infoblox 1050 1550 1552 userguide

Version 4.0 P/N 400-0107-100 Rev. A

For the Infoblox-1050, 1550, and 1552 Appliances

Infoblox User Guide

Infoblox User GuideFor the Infoblox-1050, -1550, and -1552 Appliances
ContentsIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3Infoblox-1050, -1550, and -1552 Hardware Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4System, Environmental, and Power Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Installing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Rack Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Powering the Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Cabling the Device to a Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Changing Power Supplies (Infoblox-1552) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Accessing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Infoblox GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Infoblox CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Example 1 – Single Infoblox Device for External DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Task 1.1 Cable the Device to the Network and Turn On Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Task 1.2 Specify Initial Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Task 1.3 Specify Device Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Task 1.4 Define a NAT Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Task 1.5 Enable Zone Transfers on the Legacy Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Task 1.6 Import Zone Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Task 1.7 Designate the New Primary on the Secondary Name Server (at the ISP Site). . . . . . . . . . . . . . . . . 24Task 1.8 Configure NAT and Policies on the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Example 2 – HA Pair for Internal DNS and DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Task 2.1 Cable Devices to the Network and Turn On Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Task 2.2 Specify Initial Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Task 2.3 Specify Device Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Task 2.4 Enable Zone Transfers on the Legacy Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Task 2.5 Import Zone Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Task 2.6 Define Networks, Reverse-Mapping Zones, DHCP Ranges, and Infoblox Hosts . . . . . . . . . . . . . . . 32Task 2.7 Define Multiple Forwarders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Task 2.8 Enable Recursion on External DNS Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Task 2.9 Modify the Firewall and Router Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Task 2.10 Enable DHCP and Switch Service to the Infoblox Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Task 2.11 Manage and Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Infoblox User Guide For the Infoblox-1050, -1550, -1552 Appliances 1

Contents

Example 3 – Infoblox Devices in an ID Grid. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Task 3.1 Cable All Devices to the Network and Turn On Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Task 3.2 Create the ID Grid Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Task 3.3 Define Members on the Grid Master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Task 3.4 Join Devices to the Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Task 3.5 Import DHCP Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Task 3.6 Import DNS Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Task 3.7 Enable DHCP and Switch Service to the ID Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Copyright Statements© 2006, Infoblox Inc.— All rights reserved. The contents of this document may not be copied or duplicated in any form, in whole or in part, without the prior written permission of Infoblox, Inc.

The information in this document is subject to change without notice. Infoblox, Inc. shall not be liable for any damages resulting from technical errors or omissions which may be present in this document, or from use of this document.

This document is an unpublished work protected by the United States copyright laws and is proprietary to Infoblox, Inc. Disclosure, copying, reproduction, merger, translation, modification, enhancement, or use of this document by anyone other than authorized employees, authorized users, or licensees of Infoblox, Inc. without the prior written consent of Infoblox, Inc. is prohibited.

For Open Source Copyright information, see Open Source Copyright and License Statements in the Online Help.

Trademark StatementsInfoblox, the Infoblox logo, and DNSone are trademarks or registered trademarks of Infoblox Inc.

All other trademarked names used herein are the properties of their respective owners and are used for identification purposes only.

Warranty InformationYour purchase includes a 90-day software warranty and a one year limited warranty on the Infoblox appliance, plus an Infoblox Warranty Support Plan and Technical Support. For more information about Infoblox Warranty information, refer to Infoblox website, or contact Infoblox Technical Support.

Company InformationInfoblox is located at: 4750 Patrick Henry Drive Santa Clara, CA 95054-1851, USA

Web: www.infoblox.comwww.infoblox.com/support

Phone: 408.625.4200 Toll Free: 888.463.6259 Outside North America: +1.408.716.4300 Fax: 408.625.4201

2 Infoblox User Guide

http://www.infoblox.com

http://www.infoblox.com/support

IntroductionThis guide provides an overview of Infoblox-1050, -1550, and -1552 network identity appliances running Infoblox NIOS (Network Identity Operating System) version 4.0 and later, and explains how to install and configure them. There are three configuration examples. The first describes how to deploy a single device as an independent external DNS server. The second describes how to deploy two devices as an HA (high availability) pair for internal DNS and DHCP services. The third describes how to set up several devices in an ID grid for internal DNS and DHCP services in a large multi-site corporation.

Figure 1 Tasks in This Guide

Product Overview

Infoblox-1050, -1550, and -1552 appliances provide powerful, cost-effective solutions for small to large businesses that need integrated DNS (Domain Name System) and DHCP (Dynamic Host Configuration Protocol) services. In addition, these devices also provide IPAM (IP address management), RADIUS proxy and TFTP network services, and—with a Keystone license installed—ID grid functionality.

You can configure and manage Infoblox-1050, -1550, and -1552 appliances through an easy-to-use GUI that works seamlessly in both Windows and Linux environments using standard web browsers.

These Infoblox appliances are RoHS and WEEE compliant, and their hardware meets the mechanical requirements for FIPS 140-2 compliance.

1 2

34

Infoblox >

Learn about the Infoblox devices.

Introduction on page 3

Install devices.

Installing a Device on page 9

Equipment Rack

(Second Power Source for the Infoblox-1552)

Management System

To Network

Access devices.Configure devices.

Infoblox GUI

Infoblox CLI

Accessing a Device on page 13

Configuration Examples on page 17

Power Source

For the Infoblox-1050, -1550, and -1552 Appliances 3

Introduction

Infoblox-1050, -1550, and -1552 Hardware Components

Infoblox-1050, -1550, and -1552 appliances are 1-U platforms that you can easily mount in a standard equipment rack using the mounting brackets and bolts that ship with each device. The front panel components include the LCD (liquid crystal display) panel and navigation buttons, communication ports, and indicator lights. The back panel components include the power connector and switch, fan, air vent, and the model and serial number label.

Front PanelThe front panel components are the same for Infoblox-1050, -1550, and -1552 appliances. These components are shown in Figure 2 and described in Table 1. For explanations of the ethernet port LEDs, and console and ethernet port connector pin assignments, see Ethernet Port LEDs on page 5 and Connector Pin Assignments on page 6.

Figure 2 Infoblox Device, Front View

Table 1 Front Panel Components

Component Description

LCD Panel An LCD screen that displays HA (high availability) status, network settings, software version number, hardware serial number, and software licenses. Additionally, you can view and configure the IP address, netmask, and gateway for the LAN1 port.

Navigation Buttons

Buttons that allow you to enter the IP address, subnet mask, and gateway of the LAN1 port through the LCD. Use the Up and Down arrow buttons to specify numbers and the Left and Right buttons to navigate across digits. You must specify whether to save input (OK) or discard it (CNCL). Selecting CNCL at any time returns you to the previous entry. Entering OK on the third screen returns you to the system status screen.

HA Port

Console PortDrive Indicator

Power Indicator (Infoblox-1050)

LAN1 Port

LAN2 Port

Navigation Buttons

USB Port

LCD Panel

MGMT Port

Power Indicator (Infoblox-1550, Infoblox-1552)



Ethernet Port LEDs

To see the link activity and connection speed of an ethernet port, you can look at its Link/Act and Speed LEDs. The status the LEDs convey through their color and illumination (steady glow or blinking) are presented in Figure 3.

Figure 3 LEDs

USB Port Reserved for future use.

Console Port A male DB-9 serial port for a console connection to change basic configuration settings and view basic system functions through the CLI (command line interface). Use the serial cable and connection adapters that ship with the device to make a console connection to this port.

Drive Indicator An LED that flashes green to indicate when the hard drive processes data.

Power Indicator An LED that glows green when there is power to the device. When it is dark, the device is not receiving power. (For the Infoblox-1552, the Power LED on the front panel is green if at least one power supply has power and is dark if neither power supply has power.)

MGMT Port A 10/100/1000-Mbps fast ethernet port that you can use for device management or DNS service. You can enable the MGMT port and define its use through the GUI.

HA Port A 10/100/1000-Mbps fast ethernet port through which the active node in an HA (high availability) pair connects to the network using a VIP (virtual IP) address. HA pair nodes also use their HA ports for VRRP (Virtual Router Redundancy Protocol) advertisements.

LAN1 Port LAN1 Port: A 10/100/1000-Mbps fast ethernet port that connects a single device to the network. If the MGMT port is not in use, the device uses the LAN1 port for management traffic. The passive node in an HA pair uses this port to synchronize the database with the active node.

LAN2 Port Reserved for future use.


SpeedLink/Act

SpeedLink/Act SpeedLink/Act

SpeedLink/Act

Label Color Port Status

Link/Act Steady Green Link is up but inactiveBlinking Green Link is up and activeDark Link is down

Speed Steady Amber 1000 MbpsSteady Green 100 MbpsDark 10 Mbps

MGMT

LAN1

HA

LAN2


Introduction

Connector Pin Assignments

An Infoblox device has three types of ports on its front panel:

• USB port (reserved for future use)• Male DB-9 console port• RJ-45 10Base-T/100Base-T/1000Base-T auto-sensing fast ethernet ports

The DB-9 and RJ-45 connector pin assignments are described in Figure 4. The DB-9 pin assignments follow the EIA232 standard. To make a serial connection from your management system to the console port, you can use the RJ-45 rollover cable and two female RJ-45-to-female DB-9 adapters that ship with the device, or a female DB-9-to- female DB-9 null modem cable. The RJ-45 pin assignments follow IEEE 802.3 specifications. All Infoblox ethernet ports are auto-sensing and automatically adjust to standard straight-through and cross-over ethernet cables.

10Base-T ethernet and 100Base-T fast ethernet use the same two pairs of wires. The twisted pair of wires connecting to pins 1 and 2 transmit data, and the twisted pair connecting to pins 3 and 6 receive data. For 1000Base-T connections, all four twisted-pair wires are used for bidirectional traffic.

Figure 4 Connector Pin Assignments

21 3 4 5

6 7 8 9

21 3 4 65 7 8

78 6 5 34 2 1

DB-9 Connector Pin Assignments

RJ-45 Connector Pin Assignments

Pin 10Base-T 100Base-T Signal

1000Base-T Signal

T568A Straight-Through Wire Color

T568B Straight-Through Wire Color

1 Transmit + BI_DA+ White/Green White/Orange2 Transmit - BI_DA- Green Orange3 Receive + BI_DB+ White/Orange White/Green4 (not used) BI_DC+ Blue Blue5 (not used) BI_DC- White/Blue White/Blue6 Receive - BI_DB- Orange Green7 (not used) BI_DD+ White/Brown White/Brown8 (not used) BI_DD- Brown Brown

Male DB-9 Console Port

RJ-45 Ethernet Ports

Pin Signal Direction

1 (not used)2 Receive Input3 Transmit Output4 DTE Ready Output5 Ground —6 DCE Ready Input7 RTS (Request to Send) Output8 CTS (Clear to Send) Output9 (not used)

Legend: BI_D = bidirectional; A, B, C, D = wire pairings

(Looking into the console port on an Infoblox device)

(Looking into RJ-45 ethernet ports on an

Infoblox device)



Rear PanelThe front panel on Infoblox-1050, -1550, and -1552 appliances is identical. However, because the Infoblox-1050 and -1550 have a single power supply and the Infoblox-1552 has dual power supplies, their rear panels differ.

Figure 5 Infoblox Devices, Rear View

Table 2 Rear Panel Components


Model Number An identifier of the hardware model type, software type, and power cord type.

Serial Number The serial number of the device. Use it to register the device to obtain software upgrades and technical support services.

Air Vent An air vent that allows warm air to flow out of the device. Do not obstruct.

Fan A fan to help maintain optimum operating temperature. Do not obstruct.

Power Outlet A three-prong power outlet for connecting the device to a standard AC power source.

On/Off Switch A power switch to turn the power supply of the device on and off.

Power LED An LED that glows green when a power supply has power. It is dark when it does not.

Power Outlet

On/Off Switch

Model NumberSerial Number

On/OffSwitch

Power LED

Air Vent

Fan Power Outlet

Power Outlet

Infoblox-1050 and -1550

Infoblox-1552

Redundant Power Supplies Redundant Power Outlets

Note: The label with the model and serial numbers is on the underside of the Infoblox-1552.

