Articles in this section

Configuring Umbrella Virtual Appliance as a DNS forwarder for Infoblox

Avatar
prev
  • Updated
Follow

This article details how the Umbrella Virtual Appliance can be configured as a forwarder for Infoblox appliances. This feature is in Limited Availability as part of the Virtual Appliance version 2.7.6 or higher. 

 

Note: This feature requires you to disable caching on the Infoblox appliance for accurate Umbrella reporting and policy enforcement. 

 

Prerequisite:

  • Infoblox appliance running NIOS version 8.3 or 8.4
  • Umbrella Virtual Appliance running version 2.7.6 or higher

 

Configuring Infoblox appliance

  • From the main navigation menu, click Data Management and then select the DNS tab.
  • Depending on the Infoblox view:
    • In a Grid view, select Grid DNS Properties from the toolbar on the right side of the application.
    • In a Members view, click the Members tab. Select the member and then click the edit icon.
    • In a DNS view, click the Zones tab. Select the appropriate DNS view and click the edit icon.
  • Click Forwarders and in the panel that appears click the add icon.
  • In the provided field, enter the static IP of the Virtual Appliance. You can include multiple Virtual Appliances here - it is recommended to include at least 2 virtual appliances. 
  • Check the Add Client IP, MAC Addresses and DNS View Name to outgoing recursive queries
  • Check the Use Forwarders only to use only forwarders on your network. Leave this unchecked if Infoblox is also the authoritative nameserver for any of your internal domains. 

IB__2_.png

Note: For the Virtual Appliance to receive all outgoing DNS queries from Infoblox and send them to Umbrella, caching of external domains will need to be disabled on Infoblox. Failure to do so will result in some DNS queries not getting reported by Umbrella and may also lead to incorrect enforcement of AD-based policies. 

 

Virtual Appliance

Deploy and configure your Virtual Appliances as per the steps documented here.

Note: You should not need to configure any internal DNS servers on the Virtual Appliances, since internal domains will be resolved by Infoblox directly.

 

Active Directory integration

To enable AD integration, you can deploy an Umbrella Active Directory Connector in the same Umbrella site as the Virtual Appliances that are configured as forwarders for Infoblox. 

Related articles

Comments

0 comments

Article is closed for comments.