For information on enabling recursion on a DNS member, see Enabling Recursive Queries. Non-recursive DNS members do not redirect DNS clients. Only recursive DNS servers can redirect DNS clients. You can enable NXDOMAIN redirection at the Grid, member, and DNS view levels.
#CARET SYMBOL IN NX HOW TO#
For more information about how to configure this, see Applying Policies and Rules to DNS Queries that Request DNSSEC Data. To apply the configured NXDOMAIN rules regardless of whether a DNS query requests DNSSEC data, configure the appliance accordingly. (For information about DNSSEC, see Chapter 22, DNSSEC) If DNSSEC is not enabled, the appliance ignores the request for DNSSEC data and redirects the clients. Instead, it returns an authenticated negative response in the form of an NSEC or NSEC3 RR. When DNSSEC is enabled on the Infoblox DNS server, it does not redirect DNS clients that request DNSSEC data for a non-existent domain name. The logs include the queried domain name, source IP address, the pattern of the matched rule, and the name of the corresponding ruleset.
You can view the logs in the Syslog viewer. In addition, you can enable DNS members to log queries that match rules with an action of "Redirect" or "Modify". DNS members resolve queries for all other records as they normally would. Recursive DNS members can redirect responses to queries for A/AAAA records only. After you create the rules, you then enable the NXDOMAIN redirection feature and list the IP addresses that are included in the synthesized responses. Each rule contains a domain name specification, and the action of the DNS member when the domain name in the query matches that in the rule. After the license is installed, Grid Manager displays the NXDOMAIN Rulesets tab where you can create rules that specify how a DNS member responds to queries for A/AAAA records for certain domain names and non-existent domain names.
#CARET SYMBOL IN NX INSTALL#
(For information, you can refer to RFC 1035, Domain Names - Implementation and Specification.) You can install a Query Redirection license on a recursive DNS member to control its response to queries for A records of non-existent domain names and other domain names that you specify. An NXDOMAIN response contains a "Name Error" RCODE, signifying that the domain name referenced in the query does not exist.
If the query is for a non-existent domain name, the DNS member receives an NXDOMAIN response from the authoritative name server, which the member then forwards to the DNS client. When a DNS member with recursion enabled receives a recursive query for data for which it is not authoritative, it locates the data through queries to other servers.