Infoblox FAQs (Frequently Asked Questions)
The following are FAQs (Frequently Asked Questions) regarding the new Infoblox DNS/DHCP service.
General:
General:
What is 'Infoblox'?
The infoblox appliance fills 3 different roles within the campus network:
What administrative functions does the Infoblox provide?
The Infoblox allows delegated administration of campus DHCP and DNS services by departmental administrators. By logging into the Infoblox, admins can manage all aspects of the DNS and DHCP services for their department's VLANs and sub-domains.
How does the Infoblox work with regards to DHCP?
The Infoblox server replaces NetID as the administrative interface to the DHCP service. Unlike NetID, the infoblox also acts as the primary DHCP server for the campus (Infoblox serves the actual leases). The Infoblox allows configuration of dynamic ranges and fixed hosts with range/host-specific settings (such as DNS servers, gateways, lease timers, MAC access lists, DHCP custom options, etc) similar to NetID.
How does the Infoblox work with regards to DNS?
In addition to serving as the administrative interface to the DNS, the Infoblox acts as the DNS master for ucdavis.edu and a number of other zones. This means that the configuration on the infoblox server propagates to the primary campus name servers (such as 169.237.1.250, and 169.237.250.250), which are responsible for replying to actual DNS queries from hosts. Campus admins will be able to configure resource records for any sub-domain owned by their department. Records in the upper level ucdavis.edu zone (such as www.ucdavis.edu) will continue to be maintained by the campus hostclerk(hostclerk@ucdavis.edu).
Migration Steps:
How will the Infoblox be integrated into the campus network?
A phased approach will be used to integrate the Infoblox with the campus network.
Phase 1: This phase will last from late July to late August. During this phase, the Infoblox will be brought online with configurations imported from NetID and the existing campus DNS servers. This time will be used by the department administrators to familiarize themselves with Inflblox, and verify the configuration import. During this phase, the Infoblox will run concurrently with NetID and the current DNS master. Infoblox will not be responsible for serving any information during this phase. Changes to the Infoblox will not propagate to the live network.
Phase 2: This phase will last approximately 1 day, and occur in late August. This is the data re-import phase. During this phase, fresh configurations will be imported to the Infoblox from NetID and the current DNS master to account for any changes to the 'real' data during phase 1. This will also clear out any changes made to the Infoblox during phase 1, so admins may experiment with the system as they see fit. There will be a freeze to configuration changes in NetID and campus DNS on this day.
Phase 3: This phase will last approximately 1 day, and occur in late august. This is the cutover phase. During this phase, the IP helper addresses for all network interfaces on campus routers will be updated to point to the Infoblox. At this point, the Infoblox will be responding to DHCP requests for any configured VLAN that is not currently behind a departmental firewall. Campus administrators with departmental firewalls please look here.
Phase 4: This is the post-cut phase. During this phase, administrators can begin requesting access to their owned DNS sub-domains within the Infoblox. Changes to the Infoblox at this point will directly impact live network services. Once all DHCP enabled networks are pointing at the Infoblox, and the stability of the system has been verified, DHCP services on the existing campus servers will be disabled.
As departmental administrator, what do I need to do during each phase (outlined above)?
Phase 1: Log into the infoblox and verify the DHCP configuration for each owned network. This includes setup of dynamic ranges, static hosts, MAC address pools, as well as your ability to manage and modify these settings. Please notify noc@ucdavis.edu if it looks like your NetID data was not imported correctly. Spot checking of the DNS import is also encouraged, and can be performed by querying 169.237.160.1.
Phase 2: No action required. Hold off on changes to NetID and campus DNS settings (emergency changes will still be possible, but should be avoided if possible).
Phase 3: Begin updating department firewall DHCP relay addresses to point to 169.237.160.1. No other changes to network hosts are required.
Phase 4: Contact hostclerk@ucdavis.edu to request access to any sub-domains you wish to manage within Infoblox. Make sure that all your department firewalls have updated helper addresses, and that leases are being served to hosts from 169.237.160.1.
What impact can I expect to my hosts during the cutover to the Infoblox?
No impact to network hosts is expected prior to phase 3 (as outlined above). During phase 3, as a host's lease expires, the renew request will be forwarded to the Infoblox. Though the transition should be seamless, several factors could lead to the IP address of the host being locked out at the time of the renew request. If this occurs, a simple release/renew on the host should resolve the issue.
My VLANs are behind a departmental firewall and I use campus DHCP, are there changes I need to make?
Yes! In order for the DHCP requests on your subnet to make it to the Infoblox, you will need to update your DHCP relay address to 169.237.160.1 (most likely set to 169.237.250.250 currently). If you are not using campus DHCP on your VLANs, no changes are necessary.
Do I need to change the DNS configuration on my hosts?
No. The primary campus name servers (internal and external) will remain at the same IP addresses. The Infoblox is replacing the current DNS master server only, and operates 'behind the scenes'.
Accessing Infoblox:
How do I request an Infoblox user account?
