Query refused for recursive DNS lookup in Infoblox

I recently configured my lab DNS infoblox server in a grid and setup some authoritative forward-mapping zones on it for my lab web-servers;

The DNS queries for the authoritative zones were working fine;

I then configured the DNS grid with 8.8.8.8 as a forwarder;

Continue reading

How to setup and configure Infoblox vNIOS in EVE-NG

In previous versions on EVE-NG, you could use Linux templates to run InfoBlox VMs. But that workaround was no longer a working solution after a few updates.

In the new version on EVE-NG, more templates have been added and InfoBlox is one of them. With the new templates the image boots pretty quickly and you can get an InfoBlox image up and running in no time.

The below procedure has been tested on EVE-NG running version v2.0.3-95 which was released on 02 January 2019.

  1. Place the Infoblox DDI KVM image in the below path in EVE-NG.
/opt/unetlab/addons/qemu/infoblox-NIOS-8.2.4
  1. Fix permissions
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
  1. Open a new lab, add node, navigate to InfoBlox IPAM template, add the image infoblox-NIOS-8.2.4 in EVE-NG and assign resources:
1 vCPU, 2048 Memory and 2 interfaces
  1. Start the node. Default username/password is admin/infoblox.

4 Continue reading

Dynamic Multipoint VPN (CCIE Notes)

Disclaimer: These are my rough cut notes for CCIE Security studies! Not a detailed explanation of DMVPN.

Three components that make up DMVPN:

1. Mulitpoint GRE (mGRE)

  • Tunnel interface having multiple tunnel destinations unlike a point-to-point GRE tunnel that has a single tunnel destination.

2. Next-Hop Resolution Protocol (NHRP)

  • Each router in an NHRP topology acts as either a NHC or a NHS.
  • mGRE uses NHRP for mapping logical/tunnel IP address to physical/real IP addresses.
  • NHC registers its physical-to-tunnel mapped IP address to the NHS and the NHS acts as a database agent which stores all registered mappings and replying to NHC queries.
  • If a NHS does not have a requested entry in its database, it can forward packet to another NHS to see if it has the requested association.

3. Cisco Express Forwarding (CEF)

  • Cisco Express Forwarding (CEF) is a packet-switching technique which provides the ability to switch packets through a device in a very quick efficient way while also keeping the load on the router’s processor low.
  • CEF is made up of two different main components: the Forwarding Information Base (FIB) and the CEF Adjacency Table.

Continue reading

TCP Intercept for DoS Attack Prevention (CCIE Notes)

TCP Intercept

  • It protects a TCP server from TCP SYN-flooding attacks (DoS) attacks.
  • It intercepts and validates TCP connection requests.
  • Establishes connection with the client on behalf of the destination server, and if successful, establishes a connection with the server on behalf of the client and knits the two half connections transparently.
  • Either all requests can be intercepted or those coming from specific networks or destined for specific servers.

Modes of Operation:

Intercept Mode

  • This is the default mode.
  • Performs a three-way handshake with the client, if successful, sends the original SYN packet to the destination server and performs a three-way handshake with the server.
  •  When this is completed, the two half connections are joined.

Watch mode

  • Connection requests are allowed to pass through the router to the server but are watched until they become established.
  • If requests fail to establish within 30 seconds (default), the software sends a reset request to the server to clear up its state.

Continue reading