Air Vent

Fan


Introduction

System, Environmental, and Power Specifications

System specifications describe the physical characteristics of each device. Environmental specifications describe the temperature and moisture limits it can withstand. Power specifications describe the electrical range within which the device circuitry can operate.

System Specifications • Form Factor: 1-U rack-mountable appliance

• Dimensions:

— Infoblox-1050 and -1550: 1.75” H x 17.25” W x 15” D (4.45 cm H x 43.82 cm W x 38.1 cm)

— Infoblox-1552: 1.75” H x 17.25” W x 21.65” D (4.45 cm H x 43.82 cm W x 55 cm)

• Weight:

— Infoblox-1050 and -1550: Approximately 13 pounds (5.9 kg)

— Infoblox-1552: Approximately 20 pounds (9.07 kg)

• Ethernet Ports: MGMT, HA, LAN1, LAN2 – auto-sensing 10Base-T/100Base-T/1000Base-T

• Serial Port: DB-9 (9600/8n1, Xon/Xoff)

• LCD Panel: LCD (liquid crystal display) with input buttons

Environmental Specifications• Operating Temperature: 41 to 95 degrees F (5 to 35 degrees C)

• Storage Temperature: -40 to 122 degrees F (-40 to 50 degrees C)

• Relative Humidity: 5% to 95%, relative humidity (non-condensing)

Electrical Power Specifications• Infoblox-1050 and -1550:

— Input Voltage: 100 – 240 VAC switchable, 47 – 63 HZ, 3A

— Output Power: 250 watts

• Infoblox-1552:

— Input Voltage: 100 – 240 VAC switchable, 47 – 63 HZ, 4 A, redundant, dual input

— Output Power: 250 watts each

• Power plug and cable specifications by region:

Region Plug Type Cable Type Max Power Rating Max Temperature Rating

North America

NEMA5-15P 3-prong male plug

VCTF 3C 18 AWG 7A, 125 V 75° C

Japan NEMA5-15P 3-prong male plug

VCFI 3G 12A, 125 V 60° C

Europe CEE7 standard VII 2-prong male plug

H05VV-F 6A, 250 V 70° C

United Kingdom

LP-60L 3-prong male plug with fuse

H05VV-F 10A, 250 V 70° C


Installing a DeviceFollow these instructions to rack mount the device, connect it to a power source, and cable it to a network. However, before proceeding review the Infoblox Safety Guide and follow the necessary precautions.

Rack Mounting

The device mounts into a standard 19” (48 cm) equipment rack. In addition to the screws and brackets that ship with the product, you also need a screwdriver with a cross-headed tip.

Attach the brackets to the device, and mount it to an equipment rack.

1. Remove the four screws that ship attached to the left and right sides of the device—two screws per side.

2. Remove the pair of brackets from the accessory kit that also ships with the device.

3. Position one bracket so that the two holes in the bracket align with two of the holes on one side of the device.

Note: There are five evenly spaced holes on each side of the device. You can secure the brackets to any two adjacent holes so that you can mount the device more or less deeply in the rack.

4. Secure the bracket to the device with two of the screws that you removed previously.

5. Secure the second bracket in the same position on the other side of the device.

6. Using the screws from the accessory kit, attach the brackets to the equipment rack.

Powering the Device

Use the power cable that ships with the Infoblox device to connect it to a power source. For the Infoblox-1552, use both power cables to connect it to separate power circuits if possible. If one power circuit fails, the other might still be operative.

1. Make sure the power switch on the Infoblox-1050 and -1550 is turned off. For the Infoblox-1552, make sure both power switches are off.

2. Connect a power cable between the power connector on the back of the appliance and a properly grounded and rated power circuit that meets the provisions of the current edition of the National Electrical Code, or other wiring rules that apply to your location. Make sure the outlet is near the appliance and is easily accessible.

3. For the Infoblox-1050 and -1550, turn on the power switch. For the Infoblox-1552, turn on both switches.


Installing a Device

Cabling the Device to a Network

Use the ethernet cables shipped with the product to connect the device to the network.

1. Connect an ethernet cable from the LAN1 port on the device to your network switch or router.

2. If you want to connect your device for HA (high availability), connect the HA ports on both devices to a switch on your network. The VIP (Virtual IP), LAN1, and HA port addresses must be on the same subnet and must be unique for that subnet.

Figure 6 Cabling a Single Device and an HA Pair to a Network

Note: By default, an Infoblox device automatically negotiates the optimal connection speed and transmission type (full or half duplex) on the physical links between its LAN1, HA, and MGMT ports and the ethernet ports on a connecting switch. If the two devices fail to auto-negotiate the optimal settings, see the Infoblox Administrator Guide for steps you can take to resolve the problem.

3. HA pair: To ensure that VRRP (Virtual Router Redundancy Protocol) works properly, configure the following settings on the connecting switch:

— Portfast: enable— Trunking: disable— Port list: disable— Port channeling: disable

4. Use the Infoblox GUI to access the Infoblox device from a management system. Through the GUI, you can set up and administer the device. For management system requirements and access instructions, see Accessing a Device on page 13.

Infoblox Device

Switch or Router

Management System

When cabling a single Infoblox device to the network, connect an ethernet cable from the LAN1 port on the device to a switch or router.

When cabling a pair of devices to the network for high availability, connect ethernet cables from the LAN1 and HA ports on each device to a switch.

Infoblox Device

LCDNavigation Buttons

MGMT HA

LAN1

Switch

LAN2

Ethernet Ports


Changing Power Supplies (Infoblox-1552)

Changing Power Supplies (Infoblox-1552)

The Infoblox-1552 supports—and ships with—two redundant, auto-switching AC power supplies. The power supplies are hot-swappable, so you can remove or replace one power supply without interrupting device operation and network services.

When the Infoblox-1552 contains two functioning power supplies, they share the power load equally. If one power supply fails, the other assumes the full load automatically and the appliance sends a system alarm. Although the Infoblox-1552 can run with only one power supply, it is advisable to install two. This practice minimizes the chance of system failure due to an individual power supply failure.

Each AC power supply weighs about three pounds (1.36 kg). The faceplate contains a power LED, a power switch, and a cooling fan vent. Each power supply links to a dedicated male power outlet.

Figure 7 Removing the AC Power Supply

The LED for a power supply glows green to indicate that the power supply is fully seated in the bay, is powered on, and is functioning properly. The LED appears dark to indicate the power supply is not fully seated, is not turned on, or has failed.

To replace a power supply:

1. Turn off the power supply that you want to replace. (Keep the power for the other supply on so that the device can continue providing service.)

2. Disconnect the power cable from the outlet for this power supply.

3. Turn the thumbscrew lock release counter-clockwise to release the power supply.

4. Swivel the handle outward, grip the handle, and pull the power supply straight out.

5. Position the new power supply in the bay, and push it forward until it is fully seated against the back plane.

6. Tighten the thumbscrew lock release to lock the power supply in place, and fold back the handle.

7. Reconnect the power cable.

8. Turn on the power supply. If it is fully seated, powered on, and operating properly, the LED glows green.

Thumbscrew Lock Release

Handle Power LED

On/Off Switch

Grip the handle and pull it out.

Turn the thumbscrew counter-clockwise to release the power supply.

Turn off the power supply. The Power LED appears dark.

4

3

1

Disconnect the power cable.2

Cooling Fan Vent


Installing a Device


Accessing a DeviceThe management system is the computer from which you configure and monitor the Infoblox device. You can access the device from the management system remotely across an ethernet network or directly through a serial cable.

After completing the steps in Cabling the Device to a Network on page 10, you can make an HTTPS connection to the device and access the Infoblox GUI through Java Web Start (JWS) or make an SSHv2 connection and access the CLI through an SSHv2 client. You can also access the CLI by connecting a serial cable directly from the console port of a management system to the console port on the device, and then using a terminal emulation program.

The management system must meet the following requirements to operate an Infoblox device.

Table 3 Software and Hardware Requirements for the Management System

Management System Software Requirements Management System Hardware Requirements

GUI ACCESS

• Microsoft Internet Explorer® 6.0 or higher on Microsoft Windows NT® 4.0, Microsoft Windows® 2000, Microsoft Windows XP®

or• Mozilla 1.7 or higher on Linux or variants of UNIX

(Irix, Solaris, HP-UX, AIX)and

• Sun® Java Runtime Environment (JRE) versions 1.5.0_06 or later

• JWS application, which is automatically installed with JRE 1.5.0_06 or later

CLI ACCESS

• Secure Socket Shell (SSH) client that supports SSHv2

• Terminal emulation program, such as minicom or Hilgraeve Hyperterminal®.

• Minimum System: 500 MHz CPU with 256 MB RAM available to the product GUI, and 56 Kbps connectivity to an Infoblox device

• Recommended System: 1 GHz (or higher) CPU with 512 MB RAM available for the product GUI, and network connectivity to an Infoblox device

• Monitor Resolution: 1024 x 768 (minimum) to 1600 x 1200 (maximum)


Accessing a Device

Infoblox GUI

You can view data and configuration settings and make configuration changes through the Infoblox GUI. When an Infoblox device functions as an independent device, you launch the ID Device Manager to access the GUI. When the device is in an ID grid, you log in to the grid master and launch the ID Grid Manager.

Figure 8 Infoblox GUI Overview

When you make an HTTPS connection to the device and access the Infoblox GUI through JWS, the Java installation typically associates JNLP file types with the JWS application automatically, although not in all UNIX environments. If the browser does not automatically associate a JNLP file with the JWS application, when you click Launch ID Grid Manager or Launch ID Device Manager, you receive a prompt. Internet Explorer running on a Windows system and Mozilla running on a Linux system provide different prompts:

Internet Explorer prompts you to save the JNLP file. Click Cancel, and make the file association as follows:

1. Click Start -> Control Panel -> Folder Options -> File Types -> New.

2. In the File Extension field, type JNLP, and then click Advanced.

3. From the Associated File Type drop-down list, choose JNLP File, and then click OK.

4. To close the Folder Options dialog box, click Close.

5. You can now continue logging in to the device.

Mozilla prompts you to save the JNLP file or choose an application to open it.

1. Select the Open with button, and then choose Other from the drop-down list.

2. Navigate to the Java directory—typically in a standard system directory like /usr/java/ on Linux systems.

3. Open the jre1.5.0_06 (or later) subdirectory, and select the JWS application, which is usually named javaws. Although the exact path and directory names can differ, it might be in a directory named javaws or bin.

EditorEnter and edit information.

Properties ViewerView object properties.

PanelsView and select items to edit.

PerspectivesTool Bar

Menu

Detach and move panels, viewers and editors to customize the GUI layout.


Infoblox CLI

Infoblox CLI

The Infoblox CLI allows you to configure and monitor the device using a small set of Infoblox commands. There are some tasks, such as resetting the device, that you can only do through the CLI. You can access the Infoblox CLI through a direct console connection from your management system to the Infoblox device. You can also enable remote console access—that is, SSHv2 (Secure Shell version 2) access—through the GUI or CLI, and then access the CLI from a remote location using an SSHv2 client.

Using the Console PortThe Infoblox device has a male DB-9 console port on its front panel. You can log in to the device through this port to access the Infoblox CLI.

1. Connect a console cable from the console port on your management system to the console port on the Infoblox device.

2. Using a serial terminal emulation program such as Hilgraeve Hyperterminal® (provided with Windows® operating systems), launch a session. The connection settings are:— Bits per second: 9600— Data bits: 8— Parity: None— Stop bits: 1— Flow control: Xon/Xoff

3. Log in using the default user name and password admin and infoblox. User names and passwords are case-sensitive.

Using an SSHv2 ClientIn addition to making a direct serial connection to the Infoblox device through its console port, you can also access the Infoblox CLI remotely across a network connection by using an SSHv2 (Secure Shell version 2) client. By default, remote console access (SSHv2 access) is disabled. To access the Infoblox CLI using SSHv2, perform the following steps:

1. Make either an HTTPS or console connection to the Infoblox device, and then log in.

2. To enable remote console access through the GUI:

From the ID Grid perspective, click id_grid -> Edit -> Grid Properties -> Security, select Enable remote console access, and then click the Save icon.

