infoblox csv import reference 8.0 csv import reference (rev. a) 3 preface this preface describes the...

RELEASE 8.0

Infoblox CSV Import Reference

Copyright Statements 2016, Infoblox Inc. All rights reserved.The contents of this document may not be copied or duplicated in any form, in whole or in part, without the prior written permission of Infoblox, Inc.

The information in this document is subject to change without notice. Infoblox, Inc. shall not be liable for any damages resulting from technical errors or omissions which may be present in this document, or from use of this document.

This document is an unpublished work protected by the United States copyright laws and is proprietary to Infoblox, Inc. Disclosure, copying, reproduction, merger, translation, modification, enhancement, or use of this document by anyone other than authorized employees, authorized users, or licensees of Infoblox, Inc. without the prior written consent of Infoblox, Inc. is prohibited.

For Open Source Copyright information, refer to the Infoblox Administrator Guide.

Trademark StatementsInfoblox, the Infoblox logo, Grid, NIOS, bloxTools, NetMRI and PortIQ are trademarks or registered trademarks of Infoblox Inc.

All other trademarked names used herein are the properties of their respective owners and are used for identification purposes only.

Company Informationhttp://www.infoblox.com/contact/

Product InformationHardware Models

Infoblox Advanced Appliances: PT-1400, PT-1405, PT-2200, PT-2205, PT-2205-10GE, PT-4000, and PT-4000-10GE

Network Insight Appliances: ND-800, ND-805, ND-1400, ND-1405, ND-2200, ND-2205, and ND-4000

Trinzic Appliances: TE-100, TE-810, TE-815, TE-820, TE-825, TE-1410, TE-1415, TE-1420, TE-1425, TE-2210, TE-2215, TE-2220, TE-2225, IB-4010, and IB-4020

Cloud Network Automation: CP-V800, CP-V1400, and CP-V2200

Trinzic Reporting: TR-800, TR-805, TR-1400, TR-1405, TR-2200, TR-2205, and TR-4000

DNS Cache Acceleration Appliances: IB-4030 and IB-4030-10GE

NetMRI: NetMRI-1102-A, NT-1400, NT-2200, and NT-4000

Document Number: 400-0678-000 Rev. A

Document Updated: October 20, 2016

Warranty InformationYour purchase includes a 90-day software warranty and a one year limited warranty on the Infoblox appliance, plus an Infoblox Warranty Support Plan and Technical Support. For more information about Infoblox Warranty information, refer to the Infoblox Web site, or contact Infoblox Technical Support.

http://www.infoblox.com/contact

Preface

This preface describes the document conventions of this guide, and provides information about how to find additional product information, including how to access Infoblox Technical Support. It includes the following sections:

Document Overview on page 4

Documentation Conventions on page 4

Related Documentation on page 4

Customer Care on page 5

User Accounts on page 5

Software Upgrades on page 5

Technical Support on page 5

NIOS 8.0 CSV Import Reference (Rev. A) 3

Preface

Document Overview

The CSV import reference provides general guidelines and file format information about CSV import. It was last updated on October 20, 2016. For updated documentation, visit our Support site at https://support.infoblox.com.

Documentation Conventions

The text in this guide follows the following style conventions.

Related Documentation

Other Infoblox appliance documentation:

Infoblox CLI Guide

Infoblox API Documentation

Infoblox WAPI Documentation

Infoblox CSV Import Reference

Infoblox Installation Guide for the Trinzic 100 Appliance

Infoblox Installation Guide for the 800 Series Platforms





Infoblox Installation Guide for the 2205Series Platforms


Infoblox Installation Guide for the Infoblox-4010 Appliance

Infoblox Installation Guide for the IB-4030 and IB-4030-10GE Appliances

Infoblox DNS Cache Acceleration Administrator Guide

Infoblox Installation Guide for vNIOS for Microsoft Azure

Infoblox Installation Guide for vNIOS for AWS

Infoblox Installation Guide for vNIOS for VMware

Infoblox Installation Guide for vNIOS on Microsoft 2008 R2 for Hyper-V

Infoblox Installation Guide for vNIOS for KVM Hypervisor and KVM-based OpenStack

Infoblox Safety Guide

To provide feedback on any of the Infoblox technical documents, please e-mail [email protected].

Style Usage

bold Indicates examples of the field names.

data Signifies the data in a CSV file.

4 CSV Import Reference (Rev. A) NIOS 8.0

https://support.infoblox.com

Customer Care

Customer Care

This section addresses user accounts, software upgrades, licenses and warranties, and technical support.

User Accounts

The Infoblox appliance ships with a default user name and password. Change the default admin account password immediately after the system is installed to safeguard its use. Make sure that the NIOS appliance has at least one administrator account with superuser privileges at all times, and keep a record of your account information in a safe place. If you lose the admin account password, and did not already create another superuser account, the system will need to be reset to factory defaults, causing you to lose all existing data on the NIOS appliance. You can create new administrator accounts, with or without superuser privileges. For more information, refer to the Infoblox Administrator Guide.

Software Upgrades

Software upgrades are available according to the Terms of Sale for your system. Infoblox notifies you when an upgrade is available. Register immediately with Infoblox Technical Support at http://www.infoblox.com/support/customer/evaluation-and-registration to maximize your Technical Support.

Technical Support

Infoblox Technical Support provides assistance via the Web, e-mail, and telephone. The Infoblox Support web site at https://support.infoblox.com provides access to product documentation and release notes, but requires the user ID and password you receive when you register your product online at: http://www.infoblox.com/support/customer/evaluation-and-registration.


http://www.infoblox.com/support/customer/evaluation-and-registrationhttp://www.infoblox.com/support/customer/evaluation-and-registrationhttps:/support.infoblox.com

Preface


CSV Import Reference

This chapter provides general guidelines and file format information about each supported object type for CSV import. You must follow the format and syntax described in this section to ensure a successful data import.

This appendix includes the following sections:

Guidelines for CSV Import on page 8

General Guidelines on page 8

Data Specific Guidelines on page 9

CSV File Format on page 10

IDN Support for CSV Import on page 11

CSV Import for Response Policy Zones on page 12

CSV Format for Inheritable Extensible Attributes on page 14

Importing Inheritable Extensible Attributes on page 14

Importing Active Directory Domains and Sites on page 15

CSV Import for Topology Rulesets and Rules in DNS Traffic Control on page 15

Supported Object Types on page 16

Importing Multiple Action CSV file on page 134



Guidelines for CSV Import

You can create a data file using a text editor, such as Microsoft Notepad, or an application that supports CSV file format, such as Microsoft Excel.

You can also import data using Infoblox Migration Wizard, which is a standalone software tool that facilitates the migration of DNS and DHCP data from Microsoft servers to the Infoblox Grid. This tool synchronizes DNS and DHCP data from Microsoft servers and generates a CSV file based on conversion rules you set up through the tool. You can then import the CSV data to the Infoblox Grid through CSV import. For more information, refer to the Infoblox Administrator Guide for Infoblox Migration Wizard.

WARNING: CSV imports and operations that involve massive data, such as deleting large zones and recursive deletion of networks and all child objects, will significantly affect member performance, resulting in service outage.

General Guidelines

Follow these rules to start a data file:

Do not use UTF-8 characters in the CSV file name, but the contents of a CSV file must be encoded in UTF-8 characters. Note that Microsoft Excel imports data in the default code page, either in ISO-8859-1 or WINDOWS-1252. You must not import a CSV file that is encoded in Windows 1252 or ISO-8859-1 formats.

Specify the version number in the first line of the data file. For example, enter version 1.0 in the first line.

Use a new line to enter data for each row. Separate each data field with a supported separator, such as a comma, semicolon, space, or tab.

Do not include blank lines in the data file.

Field names: Specify the field names in the second line. You can include multiple rows of field names as long as you define the fields before the data. The first column in the field name row must be defined as Header. The rest of the columns are field names of the data. Columns without a field name are ignored. If multiple field names are specified, the latest field names are used to import the data.

Use the add function to add new rows from the imported CSV file to the database.

Use the override function, not the merge function, to overwrite existing data. When you use the merge function, the appliance does not overwrite existing data, even if the data file contains new data.

Use the delete function to delete import jobs that are uploaded. You can delete the content of a CSV file that you have imported to the database. Note that you cannot delete jobs that are already imported.

Use the replace function to replace current data in the database with data in the imported file. You can use the replace function for authoritative zone data only. The replace operation might affect system performance if you try to replace a zone with a lot of changes. Infoblox recommends that you perform the replace operation for large import files (more than 10,000 rows of changes) during non-peak hours.

You can download uploaded or error files, snapshots, and results file. For more information, see Infoblox NIOS Administrator Guide.

When you import a small file, the appliance processes the import quickly. Under this circumstance, the appliance may generate an error message when you try to stop the import because the import is completed before you can stop it.

