2.2)


1. Open the named.conf file using a text editor and change the recursion and allow-recursion statements to allow recursive queries from 1.1.1.8 (the NAT address of ns3).
options { zone-statistics yes; directory "/var/named/named_conf"; version ""; recursion yes; listen-on { 127.0.0.1; 2.2.2.2; }; allow-recursion { 1.1.1.8; }; transfer-format many-answers; };

2.

After editing the named.conf file, restart DNS service for the change to take effect.

Windows 2000/2003 Server at ISP Site (ns2.corp100.com, 2.2.2.2)


1. 2. 3. 4. Click Start -> All Programs -> Administrative Tools -> DNS. Right-click ns3, and then select Properties -> Advanced. On the Advanced page in the ns3 Properties dialog box, clear the Disable recursion check box. To save the configuration change and close the ns3 Properties dialog box, click OK.

Task 2.9

Modify the Firewall and Router Configurations

Configure the firewall and router in your internal network to allow the following DHCP, DNS, and NTP traffic: To allow messages to pass from the DHCP clients in the DMZthe web, mail, and FTP serversto ns3 in the Server network, configure policies and DHCP relay agent settings on the firewall. To forward DHCP messages from DHCP clients in the MGT and Dev networks to ns3 in the Server network, configure relay agent settings on the router. To translate the private IP address of ns3 (10.1.4.10) to the public IP address (1.1.1.8) when forwarding DNS queries from ns3 to ns2, set a MIP (mapped IP) address on the firewall. To allow DNS queries from ns3 to ns1 and ns2 and NTP traffic from ns3 to the NTP server, configure firewall policies.

36

Infoblox User Guide

Example 2 HA Pair for Internal DNS and DHCP

Firewall
For example, enter the following commands on a Juniper firewall running ScreenOS 4.x or later: DHCP Relay Configuration
set address trust ns3 10.1.4.10/32 set interface ethernet2 dhcp relay server-name 10.1.4.10 set policy from dmz to trust ns1 ns3 DHCP-Relay permit

DNS Forwarding
set interface ethernet1 mip 1.1.1.8 host 10.1.4.10 set policy from trust to untrust ns3 ns2 dns permit set policy from trust to dmz ns3 ns1 dns permit

NTP
set policy from dmz to untrust ns1 ntp_server ntp permit

Router
For example, enter the following commands on a Cisco router running IOS for release 12.x or later: DHCP Relay Configuration
interface ethernet1 ip helper-address 10.1.4.10 interface ethernet2 ip helper-address 10.1.4.10

Task 2.10 Enable DHCP and Switch Service to the Infoblox Device
With the Infoblox in place and the firewall and router configured for relaying DHCP messages, you can switch DHCP service from the legacy DHCP server at 10.1.4.11 to the HA pair at 10.1.4.10 (VIP address). Tip: To minimize the chance of duplicate IP address assignments during the transition from the legacy DHCP server to the device, shorten all lease times to a one-hour length in advance of the DHCP server switch. Then, when you take the legacy DHCP server offline, the DHCP clients quickly move to the new server when their lease renewal efforts fail and they broadcast DHCPDISCOVER messages. To determine how far in advance you need to shorten the lease length, find the longest lease time (for example, it might be two days). Then change the lease length to one hour at a slightly greater interval of time before you plan to switch DNS service to the device (for example, three days before the switch over). By changing the lease length this far in advance, you can be sure that all DHCP leases will be one-hour leases at the time of the switchover. If the longest lease length is longersuch as five daysand you want to avoid the increased amount of traffic caused by more frequent lease renewals over a six-day period, you can also employ a stepped approach: Six days before the switchover, change the lease lengths to one-day leases. Then two days before the switchover, change them to one-hour leases. 1. 2. 3. Open a browser window, and log in to the HA pair at https://10.1.4.10, using the user name admin and the password SnD34n534. From the DHCP and IPAM Perspective, select DHCP Members -> + (for Infoblox) -> ns3.corp100.com -> Edit -> Member DHCP Properties. In the Member DHCP Properties editor, click General Properties and select Enable DHCP Server.

For the Infoblox-1050, -1550, and -1552 Appliances

37

Configuration Examples

4. 5.

Click the Save and Restart Services icons. The HA pair is ready to provide DHCP service to the network. Take the legacy DHCP server at 10.1.4.11 offline. When the DHCP clients are unable to renew their leases from the legacy DHCP server, they broadcast DHCPDISCOVER messages to which the new DHCP server responds.

Task 2.11 Manage and Monitor


Infoblox provides tools for managing IP address usage and several types of logs to view events of interest and DHCP and DNS data. After configuring the device, you can use the following resources to manage and monitor IP address usage, DNS and DHCP data, and administrator and device activity.