From the ID Device perspective, click hostname -> Edit -> ID Device Properties -> Security, select Enable remote console access, and then click the Save icon.

To enable remote console access through the CLI: Infoblox > set remote_consoleEnable remote console access (grid-level)? (y or n): y

Confirm the setting.

3. On the management system, open a remote console connection using an SSHv2 client.

4. In a shell window (or terminal window), log in through SSHv2 using an account with superuser privileges. Enter the user name and host name or IP address of the device. For example: ssh [email protected]

5. Optionally, you can launch a graphical SSHv2 client and enter the information into the appropriate fields.


Accessing a Device

Using CLI HelpYou can display a list of available CLI commands by typing help at the command prompt. For example:

> help

exit exit command interpreter

help display help

ping send ICMP ECHO

reboot reboot device

reset reset system settings

set set current system settings

show show current system settings

shutdown shut down the device

traceroute route path diagnostics

dig perform a DNS lookup and print the results

To view an in-depth explanation of a CLI command and its syntax, type help command after the command prompt. For example:

> help ping

Synopsis:

ping [ hostname | IP address ] <numerical>

Description:

Send 5 sequential ICMP ECHO requests to a remote host and display the results. Use optional <numerical> to avoid DNS lookups.

The two main groups of Infoblox CLI commands are set and show. To see the complete list of the set commands, enter help set after the command prompt. Likewise, to see a complete list of the show commands, enter help show .

The following are some CLI commands that you might find particularly useful:

reset all

Resets the system to factory defaults.

set network

Sets the system network settings.

show interface

Displays network interface details.

show network

Displays current network settings.


Configuration ExamplesThis chapter explains some possible deployment scenarios as examples that you can refer to when setting up your Infoblox device:

• Example 1 – Single Infoblox Device for External DNS on page 18

• Example 2 – HA Pair for Internal DNS and DHCP on page 26

• Example 3 – Infoblox Devices in an ID Grid on page 40

To perform the configuration examples in this chapter, you need to use the Infoblox device LCD or console, and the Infoblox GUI and CLI. For Example 3 – Infoblox Devices in an ID Grid on page 40, you also need to download and use the Infoblox Data Import Wizard. For management system requirements and an introduction to the Infoblox GUI and CLI, see Accessing a Device on page 13.


Configuration Examples

Example 1 – Single Infoblox Device for External DNS

In this example, you configure the Infoblox device as the external primary DNS server for corp100.com. Its FQDN (fully-qualified domain name) is ns1.corp100.com. The interface IP address of the LAN1 port is 10.1.5.2/24. Because this is a private IP address, you must also configure the firewall to perform NAT (network address translation), mapping the public IP address 1.1.1.2 to 10.1.5.2. Using its public IP address, ns1 can communicate with devices on the public network.

The FQDN and IP address of the external secondary DNS server are ns2.corp100.com and 2.2.2.2. The ISP hosts this server.

The primary and secondary servers answer queries for the following public-facing servers in the DMZ:

• www.corp100.com• mail.corp100.com• ftp.corp100.com

When you create the corp100.com zone on the Infoblox device, you import zone data from the legacy DNS server at 10.1.5.3.

Figure 9 Example 1 Network Diagram

Task 1.1 Cable the Device to the Network and Turn On PowerConnect an ethernet cable from the LAN1 port of the Infoblox device to a switch in the DMZ network and turn on the power. See Installing a Device on page 9.

Infoblox Device External PrimaryDNS Serverns1; 10.1.5.2

All host names shown here belong to the corp100.com domain.

The Infoblox device is the external primary DNS server for the corp100.com domain. It answers queries from the Internet for the three public-facing servers in the DMZ network:

• www.corp100.com• mail.corp100.com• ftp.corp100.com

Switch

ISP

To Internal Network

www10.1.5.5

mail10.1.5.6

ftp10.1.5.7

DMZ Network

10.1.5.0/24

Internet

NTP Server3.3.3.3The Infoblox device is in the Pacific time zone (UMT – 8:00).

NAT on Firewall

1.1.1.2 → 10.1.5.21.1.1.5 → 10.1.5.51.1.1.6 → 10.1.5.61.1.1.7 → 10.1.5.7

ethernet11.1.1.1/24

ethernet210.1.5.1/24

Firewall

External Secondary DNS Server ns2; 2.2.2.2

Legacy Primary DNS Serverns1; 10.1.5.3(Replaced by the Infoblox device)



Task 1.2 Specify Initial Network SettingsBefore you can configure the Infoblox device through the GUI, you must be able to make a network connection to it. The default network settings of the LAN1 port are 192.168.1.2/24 with a gateway at 192.168.1.1 (the HA and MGMT ports do not have default network settings). To change these settings to suit your network, use either the LCD or the console port.

In this example, you change the IP address/netmask of the LAN1 port to 10.1.5.2/24, and the gateway to 10.1.5.1.

LCD

The Infoblox device has an LCD and navigation buttons on its front panel.

At startup, the Infoblox logo appears in the LCD on the front panel of the device. Then the LCD scrolls repeatedly through a series of display screens.

1. To change the network settings from the default, press one of the navigation buttons.

The LCD immediately goes into input mode, in which you can enter the IP address, netmask, and gateway for the LAN1 port.

2. Use the navigation buttons to enter the following information:

— IP Address: 10.1.5.2

— Netmask: 255.255.255.0

— Gateway: 10.1.5.1

Note: To learn how to disable LCD input functionality, see the Infoblox Administrator Guide.

Console Port

The Infoblox device has a male DB-9 console port on the front panel. You can log in to the device through this port and specify initial network settings using the Infoblox CLI.

1. Connect a console cable from the console port of the management system to the console port of the Infoblox device. For more information, see Using the Console Port on page 15.

2. Access the Infoblox CLI. For more information, see Infoblox CLI on page 15.

3. To change the network settings from the default, enter the set network command. Then enter information as prompted to change the IP address, netmask, and gateway for the LAN1 port.

Infoblox > set network

NOTICE: All HA configuration is performed from the GUI. This interface is used only to configure a standalone node or to join an ID grid.

Enter IP address: 10.1.5.2

Enter netmask: [Default: 255.255.255.0]:

Enter gateway address [Default: 10.1.5.1]:

Become grid member? (y or n): n

After you confirm your network settings, the device automatically restarts.



Task 1.3 Specify Device SettingsWhen you make the initial HTTPS connection to the Infoblox device, you see the Appliance Startup Wizard, which guides you through the basic deployment of the device on your network. Use the wizard to enter the following information:

• Deployment: single independent device (standalone node)• Host name: ns1.corp100.com• Password: SnD34n534• NTP (Network Time Protocol) server: 3.3.3.3; time zone: (UMT – 8:00 Pacific Time (US and Canada), Tijuana

Note: For more information about using an NTP server, refer to the Infoblox Administrator Guide, or use the integrated online Help and perform a search for “NTP”.

1. Open a browser window and enter https://10.1.5.2.

2. Accept the certificate when prompted.

Several certificate warnings appear during the login process. This is normal because the preloaded certificate is self-signed (and, therefore, is not in the trusted certificate stores in your browser, Java application, and Java Web Start application) and has the hostname www.infoblox.com, which does not match the destination IP address you entered in step 1. To stop the warning messages from occurring each time you log in to the GUI, you can generate a new self-signed certificate or import a third-party certificate with a common name that matches the FQDN (fully-qualified domain name) of the device. This is a very simple process. For information about certificates, see the Infoblox Administrator Guide.

3. Click LAUNCH ID DEVICE MANAGER.

4. If the browser prompts you for an application to use, see Infoblox GUI on page 14.

5. Log in using the default user name and password admin and infoblox.

Note: User names and passwords are case-sensitive.

6. The Infoblox Appliance Startup Wizard opens with a splash screen that provides basic information about the wizard, and then displays license agreement information. Beginning on the third screen, enter the following:

The last screen of the wizard states that the changed settings require the application to restart. When you click Finish, the Infoblox GUI application restarts.

Wizard Screen Enter or Select

Deployment type Standalone

Node type Standalone appliance

Node information Host name: ns1.corp100.com

Default password Change admin’s password: (select), SnD34n534

Time settings Enable NTP: (select)NTP Server: 3.3.3.3 (click Add)Time zone: (UMT – 8:00 Pacific Time (US and Canada), Tijuana



7. Log back in to the device. When you log in the second time, you access the Infoblox GUI application. For system requirements to use the GUI, see Table 3 on page 13.

Task 1.4 Define a NAT AddressBecause the firewall translates the public IP address 1.1.1.2 to the interface IP address 10.1.5.2, all DNS queries originating outside the firewall use 1.1.1.2 (not 10.1.5.2) to reach the Infoblox device. Accordingly, you must configure the device to indicate to other external DNS servers that its address is 1.1.1.2.

1. From the ID Device perspective, click ns1.corp100.com -> Edit -> ID Device Properties.

2. In the ID Device editor, click NAT and enter the following:

— Enable NAT compatibility: Select check box.

— Group: None

— NAT (V)IP Address: 1.1.1.2

3. Click the Save icon.

The glue record is an A record for a name server. The device automatically generates the A record for ns1.corp100.com using either the interface address or NAT address (if configured). To verify that the A record uses the NAT address (1.1.1.2) instead of the interface address (10.1.5.2):

1. Click DNS to open the DNS perspective, and then click DNS Members -> + (for Infoblox) -> ns1.corp100.com -> Edit -> Member DNS Properties.

2. In the Member DNS Properties editor, click General.

3. In the table labelled Member address for glue record inside view, select the default view and click Modify.

4. In the Select Member Address dialog box, select NAT IP address.

5. Click the Save and Restart Services icons.

Task 1.5 Enable Zone Transfers on the Legacy Name ServerTo allow the device to import zone data from the legacy server at 10.1.5.3, you must configure the legacy server to allow zone transfers to the device at 10.1.5.2.

Legacy BIND Server1. Open the named.conf file using a text editor and change the allow-transfer statement as shown below:

For All Zones — To set the allow-transfer statement as a global statement in the named.conf file for all zones:

options {

zone-statistics yes;

directory "/var/named/named_conf";

version "";

recursion yes;

listen-on { 127.0.0.1; 10.1.5.3; };

…

allow-transfer { 10.1.5.2; };

transfer-format many-answers;

};



For a Single Zone — To set the allow-transfer statement in the named.conf file for the corp100.com zone:

zone "corp100.com" in {

type master;

allow-transfer { 10.1.5.2; };

notify yes;

};

2. After editing the named.conf file, restart DNS service for the change to take effect.

Legacy Windows 2000/2003 Server

1. Click Start -> All Programs -> Administrative Tools -> DNS.

2. Click + (for ns1) -> + (for Forward Lookup Zones) -> corp100.com.

3. Right-click corp100.com, and then select Properties -> Zone Transfers.

4. On the Zone Transfers page in the corp100.com Properties dialog box, enter the following:— Allow zone transfers: Select check box.— Only to the following servers: Select.— IP address: Enter 10.1.5.2, and then click Add.

5. To save the configuration change and close the corp100.com Properties dialog box, click OK.

Task 1.6 Import Zone DataYou can import zone data from a legacy server or manually enter it. When you import both forward- and reverse-mapping zone data, the Infoblox device automatically creates Infoblox host records if corresponding A and PTR records are present. You can then modify the host records to add MAC addresses. However, if you only import forward-mapping zone data, the Infoblox device cannot create host records from just the A records. In that case, because you cannot later convert A records to host records, it is more efficient to create the corp100.com zone, and define host records manually.

Infoblox host records are data models that represent IP devices within the Infoblox semantic database. The Infoblox device uses a host object to define A, PTR, and CNAME resource records in a single object as well as a DHCP fixed address if you include a MAC address in the host object definition. The host object prevents costly errors because you only maintain a single object for multiple DNS records and a DHCP fixed address. Therefore, it is advantageous to use host records instead of separate A, PTR, and CNAME records.