When you stop an import, the appliance finishes importing the data row that it is currently processing before it stops the import.

The error files of the last two imports are stored on the appliance. You can download these files using the API import_id method. For information, refer to the Infoblox API Documentation.

When you use Microsoft Excel to create or view a data file, ensure that you review the settings of the file. Some data, such as dates, may show up in a different format depending on your settings.

All operations triggered by a CSV import are recorded in the audit log.


Guidelines for CSV Import

Data Specific Guidelines

Follow these guidelines to enter data:

The appliance uses double quotes () as the escape characters in CSV import. If you want to include supported separators in a field, you must enclose the data in a pair of double quotes ( ). This applies to the field names and data. For example, if you want to use the field name ADMGRP-CSV ,; Import, you must enter ADMGRP-CSV ,; Import as the value. Otherwise, the import fails. When you enter 123123, the imported data is 123123, and when you enter \\, the imported data is \\.

If you have an empty value in the last field, you must still include the separator at the end of the data row. Otherwise, the corresponding column and all its data are not imported, and the appliance generates an error.

For each supported object type, you must include all the required fields in the data file. For information, see Supported Object Types on page 16. Note that all required fields are marked with an asterisk (*) in an exported file.

Note: If you want to modify a required field XXX (for either the overwrite or merge function), you must add a corresponding field, _new_XXX, to include the new value. For example, fqdn is a required field in an A record. If you want to update this field, you must include a new field _new_fqdn and define the new value here. The appliance overwrites the existing data in the required field using the values you specify in the new field. Note that the replace function ignores _new_XXX fields in the imported CSV files.

When you perform an overwrite function, you must define all boolean and integer data types in each supported object type in order for the appliance to overwrite existing data.

You can perform a CSV import of an object even if it has been scheduled for addition, modification, or deletion.

Inherited fields: The appliance uses the following conventions to override inherited fields:

When a value is specified in a field, the appliance overrides the inherited value with the new value.

When a value is set to or an empty value, the appliance does not override the inherited value.

When a value is set to a string with a value of , the appliance overrides the inherited value with an empty value.

Extensible attributes: A field name of EA-XXX indicates an extensible attribute, where XXX is the attribute name. The value of an extensible attribute can be a string, a list, an integer, an email address, a URL, or a date in YYYY-MM-DD format. Note that extensible attributes do not support time zones. Following are some examples:

EA-Site is a predefined string type for locations. It can have a value of Santa Clara.

EA-User is a user defined list type for employee types. It can have a list of values, such as Local,Remote,Temp. Note that only one value can be specified when importing the extensible attribute.

EA-Building is a predefined integer type for building numbers. It can have a value of 5.

EA-TechPubs is a user defined email address type. It can have a value of [email protected].

EA-IB is a user defined URL type. It can have a value of www.infoblox.com.

EA-Date is a user defined date type attribute. It can have a value of 2010-11-20.

Admin permissions: A field name of ADMGRP-XXX indicates the admin permission of a specific admin group, where XXX is the name of the admin group. The value of an admin permission can be a string or a list of strings with subtypes. If there is a single value in the permission, use RW, RO, or DENY. If there is a subtype in the permission, use a list format, such as RW, ARecord/RO.

DHCP options: A field name of OPTION-XXX-nn indicates a DHCP option, where XXX is the vendor name of the option and nn is the option number. If the option is of the DHCP vendor class, you can omit -XXX in the field name. For example, OPTION-1 implies vendor class = DHCP and option number = 1, and OPTION-CISCO-122 implies vendor class = CISCO and option number = 122.



Named ACLs (access control lists): When you import a named ACL or ACEs (access control entries) to a named ACL, ensure that you validate the named ACLs to avoid conflicts and unexpected results. When adding ACEs to a named ACL, all entries are appended to the end of the list. To reorder ACEs in a named ACL through CSV import, you must first export the ACEs, delete all the ACEs in the current ACL, reorder the ACES in the exported .csv file, and than re-import the ACEs to the named ACL. For more information about access control and named ACLs, refer to the Infoblox NIOS Administrator Guide.

When you configure Unbound as the DNS resolver, NIOS does not support certain features and they are not displayed in Grid Manager. However, fields related to these unsupported features will appear in CSV export files. Although these fields are only relevant to the IB-4030 and IB-4030-10GE appliances and might not apply to the appliances in your Grid, you can still perform CSV imports using these CSV export files without any issues.

CSV File Format

A CSV file is typically created and edited using a spreadsheet, though you can create a CSV file in a text editor using any supported separator. You can include more than one object type in a single CSV file when you add or modify data. For information, see Supported Object Types on page 16. You can also organize field names and data in a CSV file using different formats, as shown in the following examples. For additional information about how to create a CSV file, see Guidelines for CSV Import on page 8.

You can create one CSV file to update data of multiple object types (Network and Host Record), as illustrated in CSV File Example 1. In this example, you define the field names you want to modify for the two object types in rows 1 and 2. You then include the corresponding data as shown in rows 3 to 6.

Table 1.1 CSV File Example 1

In CSV File Example 1, the field name HEADER-NETWORK identifies the first row as a header row for the Network objects. The field names ADDRESS, NETMASK, EA-Gateway, and EA-Secondary Address (in rows B1 to E1) tell NIOS how to interpret a row of network data in the CSV file. Each row of data that begins with Network in column A is identified as a network data row. Therefore, NIOS interprets rows 3 and 4 as network data rows, in which column B contains the network addresses, column C contains the network masks, and columns D and E contain extensible attribute values for gateway and secondary address.

Similarly, the field name HEADER-HostRecord identifies the second row as a header row for the Host Record objects. This header declaration tells NIOS that for each subsequent row of data that begins with HostRecord in column A, column C contains the FQDN of the host, and column D contains the host address. Therefore, NIOS interprets rows 5 and 6 as host record data rows that contain the FQDNs of the hosts in column C and the host addresses in column D.

Alternatively, you can organize the information in CSV File Example 1 so that the data rows immediately follow the header rows, as shown in CSV File Example 2.

A B C D E

1 HEADER-NETWORK ADDRESS* NETMASK* EA-Gateway EA-Secondary Address

2 HEADER-HostRecord configure_for_dns* FQDN* ADDRESSES

3 NETWORK 10.251.133.128 255.255.255.192 10.251.133.129

4 NETWORK 10.176.80.255 255.255.252.0 10.176.80.1 172.16.213.0

5 HostRecord TRUE host1.dhcp.corp100.com 172.20.2.21



CSV File Format


You can also specify multiple header declarations for the same object type, as shown in CSV File Example 3. In this example, you specify the field names (in row 1) and data (in rows 2 and 3) to modify the extensible attributes (EA-Gateway and EA-Secondary Address) of two network addresses. You then specify the field names (in row 4) and data (in rows 5 and 6) to add new extensible attributes (EA-Gateway and EA-Host Range) of two other network addresses.


The examples in this section are illustrated using tables that resemble spreadsheet layouts. However, all other examples in this appendix use the comma separated value text file format. For example, the following is the CSV file notation equivalent of CSV File Example 2 on page 11.

HEADER-NETWORK,ADDRESS*,NETMASK*,EA-Gateway,EA-Secondary AddressNETWORK,10.251.133.128,255.255.255.192,10.251.133.129NETWORK,10.176.80.255,255.255.252.0,10.176.80.1,172.16.213.0HEADER-HostRecord,FQDN*,ADDRESSESHostRecord,host1.dhcp.corp100.com,172.20.2.21HostRecord,host2.dhcp.corp100.com,172.20.2.22

IDN Support for CSV Import

The appliance supports IDNs (Internationalized Domain Names) and punycode for most of the DNS object types in a CSV file. An IDN is a domain name that contains a language-specific script or alphabet, such as Arabic, Chinese, Russian, Devanagari, or the Latin alphabet-based characters with diacritics, such as French. IDNs are encoded in multi-byte Unicode and are decoded into ASCII strings using a standardized mechanism known as Punycode transcription. For example, DNS Zone . (IDN in Russian) can be written as xn--90anhdigczv.xn--p1ai in the punycode representation. For information about IDNs, refer to the Infoblox NIOS Administrator Guide.

A B C D E


2 NETWORK 10.251.133.128 255.255.255.192 10.251.133.129

3 NETWORK 10.176.80.255 255.255.252.0 10.176.80.1 172.16.213.0

4 HEADER-HostRecord configure_for_dns* FQDN* ADDRESSES



A B C D E


2 NETWORK 10.251.133.128 255.255.255.192 10.251.133.129

3 NETWORK 10.176.80.255 255.255.252.0 10.176.80.1 172.16.213.0

4 HEADER-NETWORK ADDRESS* NETMASK* EA-Gateway EA-Host Range

5 NETWORK 10.176.90.0 255.255.255.128 10.176.90.1 10.176.90.4-126

6 NETWORK 10.176.90.128 255.255.255.128 10.176.90.129 10.176.90.132-254



You can use either IDNs or punycode to create DNS zones. Even if you use punycode to create a zone, the appliance automatically generates the corresponding IDN and displays the zone name in its native characters. Note that the appliance does not perform any conversion (IDN to punycode and vice versa) for DNS records, but preserves the data in the original characters. In other words, if a DNS object or a field name contains IDN, the appliance imports the data in IDN. If a DNS object or a field name is in punycode, the appliance imports the data in punycode. For more information about supported objects for CSV import, Supported Object Types on page 16.