IPAM (IP Address Management)


IPAM offers the following services: Simple IP address modification Within a single IP address-centric data set, you can modify the Infoblox host, DHCP, and DNS settings associated with that IP address. Address type conversion Through IPAM functionality, you can make the following conversions: Currently active dynamic addresses -> fixed addresses, reserved addresses, or Infoblox hosts Fixed addresses -> reserved addresses or hosts Reserved addresses -> hosts Device classification You can make detailed descriptions of devices in DHCP ranges and devices defined as Infoblox hosts and as fixed addresses. Three distinct views of IP address usage To monitor the usage of IP addresses on your network, you can see the following different views: High-level overall network view: From the DHCP and IPAM perspective, click DHCP Members -> + (for Infoblox) -> 10.1.4.10 -> View -> IPAM Statistics. Run-time view that allows you to zoom in and out to varying levels of detail: From the DHCP and IPAM perspective, click Networks -> network -> View -> IP Address Management -> ip_addr -> View -> Properties. DHCP lease history records: From the DHCP and IPAM perspective, click View -> DHCP Lease History. Note: For more information about IPAM functionality, see the Infoblox Administrator Guide.

38

Infoblox User Guide

Example 2 HA Pair for Internal DNS and DHCP

Logs
The following are some useful logs: Logs Audit Log Contains administrator-initiated events System Log Contains events related to hardware and software operations IPAM IPAM Statistics Contains the number of currently assigned static and dynamic addresses, and the high and low watermarks per network DNS DNS Cache Contains cached DNS-to-IP address mappings DNS Configuration Contains DNS server settings for the Infoblox DNS server Zone Statistics Contains a record of the results of all DNS queries per zone DHCP DHCP Configuration Contains DHCP server settings and network, DHCP range, and host settings for the Infoblox DHCP server DHCP Leases Contains a real-time record of DHCP leases DHCP Lease History Contains an historical record of DHCP leases DHCP Statistics Contains the number of static hosts, dynamic hosts, and available hosts per network

For the Infoblox-1050, -1550, and -1552 Appliances

39

Configuration Examples

Example 3 Infoblox Devices in an ID Grid


In this example, you configure seven Infoblox devices in an ID grid serving internal DHCP and DNS for an enterprise with the domain name corp100.com. There are four sites: HQ and three branch offices. A hub-and-spoke VPN tunnel system connects the sites, with HQ at the hub. The distribution and roles of the Infoblox devices at the four sites are as follows: HQ site (four devices in two HA pairs): HA grid master hidden primary DNS server HA member secondary DNS server and DHCP server for HQ and Site 2 Site 1 (two devices in an HA pair): HA member secondary DNS server and DHCP server for Site 1 Site 2 (no devices; the hosts at this site access the DNS and DHCP servers at HQ) Site 3 (one device): single member secondary DNS server and DHCP server for Site 3 Note: When adding Infoblox-1050, -1550, and -1552 appliances to an existing ID grid, you must first upgrade the the grid to DNSone 3.2r9 or later. To create an ID grid, you first create a grid master and then add members. The process involves these three steps: 1. 2. Configuring two devices at HQ as the grid master. See Task 3.2 Create the ID Grid Master on page 42. Logging in to the grid master and defining the members that you want to add to the grid; that is, you configure grid member settings on the grid master in anticipation of later joining those devices to the grid. See Task 3.3 Define Members on the Grid Master on page 44. Logging in to the individual devices and configuring them so that they can reach the grid master over the network and join the grid. See Task 3.4 Join Devices to the Grid on page 45.

3.

After creating the ID grid and adding members, you use the Data Import Wizard to import DHCP and DNS data from legacy servers. See Task 3.5 Import DHCP Data on page 47 and Task 3.6 Import DNS Data on page 48. Finally, you transition DHCP and DNS service from the legacy servers to the Infoblox grid members. See Task 3.7 Enable DHCP and Switch Service to the ID Grid on page 52.

40

Infoblox User Guide

Example 3 Infoblox Devices in an ID Grid

Figure 11 Example 3 Network Diagram


Seven Infoblox devices in an ID grid provide internal DNS and DHCP throughout a large multi-site network. The grid master is an HA pair at the HQ site. It is also a hidden primary DNS server. A hidden primary server does not appear in the NS (name server) records for its zones and does not answer queries. It processes DDNS updates and provides zone data to its secondary servers, which in turn respond to queries with that data. This offers the flexibility of taking the primary server offline for administrative or maintenance reasons without causing any disruption to DNS service. The other grid members are secondary DNS servers and DHCP servers: The HA grid member at HQ provides DNS and DHCP services for both the HQ site (with 4000 employees) and the much smaller branch office, Site 2 (with only 20 employees). The HA grid member at Site 1 provides DNS and DHCP services for the 2000 employees at that site. The single grid member at Site 3 provides DNS and DHCP services for the 1000 employees there. The domain corp100.com has four subdomains: lab.corp100.com, site1.corp100.com, site2.corp100.com, and site3.corp100.com. A corresponding zone or subzone organizes data for each domain and subdomain. Note: The ellipses ( . . . ) indicate that there are additional networks not shown. Zone: corp100.com

HQ Site
4000 People at HQ Site

NTP Server 3.3.3.3 All Infoblox appliances are in the Pacific time zone (UMT 8:00).