Note: If you only have forward-mapping zones on your legacy servers and you want to add reverse-mapping zones and automatically convert A records to host records in the imported forward-mapping zones and create reverse host records in corresponding reverse-mapping zones, create the reverse-mapping zones on the Infoblox device and then import the forward-mapping zones data. The Infoblox device automatically converts the imported A records to host records in the forward-mapping zones and creates reverse host records in the reverse-mapping zones.

You also have the option of using the Data Import Wizard for loading DNS and DHCP configurations and data. For large data sets, this option is an efficient approach. To download the Data Import Wizard, visit www.infoblox.com/support, log in with your support account, and then click the Data Import Wizard hyperlink in the DNSone section.


https://www.infoblox.com/support


In this example, when you create the corp100.com forward-mapping zone, you import zone data for the existing corp100.com zone from the legacy server at 10.1.5.3. When you create the 1.1.1.0/24 reverse-mapping zone, you also import the reverse-mapping zone records from the legacy server. After the device has both the forward- and reverse-mapping zone data, it converts the A and PTR records to Infoblox host records.

1. Open a browser window, and log in to the device at https://10.1.5.2, using the user name admin and the password SnD34n534.

2. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Forward Mapping Zones -> Edit -> Add Forward Mapping Zone -> Authoritative.

3. In the Authoritative Zone Properties section of the Add Forward Authoritative Zone editor, enter the following:

— Name: corp100.com

— Comment: External DNS zone

4. In the Primary Server Assignment section, click Select Member to open the Select ID Grid Member dialog box.

5. Select ns1.corp100.com, and then click OK to close the dialog box.

6. In the Secondary Server Assignment section, click Add in the External Secondaries table to open the Zone External Secondary Server dialog box.

7. Enter the following information, and then click OK to close the dialog box:

— Name: ns2.corp100.com


— Stealth: Clear check box.


9. In the Infoblox Views panel of the DNS perspective, click + (for Forward Mapping Zones) -> corp100.com -> Edit -> Authoritative Zone Properties.

10. In the Forward Authoritative Zone editor, click Settings and enter the following:

— E-mail address: [email protected]

— Import zone from: Select check box, and enter 10.1.5.3 in the adjacent text field.


12. After successfully importing the zone data, click corp100.com in the Infoblox Views panel.

You can see all the imported forward-mapping zone data in the Records panel. Because you have not yet imported the reverse-mapping zone data, most of the records appear as A records.

13. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Reverse Mapping Zones -> Edit -> Add Reverse Mapping Zone -> Authoritative.

14. In the Authoritative Zone Properties section of the Add Reverse Authoritative Zone editor, enter the following:

— Network Address: 1.1.1.0

— Subnet Mask: /24 (255.255.255.0)

— Comment: External DNS zone



17. In the Secondary Server Assignment section, click Add in the External Secondaries table to open the Zone External Secondary Server dialog box.



18. Enter the following information, and then click OK to close the dialog box:

— Name: ns2.corp100.com


— Stealth: Clear check box.


20. In the Infoblox Views panel of the DNS perspective, click + (for Reverse Mapping Zones) -> 1.1.1.in-addr.arpa -> Edit -> Authoritative Zone Properties.

21. In the Authoritative Reverse Zone editor, click Settings and enter the following:




23. Click 1.1.1.in-addr.arpa -> View -> Records.

You can see all the imported reverse-mapping zone data in the Records panel.

24. Click corp100.com in the Forward Mapping Zones list.

Because you have now imported both the forward- and reverse-mapping zone data, most of the records appear as host records.

25. Finally, you must remove the ns1 host record for the legacy server (value 1.1.1.3). To remove it, select ns1 (the host record for 1.1.1.3), and then click Edit -> Remove.

Task 1.7 Designate the New Primary on the Secondary Name Server (at the ISP Site)In this example, the external secondary name server is maintained by an ISP, so you must contact your ISP administrator to change the IP address of the primary (or master) name server. (If you have administrative access to the secondary name server, you can make this change yourself.)

Because a firewall performing NAT exists between the secondary and primary name servers, specify the NAT address 1.1.1.2 for the primary name server instead of 10.1.5.2.

Secondary BIND Server1. Open the named.conf file using a text editor and set ns1 (with NAT address 1.1.1.2) as the primary (or master)

from which ns2 receives zone transfers in the named.conf file for the corp100.com zone:zone "corp100.com" in {

type slave;

masters { 1.1.1.2; };

notify yes;

file “/var/named/db.corp100.com”;

};


Secondary Windows 2000/2003 Server1. Click Start -> All Programs -> Administrative Tools -> DNS.

2. Click + (for ns2) -> + (for Forward Lookup Zones) -> corp100.com.

3. Right-click corp100.com, and then select Properties -> General.



4. On the General page in the corp100.com Properties dialog box, enter the following:

— Zone file name: corp100.com.dns

— IP address: Enter 1.1.1.2, and then click Add.

— In the IP Address field, select 1.1.1.3 (the NAT IP address of the legacy DNS server), and then click Remove.

5. To save the configuration change and close the corp100.com Properties dialog box, click OK.

Task 1.8 Configure NAT and Policies on the FirewallChange the NAT and policy settings on the firewall to allow bidirectional DNS traffic to and from ns1.corp100.com and NTP traffic from ns1.corp100.com to the NTP server at 3.3.3.3.

For example, enter the following commands on a Juniper firewall running ScreenOS 4.x or later:set address dmz ns1 10.1.5.2/32

set address untrust ntp_server 3.3.3.3/32

set interface ethernet1 mip 1.1.1.2 host 10.1.5.2

set policy from dmz to untrust ns1 any dns permit

set policy from untrust to dmz any mip(1.1.1.2) dns permit

set policy from dmz to untrust ns1 ntp_server ntp permit

At this point, the new DNS server can take over DNS service from the legacy server. You can remove the legacy server and unset any firewall policies permitting traffic to and from 10.1.5.3.



Example 2 – HA Pair for Internal DNS and DHCP

In this example, you set up an HA pair of Infoblox devices to provide internal DNS and DHCP services. The HA pair answers internal queries for all hosts in its domain (corp100.com). It forwards internal queries for external sites to ns1.corp100.com at 10.1.5.2 and ns2.corp100.com at 2.2.2.2. It also uses DHCP to provide dynamic and fixed addresses.

The HA pair consists of two devices (nodes). The IP addresses of the VIP (virtual IP) address of the HA pair and the HA and LAN1 ports on each node, are as follows:

The virtual router ID number for the HA pair is 150. (The ID number must be unique for this network segment.)

When you create the corp100.com zone on the HA pair, you import DNS data from the legacy server at 10.1.4.11.

HA Pair IP Addresses

VIP 10.1.4.10 (the address that the active node of the HA pair uses)

Node 1 Node 2

• LAN1 10.1.4.6• HA 10.1.4.7

• LAN1 10.1.4.8• HA 10.1.4.9




Task 2.1 Cable Devices to the Network and Turn On PowerConnect ethernet cables from the LAN1 and HA ports on both Infoblox devices to a switch in the Server network and turn on the power for both devices. See Installing a Device on page 9.

Task 2.2 Specify Initial Network SettingsBefore you can configure the devices through the GUI, you must be able to make a network connection to them. The default network settings of the LAN1 port are 192.168.1.2/24 with a gateway at 192.168.1.1 (the HA and MGMT ports do not have default network settings). To change these settings, you can use the LCD or make a console connection to each device.

Firewall

10.1.1.10 – 10.1.1.50

10.1.2.10 – 10.1.2.100

10.1.1.0/24

10.1.2.0/24

MGT Network

Dev Network

The first six hexadecimal characters of all MAC addresses in this example are 00:00:00. Only the last six hexadecimal characters are shown here.

All host names shown here belong to the corp100.com domain.

= Switch

printer110.1.1.2aa:aa:aa

Address Range

printer210.1.2.2bb:bb:bb

Address Range






Server Network

Router (Relay Agent on e1 and e2 interfaces)

mail10.1.5.666:66:66

www10.1.5.555:55:55

ftp10.1.5.777:77:77

10.1.4.0/24

storage110.1.4.2dd:dd:dd

storage210.1.4.3ee:ee:ee

proxymail10.1.4.4ff:ff:ff

proxyweb10.1.4.511:11:11

Infoblox Device External PrimaryDNS Serverns1; 10.1.5.2

ISP

DMZ Network

10.1.5.0/24

Internet

NAT on Firewall

1.1.1.2 → 10.1.5.21.1.1.5 → 10.1.5.51.1.1.6 → 10.1.5.61.1.1.7 → 10.1.5.7

ethernet11.1.1.1/24


External Secondary DNS Server ns2; 2.2.2.2

Legacy Primary DNS Serverns3; 10.1.4.11(Replaced by the HA Pair)

NTP Server3.3.3.3The Infoblox device is in the Pacific time zone (UMT – 8:00).

1.1.1.8 → 10.1.4.10

(Relay Agent on e2 interface)

HA PairInternal Primary DNS ServerDHCP, IPAMns3VIP 10.1.4.10

An HA pair of Infoblox devices provides internal DNS services. It answers internal queries for all hosts in its domain. It forwards internal queries for external sites to ns1 and ns2. It also serves DHCP, providing both dynamic and fixed addresses.

Note: The section of this illustration pertaining to material covered in the first example appears dimmed.



Note: For details about using the LCD, see Task 1.2 Specify Initial Network Settings on page 19. For details on using the console, see Accessing a Device on page 13 first, and then Console Port on page 19.

Node 1Using the LCD or console port on one of the devices, enter the following information:

— IP Address: 10.1.4.6 (for the LAN1 port)— Netmask: 255.255.255.0— Gateway: 10.1.4.1

Node 2Using the LCD or console port on the other device, enter the following information:

— IP Address: 10.1.4.8 (for the LAN1 port)— Netmask: 255.255.255.0— Gateway: 10.1.4.1

After you confirm your network settings, the Infoblox GUI application automatically restarts.

Task 2.3 Specify Device SettingsWhen you make the initial HTTPS connection to an Infoblox device, you see the Infoblox Appliance Startup Wizard, which guides you through the basic deployment of the device on your network. To set up an HA pair, you must connect to and configure each device individually.

Node 11. Open a browser window and connect to https://10.1.4.6.

Note: For details about making an HTTPS connection to an Infoblox device, see Task 1.3 Specify Device Settings on page 20.



3. The Infoblox Appliance Startup Wizard opens with a splash screen that provides basic information about the wizard, and then displays license agreement information. Beginning on the third wizard screen, enter or select the following to set up node 1 of the HA pair:

Wizard Screen Enter

Deployment type Stand alone

Node type First HA node

ID Grid information ID Grid Name: InfobloxShared Secret: 37eeT1d(Note: The nodes use the shared secret to form an encrypted VPN tunnel between themselves. They synchronize the shared database through this tunnel.)



The last screen of the wizard states that the changed settings require the application to restart. When you click Finish, the Infoblox GUI application restarts.

Node 21. In the JWS (Java Web Start) login window, type 10.1.4.8 in the Hostname field.

When you enter the IP address, JWS queries the device at that address, checking for a login banner. The following default Infoblox banner appears above the Hostname field: “Restricted Access – Login Required”.



3. The Infoblox Appliance Startup Wizard opens with a splash screen that provides basic information about the wizard, and then displays license agreement information. Beginning on the third wizard screen, enter or select the following to set up node 2 of the HA pair:

Node information Virtual IP: 10.1.4.10Subnet Mask: 255.255.255.0Gateway: 10.1.4.1Host Name: ns3.corp100.comNode 1:• LAN1 Address: 10.1.4.6• HA Address: 10.1.4.7Node 2:• LAN1 Address: 10.1.4.8• HA Address: 10.1.4.9Virtual Router ID: 150

Default password New admin password: SnD34n534

Time settings Enable NTP: Select check box.