CSV Import for Response Policy Zones

You can import local RPZs (Response Policy Zones) and their rulesets using the CSV Import feature. When you import local RPZs using this feature, you must specify three new columns, priority, rpz_policy, and substitute_name with relevant values, whereas importing an RPZ ruleset requires specifying the value for parent RPZ in the parent_zone column, as mentioned in the following tables. For a local RPZ, CSV import supports all the values that are listed in Authoritative Zone on page 28 along with the three new columns. However, for RPZ rulesets it supports the values that are listed in CNAME Record on page 40 along with a new column parent_zone.

For example, if you want to add a new local RPZ, JKL.INFO and substitute this domain with JKI.NET, then you must mention the priority, rpz_policy, and substitute name as follows: .

A B C D E F G H I

HEADER-RESPONSEPOLICYZONE

FQDN* ZONE_FORMAT*

ALLOW_UPDATE PRIORITY RPZ_POLICY SUBSTITUTE_NAME

VIEW ZONE_TYPE

RESPONSEPOLICYZONE ABC.NET FORWARD TSIG-RPZ_LOCAL_UPDATER_KEY._default.abc.net/kA36uJeavmhrH2Yqx8hEDPC6okSFcsOb2evyWVAO5fM=/ALLOW/HMAC-SHA256

1001 GIVEN DEFAULT RESPONSEPOLICY

RESPONSEPOLICYZONE XYZ.IN FORWARD TSIG-RPZ_LOCAL_UPDATER_KEY._default.xyz.in/kA36uJeavmhrH2Yqx8hEDPC6okSFcsOb2evyWVAO5fM=/ALLOW/HMAC-SHA256

1002 NXDOMAIN DEFAULT RESPONSEPOLICY

RESPONSEPOLICYZONE AIM.EDU FORWARD TSIG-RPZ_LOCAL_UPDATER_KEY._default.aim.edu/vIeLOfean4YZUMOzGIvWnxhtOPXWM5QfJwxfHJbDXjQ=/ALLOW/HMAC-SHA256

1003 NODATA DEFAULT RESPONSEPOLICY

RESPONSEPOLICYZONE PQDR.COM

FORWARD TSIG-RPZ_LOCAL_UPDATER_KEY._default.pqdr.com/R9TDpx8N+cBs0W32hEDzk5MwRjPuH%2FeYJsSgUksX8SM=/ALLOW/HMAC-SHA256

1004 PASSTHRU DEFAULT RESPONSEPOLICY

RESPONSEPOLICYZONE JKL.INFO FORWARD TSIG-RPZ_LOCAL_UPDATER_KEY._default.jkl.info/rLopR5+Sf4MpcfYpDJV+KWAdtTXAU5kFTFWFWuLV2Rw=/ALLOW/HMAC-SHA256

1005 SUBSTITUTE JKI.NET DEFAULT RESPONSEPOLICY

RESPONSEPOLICYZONE ASAC.COM

FORWARD TSIG-RPZ_LOCAL_UPDATER_KEY._default.asac.com/kA36uJeavmhrH2Yqx8hEDPC6okSFcsOb2evyWVAO5fM=/ALLOW/HMAC-SHA256

1006 DISABLED DEFAULT RESPONSEPOLICY


CSV File Format

Examples of Substitute and Block Domain Names:

The following example shows a new column, parent_zone, which is added to the spreadsheet while importing an RPZ ruleset to a local RPZ abc.net:

Example of an A Record CSV format:

Example of an RPZ Policy IP Address:

Example of an RPZ Policy Client IP Address:

Note the following:

You must specify the name of the parent zone when you import RPZ rules to a local zone. For example, clarity.abc.net where abc.net is the local RPZ.

In the above example, the domain name clarity.abc.net is substituted with the domain name clear.in because clear.in is specified as the canonical name.

The domain arm.abc.net is blocked and the DNS client receives a message that the domain does not exist. For more information about RPZ rules, refer to the Infoblox NIOS Administrator Guide.

A B C D E F

HEADER-

RESPONSEPOLICYCNAMERECORD

FQDN* CANONICAL_NAME DISABLED PARENT_ZONE VIEW

RESPONSEPOLICYCNAMERECORD CLARITY.ABC.NET CLEAR.IN FALSE ABC.NET DEFAULT

RESPONSEPOLICYCNAMERECORD ARM.ABC.NET FALSE ABC.NET DEFAULT

A B C D E F

HEADER-

RESPONSEPOLICYARECORD

ADDRESS* FQDN* DISABLED PARENT_ZONE VIEW

RESPONSEPOLICYCNAMERECORD 10.32.2.1 PQR.ABC.NET FALSE ABC.NET DEFAULT

A B C D E F

HEADER-

RESPONSEPOLICYIPADDRESS


RESPONSEPOLICYIPADDRESS 10.1.2.3.ABC.NET 10.1.2.3 FALSE ABC.NET DEFAULT

A B C D E F

HEADER-

RESPONSEPOLICYCLIENTIPADDRESS


RESPONSEPOLICYCLIENTIPADDRESS 10.1.2.1.ABC.NET 10.1.2.1 FALSE ABC.NET DEFAULT



CSV Format for Inheritable Extensible Attributes

Exporting Inheritable Extensible Attributes

When you export data, if an object has inheritable extensible attributes associated with it, then an additional column EAInherited-XXX is displayed in the spreadsheet, where XXX is the name of the inheritable extensible attribute. Note that the column EA-XXX displays the name of the inheritable extensible attribute and its value whereas EAInherited-XXX displays the inheritance state, which is either Inherit or Override. Extensible attributes with the following inheritance states will be exported: Inherited, Native, and Overridden.

Note the following about inheritable extensible attributes:

By default, the value is displayed as Override for inheritable extensible attributes, which are at the top of the inheritance chain or if the value of the inherited extensible attribute is overridden at the descendant level.

If the value is inherited by the descendants of the parent object, then the inheritance state is set to Inherit.

If an extensible attribute is not inheritable or if the status is set to Not Inherited, then the EAInherited-XXX column will not be displayed for these attributes.

NIOS does not support EA inheritance for DNS objects, but you might see the EAInherited-XXX column in the CSV file when you export data through Grid Manager. Note that NIOS treats these objects as normal extensible attributes even when you enable inheritance for extensible attributes.

Importing Inheritable Extensible Attributes

You can specify new inheritable extensible attributes in the spreadsheet and import this file using the CSV Import feature. When you import inheritable extensible attributes using the CSV Import feature, you must specify two new columns, EA-XXX and EAInherited-XXX, with relevant values as mentioned in the following tables. Note that XXX is the name of the inheritable extensible attribute.

For example, if you want to update the value of an existing inheritable extensible attribute Building, you must set the inheritance state to Override in the spreadsheet. The following example shows that the original value of attribute Building, which is replaced by Millennium Tower.

The following example shows two new columns, EA-Region and EAInherited-Region, which are added to the spreadsheet to associate a new inheritable extensible attribute with an existing object:

Note the following about inheritance states:

When you import attributes for a parent object, the inheritance state must be set to Override.

For descendants, the inheritance state can be set to Override or Inherit. If you specify Inherit, the attribute value will be inherited from the parent object. If you specify Override, the original value of the attribute will be replaced with the value specified in the spreadsheet.

A B C D E

HEADER-

NETWORK

ADDRESS* NETMASK* EA-Building EAInherited-Building

NETWORK 10.251.133.128 255.255.255.192 Millennium Tower

OVERRIDE

A B C

HEADER-

NETWORK

ADDRESS* NETMASK* EA-Region EAInherited-Region

NETWORK 10.251.133.128 255.255.255.192 San Pablo INHERIT


CSV File Format

Note: This is valid for Network related objects only. The supported inheritance chain is: Network View -> Network Container -> Network -> Range -> Host/Fixed Address/Reservation.

Importing Active Directory Domains and Sites

The Infoblox CSV format does not support extensible attributes that contain information about Active Directory domains and sites or objects that represent Active Directory domains or sites. The appliance displays an error message when you define values for such extensible attributes in the imported CSV file.

When you export networks, the appliance does not include extensible attributes that contain information about Active Directory domains or sites in the generated .CSV file.