If you had an account in NetID, your account and access permissions should have been automatically been ported into the Infoblox (authentication is now based on campus kerberos, so your password may be different). If you did not have an account on the NetID server, or your netID username does not match your campus login ID, please email noc@ucdavis.edu and request access. Please provide your campus login name, phone number, email address, and a list of subnets/sub-domains you will need access to.
How do I access the Infoblox?
From a Windows system, browse to http://infoblox.ucdavis.edu. The 'Launch Grid Manager' link will open the management applet for the Infoblox. Enter your campus kerberos information in the login fields. Statistical information can be viewed through the 'Launch IPAM Manager' link. All Infoblox management functionality will be available through the platform independent IPAM Manager at some point in the future (pending a code release from the vendor).
What do I do if I am unable to view/manage a subnet or other resource that I am responsible for in Infoblox?
Please contact noc@ucdavis.edu and note the subnet or resource that you should have access to. Please also note whether or not you currently have access to the resource in NetID.
Managing Infoblox:
How do I manage my networks/DNS records with Infoblox?
The complete Infoblox user guide is available here. UC Davis-specific instructions are in the works, and should be available shortly.
DNS Questions:
Can I have administrative access to my DNS sub-domains prior to the Infoblox cutover?
It is unlikely that permission changes to DNS sub-domains will persist through the data re-import in phase 2 of the cutover (outlined above). As such, it is suggested that focus be placed on verifying DHCP settings during the initial phase. Administrative access to DNS sub-domains can be granted for evaluation purposes, but it will likely be necessary to request this access again once the Infoblox goes 'live.'
What types of DNS records are supported by Infoblox?
The Infoblox GUI currently supports management of: NS, A, AAAA, CNAME, DNAME, MX, SRV, TXT, and PTR records.
Will reverse delegation for networks with longer than a /24 netmask be possible?
Yes, reverse delegation for non-classful networks is supported via RFC 2317 style prefixes. Please contact the campus hostclerk (hostclerk@ucdavis.edu) once the Infoblox migration is complete (early September) for assistance.
Quick Links to Questions and Answers
General:
- What is 'Infoblox'?
- What administrative functions does the Infoblox provide?
- How does the Infoblox work with regards to DHCP?
- How does the Infoblox work with regards to DNS?
- How will the Infoblox be integrated into the campus network?
- As departmental administrator, what do I need to do during each phase of the integration?
- What impact can I expect to my hosts during the cutover to the Infoblox?
- My VLANs are behind a departmental firewall and I use campus DHCP, are there special changes I need to make?
- Do I need to change the DNS configuration on my hosts?
- How do I request an Infoblox user account?
- How do I access the Infoblox?
- What do I do if I am unable to view/manage a subnet or other resource that I am responsible for in Infoblox?
- Can I have administrative access to my DNS sub-domains prior to the Infoblox cutover?
- What types of DNS records are supported by Infoblox?
- Will reverse delegation for networks with longer than a /24 netmask be possible?
Questions and Answers
General:
What is 'Infoblox'?
The infoblox appliance fills 3 different roles within the campus network:
- Infoblox acts as the administrative interface to the campus DNS and DHCP services.
- The Infoblox acts as the primary DHCP server for the campus.
- The Infoblox acts as the DNS master for ucdavis.edu and a number of other zones.
What administrative functions does the Infoblox provide?
The Infoblox allows delegated administration of campus DHCP and DNS services by departmental administrators. By logging into the Infoblox, admins can manage all aspects of the DNS and DHCP services for their department's VLANs and sub-domains.
How does the Infoblox work with regards to DHCP?
The Infoblox server replaces NetID as the administrative interface to the DHCP service. Unlike NetID, the infoblox also acts as the primary DHCP server for the campus (Infoblox serves the actual leases). The Infoblox allows configuration of dynamic ranges and fixed hosts with range/host-specific settings (such as DNS servers, gateways, lease timers, MAC access lists, DHCP custom options, etc) similar to NetID.
How does the Infoblox work with regards to DNS?
In addition to serving as the administrative interface to the DNS, the Infoblox acts as the DNS master for ucdavis.edu and a number of other zones. This means that the configuration on the infoblox server propagates to the primary campus name servers (such as 169.237.1.250, and 169.237.250.250), which are responsible for replying to actual DNS queries from hosts. Campus admins will be able to configure resource records for any sub-domain owned by their department. Records in the upper level ucdavis.edu zone (such as www.ucdavis.edu) will continue to be maintained by the campus hostclerk(hostclerk@ucdavis.edu).
Migration Steps:
How will the Infoblox be integrated into the campus network?
A phased approach will be used to integrate the Infoblox with the campus network.
Phase 1: This phase will last from late July to late August. During this phase, the Infoblox will be brought online with configurations imported from NetID and the existing campus DNS servers. This time will be used by the department administrators to familiarize themselves with Inflblox, and verify the configuration import. During this phase, the Infoblox will run concurrently with NetID and the current DNS master. Infoblox will not be responsible for serving any information during this phase. Changes to the Infoblox will not propagate to the live network.