IP address: 3.3.3.3Time zone: (UMT – 8:00 Pacific Time (US and Canada), Tijuana


Deployment type Stand alone

Node type Second HA node

Node information IP Address: 10.1.4.8Subnet Mask: 255.255.255.0Gateway: 10.1.4.1

Wizard Screen Enter



On the last screen of the wizard, click Finish. The Infoblox GUI application terminates.

The setup of the HA pair is complete. From now on, when you make an HTTPS connection to the HA pair, use the VIP address 10.1.4.10.

Task 2.4 Enable Zone Transfers on the Legacy Name ServerTo allow the Infoblox device to import zone data from the legacy server at 10.1.4.11, you must configure the legacy server to allow zone transfers to the device at 10.1.4.10.

Legacy BIND Server1. Open the named.conf file using a text editor and change the allow-transfer statement to allow zone transfers

to the device at 10.1.4.10. (For a sample of the required changes to the named.conf file, see Legacy BIND Server on page 21.)


Legacy Windows 2000/2003 ServerNavigate to the corp100.com Properties dialog box, and add 10.1.4.10 to the list of IP addresses to which you want to allow zone transfers. (For more detailed navigation and configuration instructions, see Legacy Windows 2000/2003 Server on page 22.)

Task 2.5 Import Zone DataYou can import zone data from a legacy server or manually enter it. When you import both forward- and reverse-mapping zone data, the Infoblox device automatically creates Infoblox host records if corresponding A and PTR records are present. You can then modify the host records to add MAC addresses. However, if you only import forward-mapping zone data, the Infoblox device cannot create host records from just the A records. In that case, because you cannot later convert A records to host records, it is more efficient to create the corp100.com zone, and define host records manually.

Infoblox host records are data models that represent IP devices within the Infoblox semantic database. The Infoblox device uses a host object to define A, PTR, and CNAME resource records in a single object as well as a DHCP fixed address if you include a MAC address in the host object definition. The host object prevents costly errors because you only maintain a single object for multiple DNS records and a DHCP fixed address. Therefore, it is advantageous to use host records instead of separate A, PTR, and CNAME records.

Note: If you only have forward-mapping zones defined on your legacy servers and you want to add reverse-mapping zones and automatically create host records in the imported forward-mapping zones and reverse host records in corresponding reverse-mapping zones, create the reverse-mapping zones and then import the forward-mapping zones data. The Infoblox device automatically converts the imported A records to host records in the forward-mapping zones and creates the necessary reverse host records in the reverse-mapping zones.

Node provisioning Master’s Virtual IP: 10.1.4.10ID Grid Name: InfobloxShared Secret: 37eeT1d




You also have the option of using the Data Import Wizard for loading DNS and DHCP configurations and data. For large data sets, this option is an efficient approach. To download the Data Import Wizard, visit www.infoblox.com/support, log in with your support account, and then click the Data Import Wizard hyperlink in the DNSone section.

In this example, when you create the corp100.com forward-mapping zone, you import zone data for the existing corp100.com zone from the legacy server at 10.1.4.11. When you create the 1.10.in-addr.arpa reverse-mapping zone, you also import the zone records for the existing 1.10.in-addr.arpa zone from the legacy server. After the device has both the forward- and reverse-mapping zone data, it converts the A and PTR records to Infoblox host records.

1. Open a browser window, and log in to the HA pair at https://10.1.4.10, using the user name admin and the password SnD34n534.

2. To check that the HA pair is set up and functioning properly, from the ID Device perspective, click ns3.corp100.com and check that the status indicators are all green.

3. Click DNS to open the DNS perspective, and then click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Forward Mapping Zones -> Edit -> Add Forward Mapping Zone -> Authoritative.

4. In the Authoritative Zone Properties section of the Add Forward Authoritative Zone editor, enter the following:

— Name: corp100.com

— Comment: Internal DNS zone




8. In the Infoblox Views panel of the DNS perspective, click + (for Forward Mapping Zones) -> corp100.com -> Edit -> Authoritative Zone Properties.

9. In the Forward Authoritative Zone editor, click Settings and enter the following:




11. After successfully importing the zone data, click corp100.com in the Infoblox Views panel.

You can see all the imported forward-mapping zone data in the Records panel. Because you have not yet imported the reverse-mapping zone data, most of the records appear as A records.

12. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Reverse Mapping Zones -> Edit -> Add Reverse Mapping Zone -> Authoritative.

13. In the Authoritative Zone Properties section of the Add Reverse Authoritative Zone editor, enter the following:


— Subnet Mask: 255.255.0.0

— Comment: Internal DNS zone







17. In the Infoblox Views panel of the DNS perspective, click + (for Reverse Mapping Zones) -> 1.1.1.in-addr.arpa -> Edit -> Authoritative Zone Properties.

18. In the Authoritative Reverse Zone editor, click Settings and enter the following:




20. Click 1.1.1.in-addr.arpa -> View -> Records.

You can see all the imported reverse-mapping zone data in the Records panel.

21. Click corp100.com in the Infoblox Views panel.

Because you have now imported both the forward- and reverse-mapping zone data, most of the records appear as host records.

22. Finally, you must remove the ns1 host record for the legacy server (value 10.1.4.11). To remove it, select ns3, and then click Edit -> Remove.

Task 2.6 Define Networks, Reverse-Mapping Zones, DHCP Ranges, and Infoblox HostsIn this task, you enter data manually because the configuration is fairly simple. For large data sets, you have the option of using the Data Import Wizard for loading DNS and DHCP configurations and data to make the process more efficient. To download the Data Import Wizard, visit www.infoblox.com/support, log in with your support account, and then click the Data Import Wizard hyperlink in the DNSone section.

Networks

You can create all the subnetworks individually (which in this example are 10.1.1.0/24, 10.1.2.0/24, 10.1.4.0/24, and 10.1.5.0/24), or you can create a parent network (10.1.0.0/16) that encompasses all the subnetworks and then use the Infoblox split network feature to create the individual subnetworks automatically. The split network feature accomplishes this by using the IP addresses that exist in the forward-mapping zones to determine which subnets it needs to create. This example uses the split network feature. For information about creating networks, see the Infoblox Administrator Guide.

1. From the DHCP and IPAM perspective, click Networks -> Edit -> Add Network -> Network.

2. In the Network Properties section of the Add Configure Network editor, enter the following:


— Netmask: /16 (255.255.0.0)

3. Click Member Assignment -> Add to open the the Select ID Grid Members dialog box.



6. Click + (for Networks) -> 10.1.0.0/16 -> Edit -> Split Network.

— Subnetworks: Move the slider to 24.

— Immediately add only networks with ranges and fixed addresses: Select check box.




The device immediately creates the following 24-bit subnets for the imported Infoblox hosts:

— 10.1.1.0/24

— 10.1.2.0/24

— 10.1.4.0/24

— 10.1.5.0/24

7. Click -> + (for Networks) -> + (for 10.1.0.0/16) -> 10.1.1.0/24 -> Edit -> Network Properties.

8. In the Configure Network editor, enter information in the following sections:

Network Properties

— Comment: MGT

Member Assignment

— Members: ns3.corp100.com


10. To modify the other networks, repeat steps #8 – 10 for each network and use the following information:

10.1.2.0/24 Network:

— Comment: Dev


10.1.4.0/24 Network:

— Comment: Server


10.1.5.0/24 Network:

— Comment: DMZ


Reverse-Mapping Zones

When you create a network, the device automatically creates a corresponding reverse-mapping zone and “reparents” the relevant resource records from the parent zone (10.1.0.0/16) to that zone. To enable DNS service for the new zone, you need to assign ns3.corp100.com as the primary DNS server for each zone. In this example, the device creates four reverse-mapping zones. You must modify each zone by assigning ns3.corp100.com as its primary DNS server.

1. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> + (for Reverse Mapping Zones) -> + (for 1.10.in-addr.arpa) -> 1.1.10.in-addr.arpa -> Edit -> Authoritative Zone Properties.




5. Repeat steps #1–4 for the 2.1.10.in-addr.arpa, 4.1.10.in-addr.arpa, and 5.1.10.in-addr.arpa reverse-mapping zones.



DHCP Ranges1. From the DHCP and IPAM Perspective, select Networks -> + (for Networks) -> + (for 10.1.0.0/16) -> 10.1.1.0/24

-> Edit -> Add DHCP Range.

2. In the DHCP Range section, enter the following:

— Start Address: 10.1.1.10

— End Address: 10.1.1.50

3. In the Member Assignment section, select ns3.corp100.com from the ID Grid Member drop-down list.


5. From the DHCP and IPAM Perspective, select Networks -> + (for Networks) -> + (for 10.1.0.0/16) -> 10.1.2.0/24 -> Edit -> Add DHCP Range.

6. In the DHCP Range section, enter the following:

— Start Address: 10.1.2.10

— End Address: 10.1.2.100

7. In the Member Assignment section, select ns3.corp100.com from the ID Grid Member drop-down list.


Infoblox Hosts

Defining both a MAC and IP address for an Infoblox host definition creates a DHCP host entry—like a fixed address—that you can manage through the host object. To add a MAC address to each host record that the device created when you imported forward- and reverse-mapping zone records, you must first delete the IP address for that host, and then add the same IP address with the MAC address.

1. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> + (for Forward Mapping Zones) -> + (for corp100.com).

2. Double-click 10.1.1.2 to open the Host editor.

3. In the Host Record Properties section, select 10.1.1.2, and then click Remove.

4. Click Add next to the IP Address field to open the Host Address dialog box.

5. Enter the following, and then click OK to close the dialog box:

— IP Address: 10.1.1.2— MAC Address: 00:00:00:aa:aa:aa


7. Follow steps 1 – 6 to modify hosts with the following information:

printer2


— MAC Address: 00:00:00:bb:bb:bb

storage1


— MAC Address: 00:00:00:dd:dd:dd



storage2


— MAC Address: 00:00:00:ee:ee:ee

proxymail


— MAC Address: 00:00:00:ff:ff:ff

proxyweb


— MAC Address: 00:00:00:11:11:11

www


— MAC Address: 00:00:00:55:55:55

mail


— MAC Address: 00:00:00:66:66:66

ftp


— MAC Address: 00:00:00:77:77:77

Task 2.7 Define Multiple ForwardersBecause ns3.corp100.com is an internal DNS server, you configure it to forward DNS queries for external DNS name resolution to the primary and secondary DNS servers—ns1.corp100.com at 10.1.5.2 and ns2.corp100.com at 2.2.2.2.

Note: You must also configure ns1 and ns2 DNS servers to allow recursion when resolving DNS queries on behalf of ns3. For information, see Task 2.8 Enable Recursion on External DNS Servers.

1. From the DNS perspective, click DNS Members -> Infoblox -> Edit -> Grid DNS Properties.

2. In the ID Grid DNS Properties editor, click Forwarders, and then enter the following:

— IP Address: Type 2.2.2.2, and then click Add.

— IP Address: Type 10.1.5.2, and then click Add.

— Use Forwarders Only: Clear check box.


The Infoblox device initially sends outbound queries to forwarders in the order that they appear in the Forwarders list, starting from the top of the list. If the first forwarder does not reply, the device tries the second one. The device keeps track of the response time of both forwarders and uses the quicker one for future queries. If the quicker forwarder does not respond, the device then uses the other one.



Task 2.8 Enable Recursion on External DNS ServersBecause the HA pair forwards outbound queries to the two external DNS servers ns1.corp100.com (10.1.5.2) and ns2.corp100.com (2.2.2.2) for resolution, you must enable recursion on those servers. When a DNS server employs recursion, it queries other DNS servers for a domain name until it either receives the requested data or an error that the requested data cannot be found. It then reports the result back to the querist—in this case, the internal DNS server ns3.corp100.com (10.1.4.10), which in turn reports back to the DNS client.

Infoblox Server in the DMZ Network (ns1.corp100.com, 10.1.5.2)1. Log in to ns1.corp100.com at 10.1.5.2.