CSV Import for Topology Rulesets and Rules in DNS Traffic Control

You can import DNS Traffic Control topology rulesets and their rules using the CSV Import feature. You must specify the topology rulesets and rules separated by commas in the CSV file:header-dtctopology,name*,commentheader-dtctopologyrule,dest_link*,dest_type*,name*,parent*,sources*,positiondtctopology,topo_server11,TopologyRuledtctopologyrule,dtc_s11,Server,Rule11,topo_server11,SUBNET/IS_NOT/172.31.0.0/16,1dtctopologyrule,pool12,Server,Rule12,topo_server11,"COUNTRY/IS/Canada",2

Importing Topology Rulesets and Rules

To import topology rulesets, you must specify the header-topology, name and comment columns in the spreadsheet. The name column indicates the name of the topology ruleset. To import topology rules, specify the following in the spreadsheet:

A B C

HEADER-

DTCTOPOLOGY

NAME* COMMENT

HEADER-DTCTOPOLOGYRULE

DEST_LINK* DEST_TYPE* NAME* PARENT* SOURCES* POSITION

DTCTOPOLOGY

topo_server1 Topology Server 1

DTCTOPOLOGYRULE

dtc_s1 SERVER RULE1 topo_server1 SUBNET/IS/10.0.0.0/8

1

DTCTOPOLOGYRULE

dtc_s2 SERVER RULE2 topo_server1 SUBNET/IS/10.120.0.0/16

2

DTCTOPOLOGY

topo_pool1 Topology Pool 3

DTCTOPOLOGYRULE

pool1 POOL RULE3 topo_pool1 COUNTRY/IS/Antarctica,CONTINENT/IS/Africa,SUBDIVISION/IS/Aden

1



You must specify the dest_link, dest_type, name, parent, sources, and position columns when you import a CSV file with topology rules. Note that the dest_link indicates the name of the destination, which is either a pool or server and position indicates the order of rules in a topology ruleset. The values that you specify for dest_link must exist in the database. The dest_type indicates the destination type, which can either be a server or a pool. Specify a name for the topology rule in the name column. In the parent column, you can specify the name of the DTC topology ruleset. The sources column must contain either a subnet IP address or a geographic location. The appliance displays an error message if you do not specify valid GeoIP labels when you import a CSV file.

Supported Object Types

This section describes the supported object types and their corresponding fields for CSV import and export. It also includes examples of how to create data files. Ensure that you review this information before you import or export a data file.

Note: All inherited fields follow the override conventions described in Data Specific Guidelines on page 9.

Table 1.4 Supported DNS Object Types

DNS Object Type Required Fields & SyntaxIDN Supported(Yes/No)

Grid DNS Objects Grid DNS Objects on page 19 Yes

Member DNS Objects Member DNS Objects on page 23 Yes

Authoritative Zone Authoritative Zone on page 28 Yes

Forward-Mapping Zone Forward-Mapping Zone on page 33 Yes

Stub Zone Stub Zone on page 34 Yes

Delegated Zone Delegated Zone on page 34 Yes

Authoritative Name Server Group

Authoritative Name Server Group on page 35 Yes

Forwarding Member Name Server Group

Forwarding Member Name Server Group on page 36

Yes

Stub Member Name Server Group

Stub Member Name Server Group on page 37 Yes

Forward/Stub Server Name Server Group

Forward/Stub Server Name Server Group on page 37

Yes

A Record A Record on page 37 Yes

AAAA Record AAAA Record on page 39 Yes

CNAME Record CNAME Record on page 40 Yes

DNAME Record DNAME Record on page 41 Yes

MX Record MX Record on page 42 Yes

NAPTR Record NAPTR Record on page 44 Yes

NS Record NS Record on page 46 Yes (supports only FQDN)



PTR Record PTR Record on page 47 Yes

SRV Record SRV Record on page 49 Yes

TXT Record TXT Record on page 48 Yes

TLSA Record TLSA Record on page 51 No

Host Record Host Record on page 53 Yes

IPv4 Host Address IPv4 Host Address on page 55 No

IPv6 Host Address IPv6 Host Address on page 57 No

Bulk Host Bulk Host on page 59 No

Rulesets NXDOMAIN and Blacklist Rulesets on page 60 No

NXDOMAIN Rule NXDOMAIN Rule on page 61 No

Blacklist Rule Blacklist Rule on page 61 No

Whitelist Rule Whitelist Rule on page 62 No

DNS64 Synthesis Group DNS64 Synthesis Group on page 62 No

Response Policy Zone Response Policy Zone on page 63 No

Response Policy A Record Response Policy A Record on page 64 No

Response Policy AAAA Record

Response Policy AAAA Record on page 64 No

Response Policy IP A Record Response Policy IP A Record on page 64 No

Response Policy IP AAAA Record

Response Policy IP AAAA Record on page 65 No

Response Policy MX Record Response Policy MX Record on page 65 No

Response Policy NAPTR Record

Response Policy NAPTR Record on page 65 No

Response Policy PTR Record Response Policy PTR Record on page 65 No

Response Policy SRV Record Response Policy SRV Record on page 65 No

Response Policy TXT Record Response Policy TXT Record on page 65 No

Response Policy CNAME Record

Response Policy CNAME Record on page 66 No

Response Policy IP Address Response Policy IP Address on page 66 No

Response Policy Client IP Address

Response Policy Client IP Address on page 66 No

Response Policy IP Address CNAME

Response Policy IP Address CNAME on page 67 No

Response Policy Client IP Address CNAME

Response Policy Client IP Address CNAME on page 68

No

Dynamic Update Group Dynamic Update Group on page 69 No




Table 1.5 Supported DHCP Object Types

Note: IDN is not supported for DHCP object types.

Dynamic Update Cluster Group

Dynamic Update Cluster Group on page 69 No

DHCP Object Type Required Fields & Syntax

Grid DHCP Grid DHCP Objects on page 69

Member DHCP Member DHCP Objects on page 74

Network View Network View on page 80

DNS View DNS View on page 80

IPv4 Network Container IPv4 Network Container on page 83

IPv4 Network IPv4 Network on page 86

IPv6 Network Container IPv6 Network Container on page 90

IPv6 Network IPv6 Network on page 93

IPv4 Shared Network IPv4 Shared Network on page 96

IPv6 Shared Network IPv6 Shared Network on page 98

IPv4 DHCP Range IPv4 DHCP Range on page 99

IPv6 DHCP Range IPv6 DHCP Range on page 104

IPv4 Fixed Address and Reservation IPv4 Fixed Address/Reservation on page 106

IPv6 Fixed Address IPv6 Fixed Address on page 109

DHCP Fingerprint DHCP Fingerprint on page 111

DHCP MAC Filter DHCP MAC Filter on page 112

MAC Filter Address Item MAC Filter Address on page 113

Option Filter Option Filter on page 115

Option Filter Match Rule Option Filter Match Rule on page 116

DHCP Fingerprint Filter DHCP Fingerprint Filter on page 118

Relay Agent Filter Relay Agent Filter on page 117

NAC Filter DHCP Fingerprint Filter on page 118

IPv4 Option Space IPv4 Option Space on page 120

IPv6 Option Space IPv6 Option Space on page 121

IPv4 Option Definition IPv4 Option Definition on page 121

IPv6 Option Definition IPv6 Option Definition on page 122




Table 1.6 Other Supported Objects

Grid DNS Objects

Permissions for DNS resources with associated IP addresses in networks and ranges

Permissions for DNS Resources with Associated IP Addresses in Networks and Ranges on page 123

DHCP Failover Association DHCP Failover Association on page 124

Other Supported Objects Required Fields and Syntax

Grid Member Grid Member on page 125

Upgrade Groups

Distribution Schedules

Upgrade Schedules

Upgrade Groups and Schedules on page 129

Named ACLs (access control lists) Named ACLs on page 130

ACES in Named ACLs on page 131

Infoblox Network Insight Discovery Credentials on page 132

Field Name Data Type Required (Yes/No)Associated GUI Field

Associated PAPI Method Usage and Guidelines

Header-GridDNS String Yes Identifies the first row as a header row for the Grid DNS objects. Example: GridDNS

refresh Unsigned integer

No Indicates the refresh time in seconds. Example: 10800

retry Unsigned integer

No Indicates the retry time in seconds. Example: 3600

expire Unsigned integer

No Indicates the expiration time in seconds. Example: 2419200

default_ttl Unsigned integer

No Indicates the default TTL value in seconds. Example: 28800

negative_ttl Unsigned integer

No Indicates the negative TTL value in seconds. Example: 900

lame_ttl Unsigned integer

No Indicates the lame TTL value in seconds. Example: 600

email String No Indicates the email address. Example: [email protected]

enable_secondary_notify Boolean No Enable Grid secondaries to send notification. Example: False

enable_notify_source_port Boolean No Enable notification source port Example: False

notify_source_port Unsigned integer

No Indicates notify-source port number.

enable_query_source_port Boolean No Enable query source port. Example: False

DHCP Object Type Required Fields & Syntax



query_source_port Unsigned integer

No Indicates query-source port number.

