Query refused for recursive DNS lookup in Infoblox

I recently configured my lab DNS infoblox server in a grid and setup some authoritative forward-mapping zones on it for my lab web-servers;

The DNS queries for the authoritative zones were working fine;

I then configured the DNS grid with 8.8.8.8 as a forwarder;

Continue reading

How to setup and configure Infoblox vNIOS in EVE-NG/Unetlab

  1. Place the Infoblox DDI KVM image in the below path in EVE-NG.
/opt/unetlab/addons/qemu/linux-vInfoBlox-NIOS-8.1.2
  1. Fix permissions
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
  1. Open a new lab and add the linux-vInfoBlox-NIOS-8.1.2 node in EVE-NG and assign resources:
1 vCPU, 1536 Memory and 4 interfaces
  1. Start the node. Default username/password is admin/infoblox.

4 Continue reading

Dynamic Multipoint VPN (CCIE Notes)

Disclaimer: These are my rough cut notes for CCIE Security studies! Not a detailed explanation of DMVPN.

Three components that make up DMVPN:

1. Mulitpoint GRE (mGRE)

  • Tunnel interface having multiple tunnel destinations unlike a point-to-point GRE tunnel that has a single tunnel destination.

2. Next-Hop Resolution Protocol (NHRP)

  • Each router in an NHRP topology acts as either a NHC or a NHS.
  • mGRE uses NHRP for mapping logical/tunnel IP address to physical/real IP addresses.
  • NHC registers its physical-to-tunnel mapped IP address to the NHS and the NHS acts as a database agent which stores all registered mappings and replying to NHC queries.
  • If a NHS does not have a requested entry in its database, it can forward packet to another NHS to see if it has the requested association.

3. Cisco Express Forwarding (CEF)

  • Cisco Express Forwarding (CEF) is a packet-switching technique which provides the ability to switch packets through a device in a very quick efficient way while also keeping the load on the router’s processor low.
  • CEF is made up of two different main components: the Forwarding Information Base (FIB) and the CEF Adjacency Table.

Continue reading

TCP Intercept for DoS Attack Prevention (CCIE Notes)

TCP Intercept

  • It protects a TCP server from TCP SYN-flooding attacks (DoS) attacks.
  • It intercepts and validates TCP connection requests.
  • Establishes connection with the client on behalf of the destination server, and if successful, establishes a connection with the server on behalf of the client and knits the two half connections transparently.
  • Either all requests can be intercepted or those coming from specific networks or destined for specific servers.

Modes of Operation:

Intercept Mode

  • This is the default mode.
  • Performs a three-way handshake with the client, if successful, sends the original SYN packet to the destination server and performs a three-way handshake with the server.
  •  When this is completed, the two half connections are joined.

Watch mode

  • Connection requests are allowed to pass through the router to the server but are watched until they become established.
  • If requests fail to establish within 30 seconds (default), the software sends a reset request to the server to clear up its state.

Continue reading