2. From the DNS perspective, click DNS Members -> Infoblox -> Edit -> Grid DNS Properties.

3. In the ID Grid DNS Properties editor, click Queries, and then select the Allow Recursion check box.


BIND Server at ISP Site (ns2.corp100.com, 2.2.2.2)1. Open the named.conf file using a text editor and change the recursion and allow-recursion statements to allow

recursive queries from 1.1.1.8 (the NAT address of ns3).options {zone-statistics yes;directory "/var/named/named_conf";version "";recursion yes;listen-on { 127.0.0.1; 2.2.2.2; };…allow-recursion { 1.1.1.8; };transfer-format many-answers;};


Windows 2000/2003 Server at ISP Site (ns2.corp100.com, 2.2.2.2)

1. Click Start -> All Programs -> Administrative Tools -> DNS.

2. Right-click ns3, and then select Properties -> Advanced.

3. On the Advanced page in the ns3 Properties dialog box, clear the Disable recursion check box.

4. To save the configuration change and close the ns3 Properties dialog box, click OK.

Task 2.9 Modify the Firewall and Router ConfigurationsConfigure the firewall and router in your internal network to allow the following DHCP, DNS, and NTP traffic:

• To allow messages to pass from the DHCP clients in the DMZ—the web, mail, and FTP servers—to ns3 in the Server network, configure policies and DHCP relay agent settings on the firewall.

• To forward DHCP messages from DHCP clients in the MGT and Dev networks to ns3 in the Server network, configure relay agent settings on the router.

• To translate the private IP address of ns3 (10.1.4.10) to the public IP address (1.1.1.8) when forwarding DNS queries from ns3 to ns2, set a MIP (mapped IP) address on the firewall.

• To allow DNS queries from ns3 to ns1 and ns2 and NTP traffic from ns3 to the NTP server, configure firewall policies.



Firewall

For example, enter the following commands on a Juniper firewall running ScreenOS 4.x or later:

DHCP Relay Configurationset address trust ns3 10.1.4.10/32set interface ethernet2 dhcp relay server-name 10.1.4.10set policy from dmz to trust ns1 ns3 DHCP-Relay permit

DNS Forwardingset interface ethernet1 mip 1.1.1.8 host 10.1.4.10set policy from trust to untrust ns3 ns2 dns permitset policy from trust to dmz ns3 ns1 dns permit

NTPset policy from dmz to untrust ns1 ntp_server ntp permit

Router

For example, enter the following commands on a Cisco router running IOS for release 12.x or later:

DHCP Relay Configurationinterface ethernet1

ip helper-address 10.1.4.10

interface ethernet2

ip helper-address 10.1.4.10

Task 2.10 Enable DHCP and Switch Service to the Infoblox DeviceWith the Infoblox in place and the firewall and router configured for relaying DHCP messages, you can switch DHCP service from the legacy DHCP server at 10.1.4.11 to the HA pair at 10.1.4.10 (VIP address).

Tip: To minimize the chance of duplicate IP address assignments during the transition from the legacy DHCP server to the device, shorten all lease times to a one-hour length in advance of the DHCP server switch. Then, when you take the legacy DHCP server offline, the DHCP clients quickly move to the new server when their lease renewal efforts fail and they broadcast DHCPDISCOVER messages. To determine how far in advance you need to shorten the lease length, find the longest lease time (for example, it might be two days). Then change the lease length to one hour at a slightly greater interval of time before you plan to switch DNS service to the device (for example, three days before the switch over). By changing the lease length this far in advance, you can be sure that all DHCP leases will be one-hour leases at the time of the switchover. If the longest lease length is longer—such as five days—and you want to avoid the increased amount of traffic caused by more frequent lease renewals over a six-day period, you can also employ a stepped approach: Six days before the switchover, change the lease lengths to one-day leases. Then two days before the switchover, change them to one-hour leases.

1. Open a browser window, and log in to the HA pair at https://10.1.4.10, using the user name admin and the password SnD34n534.

2. From the DHCP and IPAM Perspective, select DHCP Members -> + (for Infoblox) -> ns3.corp100.com -> Edit -> Member DHCP Properties.

3. In the Member DHCP Properties editor, click General Properties and select Enable DHCP Server.




The HA pair is ready to provide DHCP service to the network.

5. Take the legacy DHCP server at 10.1.4.11 offline.

When the DHCP clients are unable to renew their leases from the legacy DHCP server, they broadcast DHCPDISCOVER messages to which the new DHCP server responds.

Task 2.11 Manage and MonitorInfoblox provides tools for managing IP address usage and several types of logs to view events of interest and DHCP and DNS data. After configuring the device, you can use the following resources to manage and monitor IP address usage, DNS and DHCP data, and administrator and device activity.

IPAM (IP Address Management)

IPAM offers the following services:

• Simple IP address modification – Within a single IP address-centric data set, you can modify the Infoblox host, DHCP, and DNS settings associated with that IP address.

• Address type conversion — Through IPAM functionality, you can make the following conversions:

— Currently active dynamic addresses -> fixed addresses, reserved addresses, or Infoblox hosts

— Fixed addresses -> reserved addresses or hosts

— Reserved addresses -> hosts

• Device classification – You can make detailed descriptions of devices in DHCP ranges and devices defined as Infoblox hosts and as fixed addresses.

• Three distinct views of IP address usage – To monitor the usage of IP addresses on your network, you can see the following different views:

— High-level overall network view: From the DHCP and IPAM perspective, click DHCP Members -> + (for Infoblox) -> 10.1.4.10 -> View -> IPAM Statistics.

— Run-time view that allows you to zoom in and out to varying levels of detail: From the DHCP and IPAM perspective, click Networks -> network -> View -> IP Address Management -> ip_addr -> View -> Properties.

— DHCP lease history records: From the DHCP and IPAM perspective, click View -> DHCP Lease History.

Note: For more information about IPAM functionality, see the Infoblox Administrator Guide.



Logs

The following are some useful logs:

• Logs

— Audit Log – Contains administrator-initiated events

— System Log – Contains events related to hardware and software operations

• IPAM

— IPAM Statistics – Contains the number of currently assigned static and dynamic addresses, and the high and low watermarks per network

• DNS

— DNS Cache – Contains cached DNS-to-IP address mappings

— DNS Configuration – Contains DNS server settings for the Infoblox DNS server

— Zone Statistics – Contains a record of the results of all DNS queries per zone

• DHCP— DHCP Configuration – Contains DHCP server settings and network, DHCP range, and host settings for the

Infoblox DHCP server

— DHCP Leases – Contains a real-time record of DHCP leases

— DHCP Lease History – Contains an historical record of DHCP leases

— DHCP Statistics – Contains the number of static hosts, dynamic hosts, and available hosts per network



Example 3 – Infoblox Devices in an ID Grid

In this example, you configure seven Infoblox devices in an ID grid serving internal DHCP and DNS for an enterprise with the domain name corp100.com. There are four sites: HQ and three branch offices. A hub-and-spoke VPN tunnel system connects the sites, with HQ at the hub. The distribution and roles of the Infoblox devices at the four sites are as follows:

• HQ site (four devices in two HA pairs):

— HA grid master – hidden primary DNS server

— HA member – secondary DNS server and DHCP server for HQ and Site 2

• Site 1 (two devices in an HA pair): HA member – secondary DNS server and DHCP server for Site 1

• Site 2 (no devices; the hosts at this site access the DNS and DHCP servers at HQ)

• Site 3 (one device): single member – secondary DNS server and DHCP server for Site 3

Note: When adding Infoblox-1050, -1550, and -1552 appliances to an existing ID grid, you must first upgrade the the grid to DNSone 3.2r9 or later.

To create an ID grid, you first create a grid master and then add members. The process involves these three steps:

1. Configuring two devices at HQ as the grid master. See Task 3.2 Create the ID Grid Master on page 42.

2. Logging in to the grid master and defining the members that you want to add to the grid; that is, you configure grid member settings on the grid master in anticipation of later joining those devices to the grid. See Task 3.3 Define Members on the Grid Master on page 44.

3. Logging in to the individual devices and configuring them so that they can reach the grid master over the network and join the grid. See Task 3.4 Join Devices to the Grid on page 45.

After creating the ID grid and adding members, you use the Data Import Wizard to import DHCP and DNS data from legacy servers. See Task 3.5 Import DHCP Data on page 47 and Task 3.6 Import DNS Data on page 48.

Finally, you transition DHCP and DNS service from the legacy servers to the Infoblox grid members. See Task 3.7 Enable DHCP and Switch Service to the ID Grid on page 52.




Task 3.1 Cable All Devices to the Network and Turn On PowerCable the Infoblox devices to network switches. After cabling each device to a switch and connecting it to a power source, turn on the power. For details, see Installing a Device on page 9.

1. At HQ and Site 1, connect ethernet cables from the LAN1 and HA ports on the devices in each HA pair to a switch, connect the devices to power sources, and turn on the power for each device.

Note: When connecting the nodes of an HA pair to a power source, connect each node to a different power source if possible. If one power source fails, the other might still be operative.

2. At Site 3, connect an ethernet cable from the LAN1 port on the single device to a switch, connect the device to a power source, and turn on the power for that device.

Branch Office: Site 3

HQ Site



NTP Server3.3.3.3All Infoblox appliances are in the Pacific time zone (UMT – 8:00).

Seven Infoblox devices in an ID grid provide internal DNS and DHCP throughout a large multi-site network.

The grid master is an HA pair at the HQ site. It is also a hidden primary DNS server. A hidden primary server does not appear in the NS (name server) records for its zones and does not answer queries. It processes DDNS updates and provides zone data to its secondary servers, which in turn respond to queries with that data. This offers the flexibility of taking the primary server offline for administrative or maintenance reasons without causing any disruption to DNS service.

The other grid members are secondary DNS servers and DHCP servers:

• The HA grid member at HQ provides DNS and DHCP services for both the HQ site (with 4000 employees) and the much smaller branch office, Site 2 (with only 20 employees).

• The HA grid member at Site 1 provides DNS and DHCP services for the 2000 employees at that site.

• The single grid member at Site 3 provides DNS and DHCP services for the 1000 employees there.

The domain corp100.com has four subdomains: lab.corp100.com, site1.corp100.com, site2.corp100.com, and site3.corp100.com. A corresponding zone or subzone organizes data for each domain and subdomain.

ID Grid Masterns1.corp100.comVIP 10.0.1.10VRID: 143Hidden Primary DNS Server

HA Grid Memberns2.corp100.comVIP 10.0.2.10VRID: 210Secondary DNS ServerDHCP Server

Zone: site1.corp100.com

Zone: site2.corp100.comHA Grid Memberns3.site1.corp100.com VIP 10.1.1.10VRID: 111 Secondary DNS ServerDHCP Server

Single Grid Memberns4.site3.corp100.com LAN 10.3.1.10 Secondary DNS ServerDHCP Server

20 People at Site 2

1000 People at Site 32000 People at Site 1

4000 People at HQ Site

Site 2 uses the DNS and DHCP servers at HQ.

VPN tunnels connect the HQ site with the three branch office sites. All inter-site traffic (grid communications and network services) pass through the tunnels.

Internet

. . .

Zone: site3.corp100.com

. . .

Note: The ellipses ( . . . ) indicate that there are additional networks not shown.

Address Range: 10.0.15.50 – 10.0.15.200

Network: 10.0.15.0/24

Zone: lab.corp100.com

. . .

Zone: corp100.com

. . .

Address Range: 10.0.1.50 – 10.0.1.200

Network: 10.0.1.0/24

Address Range: 10.1.1.50 – 10.1.1.200

Network: 10.1.1.0/24

Address Range: 10.2.1.50 – 10.2.1.100

Network: 10.2.1.0/24

Address Range: 10.3.1.50 – 10.3.1.200

Network: 10.3.1.0/24

VPN Tunnel Domain name hierarchy - The domain names lab, site1, site2, and site3 are subdomains of corp100.com.

LegacyHidden Primary DNS Serverns1.corp100.com; 10.0.1.5

Legacy Secondary DNS Serverns2.corp100.com; 10.0.2.5 and DHCP Server 10.0.2.20

Firewall

Legacy Secondary DNS Serverns3.site1.corp100.com; 10.1.1.5 and DHCP Server 10.1.1.20

Legacy Secondary DNS Serverns4.site3.corp100.com; 10.3.1.5 and DHCP Server 10.3.1.20

Encapsulated ID Grid Communications



Task 3.2 Create the ID Grid MasterConfigure two devices at HQ to be the two nodes that make up the HA pair forming the ID grid master.