allow_transfer ACL No Allow zone transfers to

allow_transfer List of address_tsig_ac items. Example: NACL1or 12.0.0.12/Deny,1234::/64/Allow. Note that you can import the name of a named ACL in this field.

excluded_servers IP address list

No List of excluded servers for zone transfers.

zone_transfer_format_option String No Indicates the zone transfer format. Example: MANY_ANSWERS

allow_query ACL No Allow queries from

allow_query List of address_tsig_ac items. It can be an IP address, a network entry, Any or a TSIG-/permission. If the first value is not Any or TSIG-, it is assumed to be an IP address or a network entry. Example: 10.0.0.10/Allow, 11.0.0.0/16/Deny, TSIG-foo/xyz/Allow. It can also be a named ACL. Example: NACL1.

recursion_enabled Boolean No Indicates the flag to respond to recursive queries. Example: False

recursive_query_list ACL No It can be an IP address, a network entry, Any or a TSIG-/permission. If the first value is not Any or TSIG-, it is assumed to be an IP address or a network entry. Example: 10.0.0.10/Allow, 11.0.0.0/16/Deny, TSIG-foo/xyz/Allow. It can also be a named ACL. Example: NACL1.

allow_update ACL No Allow updates from

allow_update List of address_tsig_ac items. It can be an IP address, a network entry, Any or a TSIG-/permission. If the first value is not Any or TSIG-, it is assumed to be an IP address or a network entry. Example: 10.0.0.10/Allow, 11.0.0.0/16/Deny, TSIG-foo/xyz/Allow. It can also be a named ACL. Example: NACL1.

allow_update_forwarding Boolean No Allow updates from

forward_to Enable update forwarding for secondary zones. Example: False

allow_bulkhost_ddns String No Enable updates to PTR records sourced from a bulkhost. Example: Refuse

forwarders_only Boolean No Use Forwarders Only

Enable use of forwarders only. Example: False

allow_forwarder IP address list

No Indicates the list of forwarders.

enable_custom_root_server Boolean No Indicates the flag to enable custom root servers. Example: False





root_name_servers Root nameserver list

No Indicates the list of custom root servers. Example: rnm1.test.com/1.1.1.1/,...

The appliance displays an error message if the root_name_servers column has an empty value when the enable_custom_root_server field is set to True in the imported CSV file.

enable_blackhole Boolean No Enable blackhole setting. Example: False

blackhole ACL No Indicates the list of banned addresses. Example: NACL or 12.0.0.12/Deny,1234::/64/Allow,..

notify_delay Unsigned integer

No notify_delay This field specifies the seconds of delay the notify messages are sent to the secondaries. The valid value is between 5 and 86400 seconds. Example: 5

enable_nxdomain_redirect Boolean No Enable intercept and redirect nxdomain responses. Example: False

nxdomain_redirect_addresses IP address list

No Indicates the list of IPv4 addresses to redirect to for nxdomain responses. Example: 1.1.1.1,2.2.2.2,...

nxdomain_redirect_ttl Unsigned integer

No Indicates the NXDOMAIN redirect ttl in seconds. Example: 60

nxdomain_log_query Boolean No If you set this to True, the appliance logs the NXDOMAIN redirections. Example: False

nxdomain_rulesets Pattern list No Indicates the list of ruleset objects that are used for NXDOMAIN redirection. Example: pattern1/MODIFY, pattern2/PASS, ...

enable_blacklist Boolean No enable_blacklist Enable or disable blacklist redirection at the Grid level. Example: False

blacklist_redirect_addresses IP address list

No blacklist_ redirect_ addresses

Indicates the list of IPv4 addresses to which the blacklisted queries are redirected. Example: 1.1.1.1,2.2.2.2

blacklist_action String No Action blacklist_action Indicates the action to be performed when a domain name matches the pattern defined in an assigned rule. Example: Refuse

blacklist_redirect_ttl Unsigned integer

No blacklist_ redirect_ttl

Indicates the blacklist redirect TTL value in seconds. Example: 60

blacklist_log_query Boolean No blacklist_log_ query

When this is set to True, blacklisted queries are logged. Example: False

blacklist_rulesets List of domain names

No blacklist_ rulesets

List of ruleset objects that are used for blacklist redirection. Example: list1.com, list2.com, ...

enable_dns64 Boolean No Enable DNS64 synthesis. Example: False





dns64_groups List of Dns64 groups

No List of SynthesisGroup objects. Example: dns64_groupA, dns64_groupB, ...

host_rrset_order Boolean No Specify True to set the enable_host_rrset_order flag or False to deactivate enable_host_rrset_order value at the Grid level. Example: False

preserve_host_rrset_order_on_secondaries

Boolean No Specify True to set the preserve_host_rrset_order_on_secondaries flag or False to deactivate preserve_host_rrset_order_on_secondaries value at the Grid level. The default value is False. Example: False

filter_aaaa String No Indicates the type of AAAA filtering for this Grid DNS object. The default value is No. Example: Yes

filter_aaaa_list ACL No Indicates the list of IPv4 addresses and networks from which queries are received. Note that the AAAA filtering is applied to these addresses. Example: 12.0.0.12/Deny,13.0.0.0/8/Allow,.. or NACL1

copy_xfer_to_notify Boolean No Enable or disable copying of the allowed IP addresses from zone transfer list into also-notify statement in named.conf. Example: False

transfers_in Unsigned integer

No Indicates the number of maximum concurrent transfers for the Grid. You can specify unsigned integers between 10 and 100. The default value is 10. Example: 10

transfers_out Unsigned integer

No Indicates the number of maximum outbound concurrent zone transfers for the Grid. You can specify unsigned integers between 10 and 100. The default value is 10. Example: 10

transfers_per_ns Unsigned integer

No Indicates the number of maximum concurrent transfers per member for the Grid. You can specify unsigned integers between two and 100. The default value is two. Example: 2

serial_query_rate Unsigned integer

No Indicates the number of maximum concurrent SOA queries per second for the Grid. You can specify unsigned integers between 20 and 100. The default value is 20. Example: 20

max_cache_ttl Unsigned integer

No Indicates the maximum time (in seconds) for which the server will cache positive answers. The default value is 604800.

max_ncache_ttl Unsigned integer

No Indicates the maximum time (in seconds) for which the server will cache negative (NXDOMAIN) responses. The default value is 10800. The maximum allowed value is 604800.





Member DNS Objects

NIOS does not support add and delete operations.

Note: When you export member DNS properties, the CSV file might include the unbound_logging_level field with OPERATIONS as the value. Although this field is only applicable to the IB-4030 and IB-4030-10GE appliances and might not apply to your Grid members, you can still perform CSV import using the CSV export file that contains this field without any issues.

disable_edns Boolean No Enable or disable EDNS0 support for queries that require recursive resolution. The default value is False.

query_rewrite_enabled Boolean No When this is set to True, query rewrite is enabled at the Grid level. Example: False

query_rewrite_domain_names List of domain names

No Indicates the list of domain names that trigger DNS query rewrite.Example: aa.com, bb.com.

query_rewrite_prefix String No Indicates the domain name prefix for DNS query rewrite. The default value is undefined.

rpz_drop_ip_rule_enabled Boolean No Ignore RPZ-IP triggers with too small prefix lengths

When this is set to True, DNS server ignores RPZ-IP rules with prefix lengths that are less than the specified prefix length limit. Example: TRUE

rpz_drop_ip_rule_min_prefix_length_ipv4

Unsigned Integer

No Minimum IPv4 Prefix Length

Indicates the minimum IPv4 prefix length for RPZ-IP triggers. The default value is 29.


Unsigned Integer



rpz_hit_rate_interval Unsigned Integer

No Interval Indicates the minimum time interval in seconds between RPZ hit rate checks. The default interval is 10 seconds.

rpz_hit_rate_min_query Unsigned Integer

No Minimum query

Indicates the minimum number of queries between RPZ hit rate checks. The default value is 1000.

rpz_hit_rate_max_query Unsigned Integer

No Maximum query

Indicates the maximum number of queries between RPZ hit rate checks. The default value is 100000.