...
Network: 10.0.1.0/24 Address Range: 10.0.1.50 10.0.1.200

Zone: lab.corp100.com

...
Network: 10.0.15.0/24 Address Range: 10.0.15.50 10.0.15.200 ID Grid Master ns1.corp100.com VIP 10.0.1.10 VRID: 143 Hidden Primary DNS Server Legacy Hidden Primary DNS Server ns1.corp100.com; 10.0.1.5 HA Grid Member ns2.corp100.com VIP 10.0.2.10 VRID: 210 Secondary DNS Server DHCP Server Legacy Secondary DNS Server ns2.corp100.com; 10.0.2.5 and DHCP Server 10.0.2.20

VPN tunnels connect the HQ site with the three branch office sites. All inter-site traffic (grid communications and network services) pass through the tunnels.

VPN Tunnel Encapsulated ID Grid Communications Internet

Domain name hierarchy - The domain names lab, site1, site2, and site3 are subdomains of corp100.com.

Zone: site1.corp100.com Firewall

Zone: site3.corp100.com

...
Network: 10.1.1.0/24 Address Range: 10.1.1.50 10.1.1.200 HA Grid Member ns3.site1.corp100.com VIP 10.1.1.10 VRID: 111 Secondary DNS Server DHCP Server Legacy Secondary DNS Server ns3.site1.corp100.com; 10.1.1.5 and DHCP Server 10.1.1.20 Site 2 uses the DNS and DHCP servers at HQ. Zone: site2.corp100.com Single Grid Member ns4.site3.corp100.com LAN 10.3.1.10 Secondary DNS Server DHCP Server

...
Network: 10.3.1.0/24 Address Range: 10.3.1.50 10.3.1.200

Network: 10.2.1.0/24 Address Range: 10.2.1.50 10.2.1.100

2000 People at Site 1

Legacy Secondary DNS Server ns4.site3.corp100.com; 10.3.1.5 and DHCP Server 10.3.1.20

1000 People at Site 3

Branch Office: Site 1


20 People at Site 2

Branch Office: Site 3 Branch Office: Site 2

Task 3.1

Cable All Devices to the Network and Turn On Power

Cable the Infoblox devices to network switches. After cabling each device to a switch and connecting it to a power source, turn on the power. For details, see Installing a Device on page 9. 1. At HQ and Site 1, connect ethernet cables from the LAN1 and HA ports on the devices in each HA pair to a switch, connect the devices to power sources, and turn on the power for each device. Note: When connecting the nodes of an HA pair to a power source, connect each node to a different power source if possible. If one power source fails, the other might still be operative. 2. At Site 3, connect an ethernet cable from the LAN1 port on the single device to a switch, connect the device to a power source, and turn on the power for that device.

For the Infoblox-1050, -1550, and -1552 Appliances

41

Configuration Examples

Task 3.2

Create the ID Grid Master

Configure two devices at HQ to be the two nodes that make up the HA pair forming the ID grid master.

ID Grid Master Node 1


1. By using the LCD or by making a console connection to the device that you want to make Node 1 of the HA pair for the ID grid master, change the default network settings of its LAN1 port to the following: Note: For details about using the LCD and console, see Task 1.2 Specify Initial Network Settings on page 19. IP Address: 10.0.1.6 Netmask: 255.255.255.0 Gateway: 10.0.1.1 Connect your management system to the HQ network, open a browser window, and connect to https://10.0.1.6. Log in using the default user name and password admin and infoblox. The Infoblox Appliance Startup Wizard opens. Enter the following to set up Node 1 of the HA pair: Wizard Screen Deployment type License validation ID grid type HA node type ID Grid information Node information Enter ID grid master/member Check that a Keystone license is installed. ID grid master First HA node ID Grid Name: corp100 Shared Secret: Mg1kW17d Virtual IP: 10.0.1.10 Subnet Mask: 255.255.255.0 Gateway: 10.0.1.1 Host Name: ns1.corp100.com Node 1: LAN1 Address: 10.0.1.6 HA Address: 10.0.1.7 Node 2: LAN1 Address: 10.0.1.8 HA Address: 10.0.1.9 Virtual Router ID: 143 New admin password: 1n85w2IF Enable NTP: Select check box. IP address: 3.3.3.3 Time zone: (UMT 8:00 Pacific Time (US and Canada), Tijuana

2. 3. 4.