ID Grid Master – Node 11. By using the LCD or by making a console connection to the device that you want to make Node 1 of the HA pair

for the ID grid master, change the default network settings of its LAN1 port to the following:

Note: For details about using the LCD and console, see Task 1.2 Specify Initial Network Settings on page 19.

— IP Address: 10.0.1.6— Netmask: 255.255.255.0— Gateway: 10.0.1.1

2. Connect your management system to the HQ network, open a browser window, and connect to https://10.0.1.6.

3. Log in using the default user name and password admin and infoblox.The Infoblox Appliance Startup Wizard opens.

4. Enter the following to set up Node 1 of the HA pair:

When you click Finish, the Infoblox GUI application restarts.5. Close the browser window, leaving the JWS (Java Web Start) login window open.

Wizard Screen Enter

Deployment type ID grid master/member

License validation Check that a Keystone license is installed.

ID grid type ID grid master

HA node type First HA node

ID Grid information ID Grid Name: corp100Shared Secret: Mg1kW17d

Node information Virtual IP: 10.0.1.10Subnet Mask: 255.255.255.0Gateway: 10.0.1.1Host Name: ns1.corp100.comNode 1:• LAN1 Address: 10.0.1.6• HA Address: 10.0.1.7Node 2:• LAN1 Address: 10.0.1.8• HA Address: 10.0.1.9Virtual Router ID: 143

Default password New admin password: 1n85w2IF

Time settings Enable NTP: Select check box.

IP address: 3.3.3.3Time zone: (UMT – 8:00 Pacific Time (US and Canada), Tijuana



ID Grid Master – Node 21. By using the LCD or by making a console connection to the device that you want to make Node 2 of the HA pair

for the ID grid master, change the default network settings of its LAN1 port to the following:— IP Address: 10.0.1.8— Netmask: 255.255.255.0— Gateway: 10.0.1.1

2. In the JWS login window, type 10.0.1.8 in the Hostname field.


4. When the Infoblox Appliance Startup Wizard opens, enter the following to set up Node 2 of the HA pair:

5. Confirm the configuration, and then on the last screen of the wizard, click Finish.

The HTTPS session terminates, but the JWS login window remains open.

6. In the JWS login window, type 10.0.1.10 (the VIP address for the grid master) in the Hostname field.

7. Log in using the default user name admin and the password 1n85w2IF.

8. To check the status of the two nodes forming the grid master, from the ID Grid perspective, click + (for corp100) -> + (for Members) -> 10.0.1.10. Check that the status indicators are all green in the Detailed Status panel.

During the joining process, a device passes through the following four phases:

1. Offline – the state when a grid member—in this case, the second node of the HA pair composing the grid master—is not in contact with the active node of the master

2. Connecting – the state when a device matching a member configuration contacts the master to join the grid and negotiates secure communications and grid membership

3. Synchronizing – the master transmits its entire database to the member

4. Running — the state when a member is in contact with the master and is functioning properly

Note: Depending on the network connection speed and the amount of data that the master needs to synchronize with the member, the process can take from several seconds to several minutes to complete.

Wizard Screen Enter

Deployment type ID grid master/member

License validation Check that a Keystone license is installed.

ID grid node type ID grid master

HA node type Second HA node

Node information IP Address: 10.0.1.8Subnet Mask: 255.255.255.0Gateway: 10.0.1.1

Node provisioning Master’s Virtual IP: 10.0.1.10ID Grid Name: corp100Shared Secret: Mg1kW17d



Task 3.3 Define Members on the Grid MasterBefore logging in to and configuring the individual devices that you want to add to the grid, define them first on the grid master.

HQ Site – HA Member1. On the grid master, open the ID Grid perspective, and then click corp100 -> Edit -> Add Grid Member.

2. In the Add ID Grid Member editor, click ID Node Properties, and then enter the following:

— Host Name: ns2.corp100.com

— (V)IP Address: 10.0.2.10

— Subnet Mask: /24 (255.255.255.0)

— Gateway: 10.0.2.1

— Comment: HQ Site - ns2.corp100.com

— HA Pair: Select check box.

— Virtual Router ID: 210

— ID Node 1:

LAN Address: 10.0.2.6

HA Address: 10.0.2.7

— ID Node 2:




Site 1 – HA Member1. On the grid master, open the ID Grid perspective, and then click corp100 -> Edit -> Add Grid Member.


— Host Name: ns3.site1.corp100.com

— (V)IP Address: 10.1.1.10

— Subnet Mask: 255.255.255.0

— Gateway: 10.1.1.1

— Comment: Site 1 - ns3.site1.corp100.com

— HA Pair: Select check box.

— Virtual Router ID: 111

— ID Node 1:



— ID Node 2:






Site 3 – Single Member1. On the grid master, open the ID Grid perspective, and then click corp100 -> Edit -> Add Grid Member.


— Host Name: ns4.site3.corp100.com

— (V)IP Address: 10.3.1.10

— Subnet Mask: 255.255.255.0

— Gateway: 10.3.1.1

— Comment: Site 3 - ns4.site3.corp100.com


4. Log out from the grid master by clicking File -> Logout.

Task 3.4 Join Devices to the GridTo complete the process of adding devices to the grid, log in to and configure each individual device so that it can contact the grid master.

HQ Site – HA Grid Member (Node 1)

Make a console connection to the device that you want to make Node 1 in the HA pair, and enter the following:

Infoblox > set network

NOTICE: All HA configuration is performed from the GUI. This interface is used only to configure a standalone node or to join an ID grid.

Enter IP address: 10.0.2.6

Enter netmask [Default: 255.255.255.0]:

Enter gateway address [Default: 10.0.2.1]:

Become grid member? (y or n): y

Enter Grid Master VIP: 10.0.1.10

Enter ID Grid Name: corp100

Enter ID Grid Shared Secret: Mg1kW17d

New Network Settings:

IP address: 10.0.2.6

Netmask: 255.255.255.0

Gateway address: 10.0.2.1

Join ID grid as member with attributes:

ID Grid Master VIP: 10.0.1.10

ID Grid Name: corp100

ID Grid Shared Secret: Mg1kW17d

WARNING: Joining an ID grid will replace all the data on this node!

Is this correct? (y or n): y

Are you sure? (y or n): y

The Infoblox application restarts. After restarting, the device contacts the grid master and joins the grid as Node 1.



HQ Site – HA Member (Node 2)

Make a console connection to the device that you want to make Node 2 in the HA pair, and enter exactly the same data you entered for Node 1 except that the IP address is 10.0.2.8.

After the application restarts, the device contacts the grid master and joins the grid as Node 2, completing the HA member configuration for the HQ site.

Site 1 – HA Grid Member (Node 1)

Make a console connection to the device that you want to make Node 1 in the HA pair at Site 1, and use the set network command to configure its basic network and ID grid settings. Use the following data:

— IP Address: 10.1.1.6— Netmask: 255.255.255.0— Gateway: 10.1.1.1— ID grid master VIP: 10.0.1.10— ID grid name: corp100— ID grid shared secret: Mg1kW17d

The Infoblox application restarts. After restarting, the device contacts the grid master and joins the grid as Node 1.

Site 1 – HA Grid Member (Node 2)

Make a console connection to the device that you want to make Node 2 in the HA pair at Site 1, and enter exactly the same data you entered for Node 1 except that the IP address is 10.1.1.8.

After the application restarts, the device contacts the grid master and joins the grid as Node 2, completing the HA member configuration for Site 1.

Site 3 – Single Grid Member

Make a console connection to the device that you want to make Node 1 in the HA pair at Site 1, and use the set network command to configure its basic network and ID grid settings. Use the following data:

— IP Address: 10.3.1.10— Netmask: 255.255.255.0— Gateway: 10.3.1.1— ID grid master VIP: 10.0.1.10— ID grid name: corp100— ID grid shared secret: Mg1kW17d

The Infoblox application restarts. After restarting, the device contacts the grid master and joins the grid.

To check the status of all the grid members, log in to the grid master at 10.0.1.10, and from the ID Grid perspective, click + (for corp100) -> + (for Members) -> 10.0.1.10. Check that the status indicators are all green in the Detailed Status panel. As a device joins a grid, it passes through the following phases: Offline, Connecting, (Downloading Release from Master), Synchronizing, and Running. (For a summary of these phases, see the end of the section ID Grid Master – Node 2 on page 43.)

Note: Depending on the network connection speed and the amount of data that the master needs to synchronize with the member, the process of joining a grid can take from several seconds to several minutes to complete.

The ID grid setup is complete.



Task 3.5 Import DHCP DataThe Data Import Wizard is a software tool that you can download from the Infoblox Support site to your management system. With it, you can import data from legacy DHCP and DNS servers to Infoblox devices. In this example, you use it to import both DHCP and DNS data to the ID grid master at 10.0.1.10, which then uses the database replication mechanism to send the imported data to other grid members. In the wizard, you also specify which grid members serve the imported data. The wizard supports various types of DHCP formats, such as the following:• ISC DHCP• Lucent VitalQIP• Microsoft• Nortel NetID• CSV (comma-separated values); you can also import IPAM data in CSV format

In this example, all the DHCP data is in standard ISC DHCP format.

Note: Before using the Data Import Wizard, you must make an initial connection to the Infoblox GUI using JWS (Java Web Start), which downloads to your management system the Java application files that you need to run the wizard. Because you used JWS in Task 3.2 Create the ID Grid Master on page 42, you already have the necessary files installed.

Importing DHCP Data for HQ and Site 21. Save the DHCP configuration file from your legacy DHCP server at 10.0.2.20 to a local directory.

2. Visit www.infoblox.com/support , log in with your support account, and download the Data Import Wizard. The Data Import Wizard application downloads to a container within a Java sandbox on your management system and immediately launches, displaying the Welcome page.

3. After reading the information in the left panel, click Next.

4. Select Import to Infoblox Appliance, enter the following, and then click Next:

— Hostname or IP address: 10.0.1.10— Username: admin— Password: 1n85w2IF

5. Select the following, and then click Next:

— What kind of data would you like to import? DHCP/IPAM— Which legacy system are you importing from? ISC DHCP— Which appliance will be serving this data? 10.0.2.10

6. Type the path and file name of the DHCP configuration file saved from the legacy server, and then click Next.

or

Click Browse, navigate to the file, select it, click Open, and then click Next.

7. In the Global DHCP Configuration table, double-click the Value cell for the domain-name-servers row, and change the IP addresses to 10.0.2.10.

8. When satisfied with the data, click Import.

You can view the status of the importation process and a summary report in the Data Import Wizard Log.

9. To enable DDNS updates, log in to the grid master, open the DHCP and IPAM perspective and click DHCP Members -> corp100 -> Edit -> ID Grid DHCP Properties .


http://www.infoblox.com/support/


10. In the ID Grid DHCP Properties editor, click DNS Updates.

11. Select Enable dynamic DNS updates, and then click OK.


13. To check the imported DHCP configuration file, click DHCP Members -> + (for corp100) -> 10.0.2.10 -> View -> DHCP Configuration.

14. In the DHCP configuration file, check that all the imported subnets are present, and navigate to the beginning of the file and check that you see the ddns-updates on statement. ( If you see ddns-updates off , enable DDNS updates for the grid as explained in steps 9-12.)

Importing DHCP Data for Site 11. Repeat the steps in Importing DHCP Data for HQ and Site 2, saving the DHCP configuration file from your legacy

DHCP server at 10.1.1.20, and importing it to the ID grid master at 10.0.1.10 for the member with IP address 10.1.1.10 to serve.

2. Check the imported DHCP configuration file by logging in to the ID grid master and from the DHCP and IPAM perspective, click DHCP Members -> + (for corp100) -> 10.1.1.10 -> View -> DHCP Configuration.