Header-MemberDns String Yes Identifies the first row as a header row for the member DNS objects. Example: MemberDns

parent FQDN Yes Indicates the parent object. Example: member1.infoblox.com





dns_over_mgmt Boolean No Enable or disable DNS services on the MGMT port. Example: False

dns_over_lan2 Boolean No Enable or disable DNS services on the LAN2 port. Example: False

minimal_response Boolean No Enable or disable minimal response of the DNS server. Example: False



allow_forwarder IP address list

No Indicates the list of forwarders.

member_view_nats List of Member view NATs

No Indicates the list of views with NAT address used for creating glue records for the view. Example: dns_view1/INTERFACE/10.10.10.

enable_notify_source_port Boolean No Enable or disable notify_source_port. Example: False

notify_source_port Unsigned integer

No Indicates the notify source port number.

enable_query_source_port Boolean No Enable or disable query_source_port. Example: False

query_source_port Unsigned integer

No Indicates the query source port number.

lame_ttl Unsigned integer

No Indicates the lame TTL value in seconds. Example: 600

auto_sort_views Boolean No Enable or disable DNS views auto-sort. Example: False

member_views List of Member views

No Indicates the list of member views. Example: dns_view1, dns_view2,..


allow_transfer List of address_tsig_ac items.Note that you can import the name of a named ACL in this field. Example: NACL1or 12.0.0.12/Deny,1234::/64/Allow.

excluded_servers IP address list

No List of excluded servers for zone transfers.

zone_transfer_format_option String No Indicates the zone transfer format. Example: MANY_ANSWERS

recursion_enabled Boolean No Indicates the flag to respond to recursive queries. Example: False






allow_query List of address_tsig_ac items. It can be an IP address, a network entry, Any or a TSIG-/permission. If the first value is not Any or TSIG-, it is assumed to be an IP address or a network entry. Example: 10.0.0.10/Allow, 11.0.0.0/16/Deny, TSIG-foo/xyz/Allow. It can also be a named ACL. Example: NACL1.

allow_recursive_query ACL No List of address_tsig_ac items. It can be an IP address, a network entry, Any or a TSIG-/permission. If the first value is not Any or TSIG-, it is assumed to be an IP address or a network entry.

Example:"10.0.0.10/Allow,11.0.0.

0/16/Deny,TSIG-foo/xyz/Allow,.."

or it can be a named ACL. Example:

"NACL1"

limit_concurrent_recursive_clients Boolean No Enable limit of concurrent recursive client number. Example: False

concurrent_recursive_clients Unsigned integer

No Indicates the number of clients allowed to perform concurrent queries. Example: 1000


allow_update List of address_tsig_ac items. It can be an IP address, a network entry, Any or a TSIG-/permission. If the first value is not Any or TSIG-, it is assumed to be an IP address or a network entry. Example: 10.0.0.10/Allow, 11.0.0.0/16/Deny, TSIG-foo/xyz/Allow. It can also be a named ACL. Example: NACL1.

allow_gss_tsig_zone_updates Boolean No Allow GSS-TSIG clients to perform zone updates. Example: False

allow_update_forwarding Boolean No Allow updates from

forward_to Enable update forwarding for secondary zones. Example: False

enable_custom_root_server Boolean No Indicates the flag to enable custom root servers. Example: False

root_name_servers Root nameserver list

No Indicates the list of custom root servers. Example: rnm1.test.com/1.1.1.1/,.

The appliance displays an error

message if the root_name_servers

column has an empty value when

the enable_custom_root_server

field is set to True in the imported

CSV file.

enable_blackhole Boolean No Enable blackhole setting. Example: False





blackhole ACL No Indicates the list of banned addresses. Example: NACL or 12.0.0.12/Deny,1234::/64/Allow,..


No notify_delay This field specifies the seconds of delay the notify messages are sent to the secondaries. The valid value is between 5 and 86400 seconds. Example: 5

enable_nxdomain_redirect Boolean No Enable intercept and redirect nxdomain responses. Example: False

nxdomain_redirect_addresses IP address list

No Indicates the list of IPv4 addresses to redirect to for nxdomain responses. Example: 1.1.1.1,2.2.2.2,...

nxdomain_redirect_ttl Unsigned integer

No Indicates the NXDOMAIN redirect ttl in seconds. Example: 60

nxdomain_log_query Boolean No If you set this to True, the appliance logs the NXDOMAIN redirections. Example: False

nxdomain_rulesets Pattern list No Indicates the list of ruleset objects that are used for NXDOMAIN redirection. Example: pattern1/MODIFY, pattern2/PASS, ...

enable_blacklist Boolean No enable_blacklist Enable or disable blacklisting at the Grid level. Example: False

blacklist_redirect_addresses IP address list

No blacklist_redirect_addresses

Indicates the list of IPv4 addresses to which the blacklisted queries are redirected. Example: 1.1.1.1,2.2.2.2

blacklist_action String No Action blacklist_action Indicates the action to be performed when a domain name matches the pattern defined in an assigned rule. Example: Refuse

blacklist_redirect_ttl Unsigned integer

No Indicates the TTL value of synthetic DNS responses resulted by blacklisted queries. Example: 60

blacklist_log_query Boolean No blacklist_log_ query

Indicates if blacklisted queries must be logged. Example: False

blacklist_rulesets List of domain names

No blacklist_rulesets Indicates the ruleset objects that are blacklisted at the Grid level. Example: list1.com, list2.com, ...

enable_dns64 Boolean No Enable DNS64 synthesis. Example: False

dns64_groups List of Dns64 groups

No List of SynthesisGroup objects. Example: dns64_groupA, dns64_groupB, ...





max_cached_lifetime Unsigned integer

No Indicates the maximum time in seconds a DNS response can be stored in the hardware acceleration cache. You can specify unsigned integer between 60 and 86400. Default value is 86400.

dns_over_v6_mgmt Boolean No Enable or disable DNS services on the IPv6 MGMT port. Example: False

dns_over_v6_lan2 Boolean No Enable or disable DNS services on the IPv6 LAN2 port. Example: False

filter_aaaa String No Indicates the type of AAAA filtering for this Grid DNS object. The default value is No. Example: Yes

filter_aaaa_list ACL No Indicates the list of IPv4 addresses and networks from which queries are received. Note that the AAAA filtering is applied to these addresses. Example: 12.0.0.12/Deny,13.0.0.0/8/Allow,.. or NACL1

dns_over_v6_lan Boolean No Example: False

copy_xfer_to_notify Boolean No Enable or disable copying of the allowed IP addresses from zone transfer list into also-notify statement in named.conf. Example: False

transfers_in Unsigned integer

No Indicates the number of maximum concurrent transfers for the Grid. You can specify unsigned integers between 10 and 100. The default value is 10. Example: 10

transfers_out Unsigned integer

No Indicates the number of maximum outbound concurrent zone transfers for the Grid. You can specify unsigned integers between 10 and 100. The default value is 10. Example: 10

transfers_per_ns Unsigned integer

No Indicates the number of maximum concurrent transfers per member for the Grid. You can specify unsigned integers between two and 100. The default value is two. Example: 2

serial_query_rate Unsigned integer

No Indicates the number of maximum concurrent SOA queries per second for the Grid. You can specify unsigned integers between 20 and 100. The default value is 20. Example: 20

max_cache_ttl Unsigned integer

No Indicates the maximum time (in seconds) for which the server will cache positive answers. The default value is 604800.





Authoritative Zone

You can import the name of a named ACL in the fields that support named ACLs, such as allow_transfer, allow_query, and allow_update.

Note: IDN is supported for object types: fqdn, soa_mname, and soa_email. You can use punycode or IDNs while importing these objects.

max_ncache_ttl Unsigned integer

No Indicates the maximum time (in seconds) for which the server will cache negative (NXDOMAIN) responses. The default value is 10800. The maximum allowed value is 604800.

disable_edns Boolean No Enable or disable EDNS0 support for queries that require recursive resolution. The default value is False.

query_rewrite_enabled Boolean No When this is set to True, query rewrite is enabled at the Grid level. Example: False

ADMGRP-XXXX String No Permissions Admin Group/Role

permission ADMGRP-JimSmith is an example of an admin permission of a specific admin group. Example: RW

rpz_drop_ip_rule_enabled Boolean No Ignore RPZ-IP triggers with too small prefix lengths

When this is set to True, DNS server ignores RPZ-IP rules with prefix lengths that are less than the specified prefix length limit. Example: TRUE


Unsigned Integer




Unsigned Integer

No Maximum IPv4 Prefix Length


Field Name Data Type Required (Yes/N0)Associated GUI Field


Header-AuthZone String Yes

fqdn FQDN Yes Name name Example: test.com

zone_format String Yes Valid values are FORWARD, IPV4,and IPV6

view String No DNS view views If no view is specified, the Default view is used.

prefix String No prefix Prefix is used for reverse-mapping RFC2317 zones only. If you include a prefix in a forward-mapping zone, the appliance ignores the prefix. No error message is generated.