Default password Time settings

5.
42

When you click Finish, the Infoblox GUI application restarts. Close the browser window, leaving the JWS (Java Web Start) login window open.
Infoblox User Guide

Example 3 Infoblox Devices in an ID Grid

ID Grid Master Node 2


1. By using the LCD or by making a console connection to the device that you want to make Node 2 of the HA pair for the ID grid master, change the default network settings of its LAN1 port to the following: IP Address: 10.0.1.8 Netmask: 255.255.255.0 Gateway: 10.0.1.1 In the JWS login window, type 10.0.1.8 in the Hostname field. Log in using the default user name and password admin and infoblox. When the Infoblox Appliance Startup Wizard opens, enter the following to set up Node 2 of the HA pair: Wizard Screen Deployment type License validation ID grid node type HA node type Node information Enter ID grid master/member Check that a Keystone license is installed. ID grid master Second HA node IP Address: 10.0.1.8 Subnet Mask: 255.255.255.0 Gateway: 10.0.1.1 Masters Virtual IP: 10.0.1.10 ID Grid Name: corp100 Shared Secret: Mg1kW17d

2. 3. 4.

Node provisioning

5. 6. 7. 8.

Confirm the configuration, and then on the last screen of the wizard, click Finish. The HTTPS session terminates, but the JWS login window remains open. In the JWS login window, type 10.0.1.10 (the VIP address for the grid master) in the Hostname field. Log in using the default user name admin and the password 1n85w2IF. To check the status of the two nodes forming the grid master, from the ID Grid perspective, click + (for corp100) -> + (for Members) -> 10.0.1.10. Check that the status indicators are all green in the Detailed Status panel. Offline the state when a grid memberin this case, the second node of the HA pair composing the grid masteris not in contact with the active node of the master Connecting the state when a device matching a member configuration contacts the master to join the grid and negotiates secure communications and grid membership Synchronizing the master transmits its entire database to the member Running the state when a member is in contact with the master and is functioning properly

During the joining process, a device passes through the following four phases: 1. 2. 3. 4.

Note: Depending on the network connection speed and the amount of data that the master needs to synchronize with the member, the process can take from several seconds to several minutes to complete.

For the Infoblox-1050, -1550, and -1552 Appliances

43

Configuration Examples

Task 3.3

Define Members on the Grid Master

Before logging in to and configuring the individual devices that you want to add to the grid, define them first on the grid master.

HQ Site HA Member
1. 2. On the grid master, open the ID Grid perspective, and then click corp100 -> Edit -> Add Grid Member. In the Add ID Grid Member editor, click ID Node Properties, and then enter the following: Host Name: ns2.corp100.com (V)IP Address: 10.0.2.10 Subnet Mask: /24 (255.255.255.0) Gateway: 10.0.2.1 Comment: HQ Site - ns2.corp100.com HA Pair: Select check box. Virtual Router ID: 210 ID Node 1: LAN Address: 10.0.2.6 HA Address: 10.0.2.7 ID Node 2: LAN Address: 10.0.2.8 HA Address: 10.0.2.9 Click the Save icon.

3.

Site 1 HA Member
1. 2. On the grid master, open the ID Grid perspective, and then click corp100 -> Edit -> Add Grid Member. In the Add ID Grid Member editor, click ID Node Properties, and then enter the following: Host Name: ns3.site1.corp100.com (V)IP Address: 10.1.1.10 Subnet Mask: 255.255.255.0 Gateway: 10.1.1.1 Comment: Site 1 - ns3.site1.corp100.com HA Pair: Select check box. Virtual Router ID: 111 ID Node 1: LAN Address: 10.1.1.6 HA Address: 10.1.1.7 ID Node 2: LAN Address: 10.1.1.8 HA Address: 10.1.1.9 Click the Save icon.

3.

44

Infoblox User Guide

Example 3 Infoblox Devices in an ID Grid

Site 3 Single Member


1. 2. On the grid master, open the ID Grid perspective, and then click corp100 -> Edit -> Add Grid Member. In the Add ID Grid Member editor, click ID Node Properties, and then enter the following: Host Name: ns4.site3.corp100.com (V)IP Address: 10.3.1.10 Subnet Mask: 255.255.255.0 Gateway: 10.3.1.1 Comment: Site 3 - ns4.site3.corp100.com Click the Save icon. Log out from the grid master by clicking File -> Logout.

3. 4.

Task 3.4

Join Devices to the Grid

To complete the process of adding devices to the grid, log in to and configure each individual device so that it can contact the grid master.