Phase 2: This phase will last approximately 1 day, and occur in late August. This is the data re-import phase. During this phase, fresh configurations will be imported to the Infoblox from NetID and the current DNS master to account for any changes to the 'real' data during phase 1. This will also clear out any changes made to the Infoblox during phase 1, so admins may experiment with the system as they see fit. There will be a freeze to configuration changes in NetID and campus DNS on this day.
Phase 3: This phase will last approximately 1 day, and occur in late august. This is the cutover phase. During this phase, the IP helper addresses for all network interfaces on campus routers will be updated to point to the Infoblox. At this point, the Infoblox will be responding to DHCP requests for any configured VLAN that is not currently behind a departmental firewall. Campus administrators with departmental firewalls please look here.
Phase 4: This is the post-cut phase. During this phase, administrators can begin requesting access to their owned DNS sub-domains within the Infoblox. Changes to the Infoblox at this point will directly impact live network services. Once all DHCP enabled networks are pointing at the Infoblox, and the stability of the system has been verified, DHCP services on the existing campus servers will be disabled.
As departmental administrator, what do I need to do during each phase (outlined above)?
Phase 1: Log into the infoblox and verify the DHCP configuration for each owned network. This includes setup of dynamic ranges, static hosts, MAC address pools, as well as your ability to manage and modify these settings. Please notify noc@ucdavis.edu if it looks like your NetID data was not imported correctly. Spot checking of the DNS import is also encouraged, and can be performed by querying 169.237.160.1.
Phase 2: No action required. Hold off on changes to NetID and campus DNS settings (emergency changes will still be possible, but should be avoided if possible).
Phase 3: Begin updating department firewall DHCP relay addresses to point to 169.237.160.1. No other changes to network hosts are required.
Phase 4: Contact hostclerk@ucdavis.edu to request access to any sub-domains you wish to manage within Infoblox. Make sure that all your department firewalls have updated helper addresses, and that leases are being served to hosts from 169.237.160.1.
What impact can I expect to my hosts during the cutover to the Infoblox?
No impact to network hosts is expected prior to phase 3 (as outlined above). During phase 3, as a host's lease expires, the renew request will be forwarded to the Infoblox. Though the transition should be seamless, several factors could lead to the IP address of the host being locked out at the time of the renew request. If this occurs, a simple release/renew on the host should resolve the issue.
My VLANs are behind a departmental firewall and I use campus DHCP, are there changes I need to make?
Yes! In order for the DHCP requests on your subnet to make it to the Infoblox, you will need to update your DHCP relay address to 169.237.160.1 (most likely set to 169.237.250.250 currently). If you are not using campus DHCP on your VLANs, no changes are necessary.
Do I need to change the DNS configuration on my hosts?
No. The primary campus name servers (internal and external) will remain at the same IP addresses. The Infoblox is replacing the current DNS master server only, and operates 'behind the scenes'.
Accessing Infoblox:
How do I request an Infoblox user account?
If you had an account in NetID, your account and access permissions should have been automatically been ported into the Infoblox (authentication is now based on campus kerberos, so your password may be different). If you did not have an account on the NetID server, or your netID username does not match your campus login ID, please email noc@ucdavis.edu and request access. Please provide your campus login name, phone number, email address, and a list of subnets/sub-domains you will need access to.
How do I access the Infoblox?
From a Windows system, browse to http://infoblox.ucdavis.edu. The 'Launch Grid Manager' link will open the management applet for the Infoblox. Enter your campus kerberos information in the login fields. Statistical information can be viewed through the 'Launch IPAM Manager' link. All Infoblox management functionality will be available through the platform independent IPAM Manager at some point in the future (pending a code release from the vendor).
What do I do if I am unable to view/manage a subnet or other resource that I am responsible for in Infoblox?
Please contact noc@ucdavis.edu and note the subnet or resource that you should have access to. Please also note whether or not you currently have access to the resource in NetID.
Managing Infoblox:
How do I manage my networks/DNS records with Infoblox?
The complete Infoblox user guide is available here. UC Davis-specific instructions are in the works, and should be available shortly.
DNS Questions:
Can I have administrative access to my DNS sub-domains prior to the Infoblox cutover?
It is unlikely that permission changes to DNS sub-domains will persist through the data re-import in phase 2 of the cutover (outlined above). As such, it is suggested that focus be placed on verifying DHCP settings during the initial phase. Administrative access to DNS sub-domains can be granted for evaluation purposes, but it will likely be necessary to request this access again once the Infoblox goes 'live.'
What types of DNS records are supported by Infoblox?
The Infoblox GUI currently supports management of: NS, A, AAAA, CNAME, DNAME, MX, SRV, TXT, and PTR records.
Will reverse delegation for networks with longer than a /24 netmask be possible?
Yes, reverse delegation for non-classful networks is supported via RFC 2317 style prefixes. Please contact the campus hostclerk (hostclerk@ucdavis.edu) once the Infoblox migration is complete (early September) for assistance.