_new_prefix String No Add this field to overwrite the prefix field when you select the overwrite or merge option.Use the hostname of the grid member in this field. Example: infoblox.localdomain





is_multimaster Boolean No Multi-master is_multimaster Indicates whether the zone has multiple primary servers.Example: True

grid_primaries Grid member list and stealth state

No Grid Primary/ Stealth

primarystealth

Data must be in the following format: hostname/stealthExample: foo.localadmin/False,corp1.com/True,...

external_primaries Server list No External Primary

primary Data must be in the following format: name/ip/stealth/use_2x_tsig/use_tsig/tsig_name/tsig_key/ tsig_key_algorithm. Only name and ip are required fields. If no value is specified for stealth, use_2x_tsig, and use_tsig, the default value FALSE is used. If either use_2x_tsig or use_tsig is TRUE, tsig_name and tsig_key are required. If no value is specified for tsig_key_algorithm, the default value is HMAC-MD5. If both use_2x_tsig and use_tsig are TRUE, only use_tsig = TRUE and the tsig key name and key are imported. Example: "ext1.test.com/1.1.1.1/FALSE"

grid_secondaries Member server list

No Grid Secondary

secondaries Data must be in the following format: hostname/stealth/lead/grid_ replicate. Only hostname is required. If you do not specify values for stealth, lead, and grid_replicate, the default value FALSE is used.Example: "member1.localdomain/FALSE

/TRUE/FALSE"

external_secondaries Server list No External Secondary

secondaries Data must be in the following format:

name/ip/stealth/use_2x_tsig/use_tsig/tsig_name/tsig_key/

tsig_key_algorithm. Only name and ip are

required fields. If no value is specified for

stealth, use_2x_tsig, and use_tsig, the default

value FALSE is used. If either use_2x_tsig or

use_tsig is TRUE, tsig_name and tsig_key are

required. If no value is specified for

tsig_key_algorithm, the default value is

HMAC-MD5. If both use_2x_tsig and use_tsig

are TRUE, only use_tsig = TRUE and the tsig key

name and key are imported. Example: "sec1.com/1.1.1.1/FALSE/FALSE/FALSE/foo/sdfssdf86ew"

ns_group String No Name server group

ns_group Authoritative name server group name.

Example: name-ns-group1

comment String No Comment comment

disabled Boolean No Disable disable Example: FALSE

create_underscore_zones

Boolean No Automatically create underscore zones

create_underscore_zones

Example: FALSE





allow_active_dir List of IP addresses

No Allow unsigned updates from these domain controllers

enable_ad_server The Valid value is a list of IP addresses.

Example: 1.1.1.1, 10.0.0.1

soa_refresh Unsigned integer

No Refresh soa_refresh When you modify this field to override an inherited value, you must include values for all SOA timer fields. The appliance updates all the SOA timers when you update any of them.

soa_retry Unsigned integer

No Retry soa_retry Ensure that you include this field when you override the soa_refresh field.

soa_expire Unsigned integer

No Expire soa_expire Ensure that you include this field when you override the soa_refresh field.

soa_default_ttl Unsigned integer

No Default TTL soa_default_ttl Ensure that you include this field when you override the soa_refresh field.

soa_negative_ttl Unsigned integer

No Negative- caching TTL

soa_negative_ttl Ensure that you include this field when you override the soa_refresh field.

soa_mnames FQDN list No List of SOA MNAME fields

soa_mname Data must include the FQDN and hostnameExample:

foo.localdomain/foobar.localadmin,...

soa_email Email address

No Email address for SOA MNAME field

soa_email Example: [email protected]

soa_serial_number Unsigned integer

No Serial Number soa_serial_number

disable_forwarding Boolean No Dont user forwarders...

disable_forwarding Example: TRUE

allow_update_forwarding

Boolean No Allow updates from

forward_to Example: FALSE

update_forwarding ACL No Allow updates from... Permission table

forward_to Data must be in the following formats: ip address/permissionnetwork/network cidr/permissionANY/permissionTSIG-XXX/permissionPermission can be ALLOW or DENY

If the first value is not Any or TSIG-, it is assumed to be an IP or network address.Example: "10.0.0.10/Allow,11.0.0.0/16/Deny,TSIG-foo/sdfdsfwhsdgfsw8sdf/Allow"


allow_transfer Example: "12.0.0.12/Deny,1234::/64/Allow"Note that you can import the name of a named ACL in this field.


allow_update Example: 13.0.0.0/8/AllowNote that you can import the name of a named ACL in this field.


allow_query Example: 127.0.0.1/AllowNote that you can import the name of a named ACL in this field.





Examples

This section contains examples of how to create data files for DNS zones. All examples use comma as the separator. You can use other supported separators, such as semicolon, space, or tab.

Adding DNS Zones

This example shows how to add a forward mapping zone, corp100.com, with a Grid primary and a Grid secondary, where the grid secondary = hostname/stealth/lead/grid_replicate.

header-authzone,fqdn*,zone_format*,comment,grid_secondariesauthzone,corp100.com,FORWARD,USA,member.infoblox.com/False/False3

This example shows how to create a data file to add an IPv4 reverse mapping zone, 100.0.0.0/8, with a Grid primary and an external secondary, where the external secondary = name/ip/stealth/use_2x_tsig/use_tsig/tsig_name/tsig_key.

header-authzone,fqdn*,zone_format*,external_secondariesauthzone,100.0.0.0/8,IPV4,ns2.com/2.2.2.2/False/False/False/None/None

This example shows how to create a data file to add an IPv6 reverse-mapping zone, 1234::/64, with an external primary and a Grid secondary, where the external primary = name/ip/stealth/use_2x_tsig/use_tsig/ tsig_name/tsig_key.

header-authzone,fqdn*,zone_format*,external_primaries,grid_secondariesauthzone,1234::/64,IPV6,ns1.com/1.1.1.1/False/False/False/None/None, member.infoblox.com/False/False/False

Overwriting DNS Zone Data

This example shows how to overwrite a comment from USA to Japan and remove the Grid secondary.

header-authzone,fqdn*,zone_format*,comment,grid_secondariesauthzone,corp100.com,FORWARD,Japan

Merging DNS Zone Data

This example shows how to merge the extensible attribute Site = HQ and add the RW permission to an admin group DNS_admins.


No notify_delay This field specifies the seconds of delay the notify messages are sent to the secondaries. The valid value is between 5 and 86400 seconds.Example: 10

EA-Site String No Extensible attribute

extensible_attributes EA-Site is an example of a predefined extensible attribute. You can add other predefined attributes to the data file. For information about data format and examples, see Data Specific Guidelines on page 9.

EA-Users List No Extensible attribute

extensible_attributes EA-Users is an example of a user defined attribute. You can add other user defined attributes to the data file. For information about data format and examples, see Data Specific Guidelines on page 9.

ADMGRP-JoeSmith String No Permissions Admin Group/Role

permission ADMGRP-JoeSmith is an example of an admin permission of a specific admin group. For information about data format and examples, see Data Specific Guidelines on page 9.





header-authzone,fqdn*,zone_format*,ADMGRP-DNS_admins,EA-siteauthzone,corp100.com,FORWARD,RW,HQ

This example shows how to add an external secondary with these values: ns3.com/2.2.2.2/False/False/False/None/None.

header-authzone,fqdn*,zone_format*,external_secondariesauthzone,100.0.0.0/8,IPV4,ns2.com/2.2.2.2/False/False/False/None/None,ns3.com/2.2.2.2/False/False/False/None/None

Adding Named ACL Data

This example shows how to import the names of named ACLs in supported fields, such as allow_transfer, allow-query, and allow_update:

Header-authzone,fqdn*,grid_primary,view,external_secondaries,allow_transfer,allow_query,zone_type,allow_active_dir,allow_update,zone_format,notify_delay,disabled,grid_primary_stealth,soa_negative_ttl,soa_mname,soa_default_ttl,soa_retry,,create_underscore_zones,soa_serial_number,soa_email,comment,soa_expire,soa_refreshauthzone,test_data_export.com,infoblox.localdomain,default,test_data.infoblox.com/1.1.1.1/TRUE,"12.0.0.12/Deny,1234::/64/Allow",My_Named_ACL,Authoritative,1.2.3.4,"1234::/64/Allow",FORWARD,100,FALSE,FALSE,100,mname2,300,600,FALSE,FALSE,1,[email protected],Authzone2,200,500authzone,test_csv_export.com,infoblox.localdomain,default,test_csv.infoblox.com/1.1.1.1/TRUE,My_Named_ACL,"12.0.0.12/Deny,1234::/64/Allow",,2.3.4.5,"4321::/64/Allow",FORWARD,100,FALSE,FALSE,400,mname1,900,800,FALSE,FALSE,1,[email protected],Authzone1,100,200



Forward-Mapping Zone

Note that to delete a parent zone and the associated subzones, you must add remove-subzones column to the CSV export file and set the value to True. If you want to delete only the parent zone, then you must set this column value to False.