HQ Site HA Grid Member (Node 1)


Make a console connection to the device that you want to make Node 1 in the HA pair, and enter the following:
Infoblox > set network NOTICE: All HA configuration is performed from the GUI. This interface is used only to configure a standalone node or to join an ID grid. Enter IP address: 10.0.2.6 Enter netmask [Default: 255.255.255.0]: Enter gateway address [Default: 10.0.2.1]: Become grid member? (y or n): y Enter Grid Master VIP: 10.0.1.10 Enter ID Grid Name: corp100 Enter ID Grid Shared Secret: Mg1kW17d New Network Settings: IP address: 10.0.2.6 Netmask: 255.255.255.0 Gateway address: 10.0.2.1 Join ID grid as member with attributes: ID Grid Master VIP: 10.0.1.10 ID Grid Name: corp100 ID Grid Shared Secret: Mg1kW17d WARNING: Joining an ID grid will replace all the data on this node! Is this correct? (y or n): y Are you sure? (y or n): y

The Infoblox application restarts. After restarting, the device contacts the grid master and joins the grid as Node 1.

For the Infoblox-1050, -1550, and -1552 Appliances

45

Configuration Examples

HQ Site HA Member (Node 2)


Make a console connection to the device that you want to make Node 2 in the HA pair, and enter exactly the same data you entered for Node 1 except that the IP address is 10.0.2.8. After the application restarts, the device contacts the grid master and joins the grid as Node 2, completing the HA member configuration for the HQ site.

Site 1 HA Grid Member (Node 1)


Make a console connection to the device that you want to make Node 1 in the HA pair at Site 1, and use the set network command to configure its basic network and ID grid settings. Use the following data: IP Address: 10.1.1.6 Netmask: 255.255.255.0 Gateway: 10.1.1.1 ID grid master VIP: 10.0.1.10 ID grid name: corp100 ID grid shared secret: Mg1kW17d The Infoblox application restarts. After restarting, the device contacts the grid master and joins the grid as Node 1.

Site 1 HA Grid Member (Node 2)


Make a console connection to the device that you want to make Node 2 in the HA pair at Site 1, and enter exactly the same data you entered for Node 1 except that the IP address is 10.1.1.8. After the application restarts, the device contacts the grid master and joins the grid as Node 2, completing the HA member configuration for Site 1.

Site 3 Single Grid Member


Make a console connection to the device that you want to make Node 1 in the HA pair at Site 1, and use the set network command to configure its basic network and ID grid settings. Use the following data: IP Address: 10.3.1.10 Netmask: 255.255.255.0 Gateway: 10.3.1.1 ID grid master VIP: 10.0.1.10 ID grid name: corp100 ID grid shared secret: Mg1kW17d The Infoblox application restarts. After restarting, the device contacts the grid master and joins the grid. To check the status of all the grid members, log in to the grid master at 10.0.1.10, and from the ID Grid perspective, click + (for corp100) -> + (for Members) -> 10.0.1.10. Check that the status indicators are all green in the Detailed Status panel. As a device joins a grid, it passes through the following phases: Offline, Connecting, (Downloading Release from Master), Synchronizing, and Running. (For a summary of these phases, see the end of the section ID Grid Master Node 2 on page 43.) Note: Depending on the network connection speed and the amount of data that the master needs to synchronize with the member, the process of joining a grid can take from several seconds to several minutes to complete. The ID grid setup is complete.
46 Infoblox User Guide

Example 3 Infoblox Devices in an ID Grid

Task 3.5

Import DHCP Data

The Data Import Wizard is a software tool that you can download from the Infoblox Support site to your management system. With it, you can import data from legacy DHCP and DNS servers to Infoblox devices. In this example, you use it to import both DHCP and DNS data to the ID grid master at 10.0.1.10, which then uses the database replication mechanism to send the imported data to other grid members. In the wizard, you also specify which grid members serve the imported data. The wizard supports various types of DHCP formats, such as the following: ISC DHCP Lucent VitalQIP Microsoft Nortel NetID CSV (comma-separated values); you can also import IPAM data in CSV format In this example, all the DHCP data is in standard ISC DHCP format. Note: Before using the Data Import Wizard, you must make an initial connection to the Infoblox GUI using JWS (Java Web Start), which downloads to your management system the Java application files that you need to run the wizard. Because you used JWS in Task 3.2 Create the ID Grid Master on page 42, you already have the necessary files installed.