Importing DHCP Data for Site 31. Repeat the steps in Importing DHCP Data for HQ and Site 2, saving the DHCP configuration file from your legacy

DHCP server at 10.1.1.20, and importing it to the ID grid master at 10.0.1.10 for the member with IP address 10.3.1.10 to serve.

2. After the importation process completes, check the imported DHCP configuration file by logging in to the ID grid master and from the DHCP and IPAM perspective, click DHCP Members -> + (for corp100) -> 10.3.1.10 -> View -> DHCP Configuration.

Task 3.6 Import DNS DataUsing the Infoblox Data Import Wizard, import DNS data from the legacy hidden primary server at 10.0.1.5 to the new hidden primary server at 10.0.1.10 (the ID grid master). There are three phases to this task:

• Task 3.6-1 Before Using the Wizard on page 49:

— Save the named.conf file from the legacy server to a file in a local directory on your management system.

— Enable the legacy server to perform zone transfers to the Infoblox device.

— Configure three name server groups for the ID grid, and allow the grid master/hidden primary DNS server at 10.0.1.10 to receive DDNS updates from the grid members at 10.0.2.10, 10.1.1.10, and 10.3.1.10. These members act as secondary DNS servers and DHCP servers.

• Task 3.6-2 Using the Wizard on page 50: Define the source, destination, and type of DNS data in the DNS configuration file (named.conf) that you want to import.

• Task 3.6-3 After Using the Wizard on page 51: Check the imported DNS configuration file.

In this example, all the DNS data is in BIND 9 format. The Data Import Wizard supports various types of DNS formats, such as the following:

• BIND 4, 8, and 9

• Microsoft

• Lucent VitalQIP

• Nortel NetID



Task 3.6-1 Before Using the Wizard

You must set up the legacy server and ID grid master before using the Data Import Wizard.

Legacy Server

1. Log in to the legacy name server at 10.0.1.5 and save the named.conf file, which contains all the DNS settings that you want to import into the Infoblox name server, to a local directory on your management system.

2. On the legacy server, enable zone transfers to the Infoblox device.

Infoblox Grid Master– DDNS Updates

1. Log in to the grid master at 10.0.1.10, open the DNS perspective and click DNS Members -> + (for corp100) -> 10.0.1.10 -> Edit -> Member DNS Properties.

2. In the Member DNS Properties editor, click Updates and enter the following:

— Override ID grid update settings: Select check box.

— Allow dynamic updates from: Click Add.

3. In the Dynamic Updater Item dialog box, enter the following, and then click OK:

— IP Address Option: Select this option, and enter 10.0.2.10 in the adjacent field.

— Permission: Allow


5. Repeat steps 2 to 4 to add 10.1.1.10 and 10.3.1.10 as IP addresses from which you allow DDNS updates.

Note: When all DNS servers are members in the same ID grid, the members use database replication to synchronize all their data—including DNS zone data. You can change the default behavior so that grid members use zone transfers instead (see the Infoblox Administrator Guide ). In this example, grid members use database replication.

Infoblox Grid Master – Name Server Groups

1. From the DNS perspective, click DNS Members -> corp100 -> Edit -> Grid DNS Properties.

2. In the ID Grid DNS Properties editor, click Name Server Groups -> Add, to open the Grid Name Server Group dialog box.

3. Enter the following:

— Name Server Group Name: HQ-Group— ID Grid Primary: ns1.corp100.com; Stealth: Select check box.— ID Grid Secondaries: Click Add -> Select Member, select ns2.corp100.com in the Select ID Grid Member

dialog box, and then click OK. Select ID Grid replication (recommended), and then click OK to close the Name Server Group Member Secondary dialog box and return to the Grid Name Server Group dialog box.

4. Click OK to close the Grid Name Server Group dialog box.

5. Repeat steps 2 to 4 to create another group. Name it Site1-Group, and use ns1.corp100.com as the hidden primary server, ns3.site1.corp100.com as a secondary server, and ID grid replication for zone updates.

6. Repeat steps 2 to 4 to create another group. Name it Site3-Group, and use ns1.corp100.com as the hidden primary server, ns4.site3.corp100.com as a secondary server, and ID grid replication for zone updates.




Task 3.6-2 Using the Wizard

While progressing through the Data Import Wizard, you must define the source, destination, and type of DNS data that you want to import. You then make some simple modifications to the data and import it.

Defining the Source, Destination, and Type of DNS Data

1. Launch the Data Import Wizard.

2. After reading the information in the left panel of the welcome page, click Next.

3. Select Import to Infoblox Appliance, enter the following, and then click Next:

— Hostname or IP address: 10.0.1.10— Username: admin— Password: 1n85w2IFThe Data Import Wizard Log opens in a separate window behind the wizard. Leave it open while you continue.


— What kind of data would you like to import? DNS— Which legacy system are you importing from? BIND 9— Which appliance will be serving this data? 10.0.1.10


— What BIND 9 DNS configuration file would you like to use? Click Browse, navigate to the named.conf file you saved from the legacy server, select it, and then click Open.

— What type of BIND 9 DNS data do you want to import? DNS zone information and DNS record data— Where is the BIND 9 DNS record data? Zone transfer(s) from a DNS server; 10.0.1.5The wizard displays two tables of data. The upper table contains global DNS server configuration parameters. The lower table contains zone configurations.

The Data Import Wizard Log presents a summary listing the number of views, zones, and DNS records in the configuration file.

Modifying DNS Data

While importing data from the legacy DNS server, you cancel the importation of global configuration settings, and apply the name server groups you created in Before Using the Wizard on page 49 to the zones you want to import.

1. In the Global DNS Configuration table, select all rows by clicking the top row and then SHIFT+clicking the bottom row.

2. Right-click the selected rows to display the Set Import Options dialog box, select Do not import, and then click Apply.

3. In the DNS Zones table, clear the Import check box for the default view.

4. Select corp100.com, lab.corp100.com, and site2.corp100.com, and all the reverse-mapping zones with 0 or 2 in the second octet in the zone name. That is, select zones such as 1.0.10.in-addr.arpa, 2.0.10.in-addr.arpa, 3.0.10.in-addr.arpa …, and 1.2.10.in-addr.arpa, 2.2.10.in-addr.arpa, 3.2.10.in-addr.arpa, ….

Note: You can use SHIFT+click to select multiple contiguous rows and CTRL+click to select multiple noncontiguous rows.



5. Right-click the selected rows, and then select Set Import Options.

6. In the Set Import Options dialog box, enter the following, and then click Apply:

— Set Zone Type: No change

— Set Import Option: No change

— Set View: default

— Set Member: HQ-Group master

7. Select site1.corp100.com and all the reverse-mapping zones with 1 in the second octet in the zone name (1.1.10.in-addr.arpa, 2.1.10.in-addr.arpa, 3.1.10.in-addr.arpa, and so on).

8. Right-click the selected rows, and select Set Import Options.

9. In the Set Import Options dialog box, make the same selections as in Step 6 , but choose Site1-Group master from the Set Member drop-down list.

10. Similarly, select site3.corp100.com and all the reverse-mapping zones with 3 in the second octet in the zone name (1.3.10.in-addr.arpa, 2.3.10.in-addr.arpa, 3.3.10.in-addr.arpa, …).

11. Right-click the selected rows, and select Set Import Options.

12. In the Set Import Options dialog box, make the same selections as in Step 6 , but choose Site3-Group master from the Set Member drop-down list.

Importing DNS Data

1. Click Import.

The wizard imports the global DNS parameters and zone-specific configuration settings from the named.conf file and performs a zone transfer of the data from the legacy server.

2. Use the Data Import Wizard Log to monitor progress and review results afterward.

The log lists all the zones that the wizard imports and concludes with a total of all the successfully and unsuccessfully imported zones.

Note: If the wizard is unable to import a zone, an error message with an explanation appears in the log.

3. To close the Data Import Wizard, click Exit. This closes the Data Import Wizard Log as well.

Task 3.6-3 After Using the Wizard

After you import data, you must restart services on the ID grid master and delete the A records for the legacy servers from the corp100.com zone. You can also confirm that the imported data is correct and complete by checking the DNS configuration and the forward- and reverse-mapping zones.

1. Log in to the ID grid master (10.0.1.10), and then click the Restart Services icon.

Note: When importing data through the wizard rather than entering it through the GUI, the Restart Services icon does not change to indicate you must restart service for the device to apply the new data. Still, restarting service on the ID grid master is necessary for the imported configuration and data to take effect.

2. To remove A records for the legacy servers, from the DNS perspective, click Infoblox Views -> + (for Infoblox Views ) -> + (for default) -> + (for Forward Mapping Zones) -> corp100.com.



3. CTRL+click the following A records in the corp100.com zone, and then click Edit -> Remove Multiple:

— ns1 (for 10.0.1.5)

— ns2 (for 10.0.2.5)

— ns2.corp100 (for 10.0.2.5)

— ns3.site1.corp100 (for 10.1.1.5)

— ns4.site3.corp100 (for 10.3.1.5)

4. Remove the respective A records for legacy servers from the site1.corp100 and site3.corp100 subzones.

5. To check the imported DNS configuration file, from the DNS perspective, click DNS Members -> + (for corp100) -> 10.0.1.10 -> View -> DNS Configuration.

Note: If you do not see the imported DNS configuration file, make sure you enabled DNS and restarted services.

6. Scroll through the DNS configuration log to check that each imported zone has an allow-update statement like the following one for the 10.1.10.in-addr.arpa reverse-mapping zone:

zone "10.1.10.in-addr.arpa" in {…allow-update { key DHCP_UPDATER; 10.0.2.10; 10.1.1.10; 10.3.1.10; };…

};

Task 3.7 Enable DHCP and Switch Service to the ID GridFinally, you must enable DHCP service on the three grid members at 10.0.2.10, 10.1.1.10, and 10.3.1.10, and switch DNS and DHCP service from the legacy DNS and DHCP servers to them.

Note: To minimize the chance of duplicate IP address assignments during the transition from the legacy DHCP servers to the ID grid members, see the Tip described on page 37.

1. Log in to the ID grid master (10.0.1.10), from the DHCP and IPAM perspective, click DHCP Members -> + (for corp100) -> 10.0.2.10 -> Edit -> Member DHCP Properties -> General Properties , select Enable DHCP Server , and then click the Save icon.

2. Click 10.1.1.10 -> Edit -> Member DHCP Properties -> General Properties , select Enable DHCP Server , and then click the Save icon.

3. Click 10.3.1.10 -> Edit -> Member DHCP Properties -> General Properties , select Enable DHCP Server , and then click the Save and Restart Services icons.

Note: DNS service is enabled by default. To confirm that it is enabled, from the DNS perspective, click DNS Members -> + (for corp100) -> 10.0.2.10 -> Edit -> Member DNS Properties -> General Properties, and make sure the Enable DNS Server check box is selected.

The ID grid members are ready to serve DHCP and DNS, and send DDNS updates.

4. Take the legacy DHCP and DNS servers offline.


Where to go for more information

Infoblox Documentation CDThe Infoblox Documentation CD that ships with each Infoblox device contains product documentation in PDF format. In particular, for more detail on any of the features presented in this user guide, refer to the Infoblox Administrator Guide.

Infoblox GUI HelpWhen using the Infoblox GUI, you can view HTML Help by clicking the two Help icons—Help, located on the far right of the GUI menu bar, and ? (question mark), located in the left corner at the bottom of each dialog box.

infoblox.comThe Infoblox Web site contains a number of useful resources, such as

• Infoblox Technical Support: http://www.infoblox.com/supportAccess the knowledgebase, software downloads, release notes, product documentation, and personal assistance (via e-mail and telephone). Access requires a user ID and password. Register at http://www.infoblox.com/support/product_registration.cfm.

• Technical Training and Certification: http://training.infoblox.comLearn about the curriculum, schedule, and fee for an instructor-led technical training course. Online registration is provided.

• Download Center: http://www.infoblox.com/libraryDownload product data sheets, case studies, white papers, application/tech notes, and more.

infoblox 1050 1550 1552 userguide

Documents