Header-ForwardZone String Yes Identifies the first row as a header row for the forward zones. Example: ForwardZone

fqdn FQDN Yes Name zone This field combines the AAAA record name and the zone name to form the FQDN. Example: aaaa1.corp100.com

view String No DNS View views If no view is specified, the default view is used. Example: Default

zone_format String Yes Type Valid values are FORWARD, IPV4,and IPV6.

prefix String No RFC 2317 Prefix

prefix Prefix is used for reverse-mapping RFC2317 zones only. If you include a prefix in a forward-mapping zone, the appliance ignores the prefix. No error message is generated.

disabled Boolean No Disable disable Enable or disable the forward zone. Example: FALSE

comment String No Comment comment Example: This is a Forward zone.

forward_to Zone forwarder list

Yes Default Zone Forwarders

List of forwarders for a Forward type zone. Example: fwd1.test.com/1.1.1.1/,...

forwarding_servers Forwarding members list

No Members List of forwarding servers. Example: "infoblox.localdomain,..."



ns_group String No ns_group Forwarding member name server group name. Example: fwd_ns_group1.

ns_group_external String No external_ns_group Forward/Stub server name server group name. Example: ext_ns_group1.


extensible_attributes EA-Site is an example of a predefined extensible attribute. You can add other predefined attributes to the data file. Example: California.


extensible_attributes EA-Users is an example of a user defined attribute. You can add other user defined attributes to the data file. Example: [Annie, John].





Stub Zone

Delegated Zone



Header-StubZone String Yes Identifies the first row as a header row for the stub zones. Example: StubZone






disabled Boolean No Disable disable Enable or disable the stub zone. Example: FALSE

comment String No Comment comment Example: This is a stub zone.

disable_forwarding Boolean No Do not use forwarders

disable_forwarding Enable or disable forwarding. Example: False

stub_from Master Nameserver list

Yes List of external stub servers. Example: "nm1.test.com/2.2.2.2,..."

stub_members Member server list

No List of stub Grid members.

ns_group String No ns_group Stub member name server group name. Example: stub_ns_group1.

ns_group_external String No external_ns_group Forward/Stub server name server group name. Example: ext_ns_group1.









Header-DelegatedZone String Yes Identifies the first row as a header row for delegated zones. Example: DelegatedZone




Authoritative Name Server Group





disabled Boolean No Disable disable Enable or disable the zone. Example: FALSE

comment String No Comment comment Example: Delegated zone header.

delegate_to Delegated Servers list

Yes Example: delegate_server1.test.com/1.1.1.1/,

delegated_ttl Unsigned integer

No This is an inherited field. Example: 28800









Header-NsGroup String Yes Identifies the first row as a header row for the authoritative name server group objects. Example: AuthoritativeNsGroup.

group_name String Yes Indicates the name of the authoritative name server group. Example: ns_group1

_new_group_name String No You can overwrite the group name.

grid_primaries Grid member list and stealth state

No Grid Primary/ Stealth

primary stealth List of primary servers of the name server group. The valid format is: hostname/stealthExample: foo.localadmin/False,corp1.com/True,...

external_primaries Server list No External Primary

primary List of external primary servers. The valid format is: name/ip/stealth/use_2x_tsig/use_tsig/tsig_name/tsig_key. Only name and IP address are required. If stealth is not specified, use_2x_tsig and use_tsig are used and the default value is set to False . Example: "ext1.test.com/1.1.1.1/FALSE,.."





Forwarding Member Name Server Group

external_secondaries Server list No External Secondary

secondaries List of external secondary servers. The valid format is: name/ip/stealth/use_2x_tsig/use_tsig/tsig_name/tsig_key. Only name and IP address are required. Default values are assumed for stealth, use_2x_tsig and use_tsig. If either use_2x_tsig or use_tsig is True, then tsig_name and tsig_key are required. Example: "sec1.com/1.1.1.1/FALSE/FALSE/FALSE/foo/sdfsdf86ew,.."

grid_secondaries Member server list

No Grid Secondary

secondaries List of Grid secondary servers. The valid format is: hostname/stealth/lead/grid_replicate. Only hostname is required. The appliance assumes default value for stealth. Values are not specified for lead and grid_replicate fields. Example: "member1.localdomain/FALSE/TRUE/FALSE,"

is_grid_default Boolean No Set this to True to set this name server group as Grid default, set to False to unset this name server group as Grid default. Example: False

comment String No Comment comment Example: This is a authoritative name server group.



EA-Users String No Extensible attribute

extensible_attributes EA-Users is an example of a user defined attribute. You can add other user defined attributes to the data file. Example: John.



Header-ForwardingMemberNsGroup

String Yes Identifies the first row as a header row for the forwarding member name server group objects. Example: ForwardingMemberNsGroup.

group_name String Yes Name name Indicates the name of the forwarding member name server group. Example: fwd_ns_group1


comment String No Comment comment Example: This is a forwarding member name server group.

forwarding_servers Forwarding members list

Yes forwarding_servers List of forwarding servers. Example: infoblox.localdomain.

EA-XXX String No Extensible attribute

extensible_attributes EA-XXX is an example of a user defined attribute. You can add other user defined attributes to the data file. Example: John.





Stub Member Name Server Group

Forward/Stub Server Name Server Group

A Record

Note: IDN is supported for object type: fqdn. You can use IDN or punycode while importing this object.



Header-StubMemberNsGroup

String Yes Identifies the first row as a header row for the stub member name server group objects. Example: StubMemberNsGroup.

group_name String Yes Name name Indicates the name of the stub member name server group. Example: stub_ns_group1


comment String No Comment comment Example: This is a stub member name server group.

stub_members Member server list

Yes stub_members List of stub Grid members.





Header-ForwardStubServerNsGroup

String Yes Identifies the first row as a header row for the forward/stub server name server group objects. Example: ForwardStubServerNsGroup.

group_name String Yes Name name Indicates the name of the forward/stub server name server group. Example: ext_ns_group1


comment String No Comment comment Example: This is a forward/stub server name server group.

external_servers External server list

Yes external_servers List of external servers.



Field Name Data Type Required (Yes/No)Associated GUI Field Associated PAPI Method Usage and Guidelines

Header-ARecord String Yes Example: ARecord

fqdn FQDN Yes Name name This field combines the A record name and the zone name to form the FQDN. Example: a1.corp100.com



Examples

This section contains examples of how to create data files for A records. All examples use comma as the separator. You can use other supported separators, such as semicolon, space, or tab.

Adding an A Record

This example shows how to add an A record, bind_a.corp100.com, with the extensible attribute Site = Infoblox, and the permission, DNS_Admins = RO.

header-arecord,address*,fqdn*,ADMGRP-DNS_Admins,EA-Sitearecord,100.0.0.1,bind_a.corp100.com,RO,Infoblox

Overwriting A Record Data

This example shows how to modify the permission of the admin group DNS_Admins from RO to DENY in an existing A record, bind_a.corp100.com.

header-arecord,address*,fqdn*,ADMGRP-DNS_Adminsarecord,100.0.0.1,bind_a.corp100.com,DENY

Merging DNS Zone Data

This example shows how to merge the TTL value = 1280 to an existing A record, bind_a.corp100.com.

_new_fqdn FQDN No Add this field to overwrite the fqdn field when you select the overwrite or merge option.

view String No DNS View views If no view is specified, the Default view is used.

address IP address Yes IP Address ipv4addrss Example: 192.138.1.1

_new_address IP address No Add this field to overwrite the address field when you select the overwrite or merge option.


disabled Boolean No Disable disable Example: FALSE

ttl Unsigned integer

No TTL ttl This is an inherited field. For information, see Data Specific Guidelines on page 9.Example: 7200

EA-Site String No Extensible attribute Site


EA-Users List No Extensible attribute Users

extensible_attributes EA-Users is an example of a user defined attribute. You can add other user defined attributes to the data file. For information about data format and examples, see Data Specific Guidelines on page 9.

ADMGRP-JoeSmith String No Permissions Admin Group/Role

permission ADMGRP-JoeSmith is an example of an admin permission of a specific admin group. For information about data format and examples, see Data Specific Guidelines on page 9.




header-arecord,address*,fqdn*,ttlarecord,100.0.0.1,bind_a.corp100.com,1280

AAAA Record

Note: IDN is supported for object type: fqdn. You can use IDN or punycode while importing this object.

Examples

This section contains examples of how to create data files for AAAA records. All examples use comma as the separator. You can use other supported separators, such as semicolon, space, or tab.

Adding an AAAA Record

This example shows how to add an AAAA record, bind_aaaa.corp100.com, with a comment = add by superuser, and TTL = 3600.


Header-AaaaRecord String Yes Example: AaaaRecord


_new_fqdn FQDN No Add this field to overwrite the fqdn field when you select the overwrite or merge option.

view String No DNS View views If no view is specified, the Default view is used. Example: Default

address IPv6 address Yes IP Address ipv6addrss Example: 100::10

_new_address IPv6 address No Add this field to overwrite the address field when you select the overwrite or merge option.


disabled Boolean No Disable disabled Example: FALSE

ttl Unsigned integer

No TTL ttl This is an inherited field. For information, see Data Specific Guidelines on page 9.Example: 7200

EA-Site String No Extensible attribute Site


EA-Users List No

infoblox csv import reference 8.0 csv import reference (rev. a) 3 preface this preface describes the...

Documents