Importing DHCP Data for HQ and Site 2


1. 2. Save the DHCP configuration file from your legacy DHCP server at 10.0.2.20 to a local directory. Visit www.infoblox.com/support , log in with your support account, and download the Data Import Wizard. The Data Import Wizard application downloads to a container within a Java sandbox on your management system and immediately launches, displaying the Welcome page. After reading the information in the left panel, click Next. Select Import to Infoblox Appliance, enter the following, and then click Next: Hostname or IP address: 10.0.1.10 Username: admin Password: 1n85w2IF Select the following, and then click Next: What kind of data would you like to import? DHCP/IPAM Which legacy system are you importing from? ISC DHCP Which appliance will be serving this data? 10.0.2.10 Type the path and file name of the DHCP configuration file saved from the legacy server, and then click Next. or Click Browse, navigate to the file, select it, click Open, and then click Next. In the Global DHCP Configuration table, double-click the Value cell for the domain-name-servers row, and change the IP addresses to 10.0.2.10. When satisfied with the data, click Import. You can view the status of the importation process and a summary report in the Data Import Wizard Log. To enable DDNS updates, log in to the grid master, open the DHCP and IPAM perspective and click DHCP Members -> corp100 -> Edit -> ID Grid DHCP Properties .
For the Infoblox-1050, -1550, and -1552 Appliances 47

3. 4.

5.

6.

7. 8. 9.

Configuration Examples

10. In the ID Grid DHCP Properties editor, click DNS Updates. 11. Select Enable dynamic DNS updates, and then click OK. 12. Click the Save and Restart Services icons. 13. To check the imported DHCP configuration file, click DHCP Members -> + (for corp100) -> 10.0.2.10 -> View -> DHCP Configuration. 14. In the DHCP configuration file, check that all the imported subnets are present, and navigate to the beginning of the file and check that you see the ddns-updates on statement. ( If you see ddns-updates off , enable DDNS updates for the grid as explained in steps 9-12.)

Importing DHCP Data for Site 1


1. Repeat the steps in Importing DHCP Data for HQ and Site 2, saving the DHCP configuration file from your legacy DHCP server at 10.1.1.20, and importing it to the ID grid master at 10.0.1.10 for the member with IP address 10.1.1.10 to serve. Check the imported DHCP configuration file by logging in to the ID grid master and from the DHCP and IPAM perspective, click DHCP Members -> + (for corp100) -> 10.1.1.10 -> View -> DHCP Configuration.

2.

Importing DHCP Data for Site 3


1. Repeat the steps in Importing DHCP Data for HQ and Site 2, saving the DHCP configuration file from your legacy DHCP server at 10.1.1.20, and importing it to the ID grid master at 10.0.1.10 for the member with IP address 10.3.1.10 to serve. After the importation process completes, check the imported DHCP configuration file by logging in to the ID grid master and from the DHCP and IPAM perspective, click DHCP Members -> + (for corp100) -> 10.3.1.10 -> View -> DHCP Configuration.

2.

Task 3.6

Import DNS Data

Using the Infoblox Data Import Wizard, import DNS data from the legacy hidden primary server at 10.0.1.5 to the new hidden primary server at 10.0.1.10 (the ID grid master). There are three phases to this task: Task 3.6-1 Before Using the Wizard on page 49: Save the named.conf file from the legacy server to a file in a local directory on your management system. Enable the legacy server to perform zone transfers to the Infoblox device. Configure three name server groups for the ID grid, and allow the grid master/hidden primary DNS server at 10.0.1.10 to receive DDNS updates from the grid members at 10.0.2.10, 10.1.1.10, and 10.3.1.10. These members act as secondary DNS servers and DHCP servers. Task 3.6-2 Using the Wizard on page 50: Define the source, destination, and type of DNS data in the DNS configuration file (named.conf) that you want to import. Task 3.6-3 After Using the Wizard on page 51: Check the imported DNS configuration file. In this example, all the DNS data is in BIND 9 format. The Data Import Wizard supports various types of DNS formats, such as the following: BIND 4, 8, and 9 Microsoft Lucent VitalQIP Nortel NetID
48 Infoblox User Guide

Example 3 Infoblox Devices in an ID Grid

Task 3.6-1
Legacy Server 1. 2.

Before Using the Wizard

You must set up the legacy server and ID grid master before using the Data Import Wizard.

Log in to the legacy name server at 10.0.1.5 and save the named.conf file, which contains all the DNS settings that you want to import into the Infoblox name server, to a local directory on your management system. On the legacy server, enable zone transfers to the Infoblox device.

Infoblox Grid Master DDNS Updates 1. 2. Log in to the grid master at 10.0.1.10, open the DNS perspective and click DNS Members -> + (for corp100) -> 10.0.1.10 -> Edit -> Member DNS Properties. In the Member DNS Properties editor, click Updates and enter the following: Override ID grid update settings: Select check box. Allow dynamic updates from: Click Add. In the Dynamic Updater Item dialog box, enter the following, and then click OK: IP Address Option: Select this option, and enter 10.0.2.10 in the adjacent field. Permission: Allow Click the Save icon. Repeat steps 2 to 4 to add 10.1.1.10 and 10.3.1.10 as IP addresses from which you allow DDNS updates.

3.

4. 5.

Note: When all DNS servers are members in the same ID grid, the members use database replication to synchronize all their dataincluding DNS zone data. You can change the default behavior so that grid members use zone transfers instead (see the Infoblox Administrator Guide ). In this example, grid members use database replication. Infoblox Grid Master Name Server Groups 1. 2. 3. From the DNS perspective, click DNS Members -> corp100 -> Edit -> Grid DNS Properties. In the ID Grid DNS Properties editor, click Name Server Groups -> Add, to open the Grid Name Server Group dialog box. Enter the following: Name Server Group Name: HQ-Group ID Grid Primary: ns1.corp100.com; Stealth: Select check box. ID Grid Secondaries: Click Add -> Select Member, select ns2.corp100.com in the Select ID Grid Member dialog box, and then click OK. Select ID Grid replication (recommended), and then click OK to close the Name Server Group Member Secondary dialog box and return to the Grid Name Server Group dialog box. Click OK to close the Grid Name Server Group dialog box. Repeat steps 2 to 4 to create another group. Name it Site1-Group, and use ns1.corp100.com as the hidden primary server, ns3.site1.corp100.com as a secondary server, and ID grid replication for zone updates. Repeat steps 2 to 4 to create another group. Name it Site3-Group, and use ns1.corp100.com as the hidden primary server, ns4.site3.corp100.com as a secondary server, and ID grid replication for zone updates. Click the Save and Restart Services icons.

4. 5. 6. 7.

For the Infoblox-1050, -1550, and -1552 Appliances

49

Configuration Examples

Task 3.6-2

Using the Wizard

While progressing through the Data Import Wizard, you must define the source, destination, and type of DNS data that you want to import. You then make some simple modifications to the data and import it. Defining the Source, Destination, and Type of DNS Data 1. 2. 3. Launch the Data Import Wizard. After reading the information in the left panel of the welcome page, click Next. Select Import to Infoblox Appliance, enter the following, and then click Next: Hostname or IP address: 10.0.1.10 Username: admin Password: 1n85w2IF The Data Import Wizard Log opens in a separate window behind the wizard. Leave it open while you continue. Select the following, and then click Next: What kind of data would you like to import? DNS Which legacy system are you importing from? BIND 9 Which appliance will be serving this data? 10.0.1.10 Select the following, and then click Next: What BIND 9 DNS configuration file would you like to use? Click Browse, navigate to the named.conf file you saved from the legacy server, select it, and then click Open. What type of BIND 9 DNS data do you want to import? DNS zone information and DNS record data Where is the BIND 9 DNS record data? Zone transfer(s) from a DNS server; 10.0.1.5 The wizard displays two tables of data. The upper table contains global DNS server configuration parameters. The lower table contains zone configurations. The Data Import Wizard Log presents a summary listing the number of views, zones, and DNS records in the configuration file.

4.

5.

Modifying DNS Data While importing data from the legacy DNS server, you cancel the importation of global configuration settings, and apply the name server groups you created in Before Using the Wizard on page 49 to the zones you want to import. 1. 2. 3. 4. In the Global DNS Configuration table, select all rows by clicking the top row and then SHIFT+clicking the bottom row. Right-click the selected rows to display the Set Import Options dialog box, select Do not import, and then click Apply. In the DNS Zones table, clear the Import check box for the default view. Select corp100.com, lab.corp100.com, and site2.corp100.com, and all the reverse-mapping zones with 0 or 2 in the second octet in the zone name. That is, select zones such as 1.0.10.in-addr.arpa, 2.0.10.in-addr.arpa, 3.0.10.in-addr.arpa , and 1.2.10.in-addr.arpa, 2.2.10.in-addr.arpa, 3.2.10.in-addr.arpa, . Note: You can use SHIFT+click to select multiple contiguous rows and CTRL+click to select multiple noncontiguous rows.

50

Infoblox User Guide

Example 3 Infoblox Devices in an ID Grid

5. 6.

Right-click the selected rows, and then select Set Import Options. In the Set Import Options dialog box, enter the following, and then click Apply: Set Zone Type: No change Set Import Option: No change Set View: default Set Member: HQ-Group master Select site1.corp100.com and all the reverse-mapping zones with 1 in the second octet in the zone name (1.1.10.in-addr.arpa, 2.1.10.in-addr.arpa, 3.1.10.in-addr.arpa, and so on). Right-click the selected rows, and select Set Import Options. In the Set Import Options dialog box, make the same selections as in Step 6 , but choose Site1-Group master from the Set Member drop-down list.

7. 8. 9.

10. Similarly, select site3.corp100.com and all the reverse-mapping zones with 3 in the second octet in the zone name (1.3.10.in-addr.arpa, 2.3.10.in-addr.arpa, 3.3.10.in-addr.arpa, ). 11. Right-click the selected rows, and select Set Import Options. 12. In the Set Import Options dialog box, make the same selections as in Step 6 , but choose Site3-Group master from the Set Member drop-down list. Importing DNS Data 1. Click Import. The wizard imports the global DNS parameters and zone-specific configuration settings from the named.conf file and performs a zone transfer of the data from the legacy server. Use the Data Import Wizard Log to monitor progress and review results afterward. The log lists all the zones that the wizard imports and concludes with a total of all the successfully and unsuccessfully imported zones. Note: If the wizard is unable to import a zone, an error message with an explanation appears in the log. 3. To close the Data Import Wizard, click Exit. This closes the Data Import Wizard Log as well.

2.

Task 3.6-3

After Using the Wizard

After you import data, you must restart services on the ID grid master and delete the A records for the legacy servers from the corp100.com zone. You can also confirm that the imported data is correct and complete by checking the DNS configuration and the forward- and reverse-mapping zones. 1. Log in to the ID grid master (10.0.1.10), and then click the Restart Services icon. Note: When importing data through the wizard rather than entering it through the GUI, the Restart Services icon does not change to indicate you must restart service for the device to apply the new data. Still, restarting service on the ID grid master is necessary for the imported configuration and data to take effect. 2. To remove A records for the legacy servers, from the DNS perspective, click Infoblox Views -> + (for Infoblox Views ) -> + (for default) -> + (for Forward Mapping Zones) -> corp100.com.

For the Infoblox-1050, -1550, and -1552 Appliances

51

Configuration Examples

3.

CTRL+click the following A records in the corp100.com zone, and then click Edit -> Remove Multiple: ns1 (for 10.0.1.5) ns2 (for 10.0.2.5) ns2.corp100 (for 10.0.2.5) ns3.site1.corp100 (for 10.1.1.5) ns4.site3.corp100 (for 10.3.1.5) Remove the respective A records for legacy servers from the site1.corp100 and site3.corp100 subzones. To check the imported DNS configuration file, from the DNS perspective, click DNS Members -> + (for corp100) -> 10.0.1.10 -> View -> DNS Configuration. Note: If you do not see the imported DNS configuration file, make sure you enabled DNS and restarted services.

4. 5.

6.

Scroll through the DNS configuration log to check that each imported zone has an allow-update statement like the following one for the 10.1.10.in-addr.arpa reverse-mapping zone:
zone "10.1.10.in-addr.arpa" in { allow-update { key DHCP_UPDATER; 10.0.2.10; 10.1.1.10; 10.3.1.10; }; };

Task 3.7

Enable DHCP and Switch Service to the ID Grid

Finally, you must enable DHCP service on the three grid members at 10.0.2.10, 10.1.1.10, and 10.3.1.10, and switch DNS and DHCP service from the legacy DNS and DHCP servers to them. Note: To minimize the chance of duplicate IP address assignments during the transition from the legacy DHCP servers to the ID grid members, see the Tip described on page 37. 1. Log in to the ID grid master (10.0.1.10), from the DHCP and IPAM perspective, click DHCP Members -> + (for corp100) -> 10.0.2.10 -> Edit -> Member DHCP Properties -> General Properties , select Enable DHCP Server , and then click the Save icon. Click 10.1.1.10 -> Edit -> Member DHCP Properties -> General Properties , select Enable DHCP Server , and then click the Save icon. Click 10.3.1.10 -> Edit -> Member DHCP Properties -> General Properties , select Enable DHCP Server , and then click the Save and Restart Services icons. Note: DNS service is enabled by default. To confirm that it is enabled, from the DNS perspective, click DNS Members -> + (for corp100) -> 10.0.2.10 -> Edit -> Member DNS Properties -> General Properties, and make sure the Enable DNS Server check box is selected. The ID grid members are ready to serve DHCP and DNS, and send DDNS updates. 4. Take the legacy DHCP and DNS servers offline.

2. 3.

52

Infoblox User Guide

Where to go for more information


Infoblox Documentation CD The Infoblox Documentation CD that ships with each Infoblox device contains product documentation in PDF format. In particular, for more detail on any of the features presented in this user guide, refer to the Infoblox Administrator Guide. Infoblox GUI Help When using the Infoblox GUI, you can view HTML Help by clicking the two Help iconsHelp, located on the far right of the GUI menu bar, and ? (question mark), located in the left corner at the bottom of each dialog box. infoblox.com The Infoblox Web site contains a number of useful resources, such as Infoblox Technical Support: http://www.infoblox.com/support Access the knowledgebase, software downloads, release notes, product documentation, and personal assistance (via e-mail and telephone). Access requires a user ID and password. Register at http://www.infoblox.com/support/product_registration.cfm. Technical Training and Certification: http://training.infoblox.com Learn about the curriculum, schedule, and fee for an instructor-led technical training course. Online registration is provided. Download Center: http://www.infoblox.com/library Download product data sheets, case studies, white papers, application/tech notes, and more.