你在这里

Infoblox 发布 NIOS 7.0.0

Infoblox NIOS 7.x 版软件,加上 Infoblox 设备平台,使客户能够部署大型,强壮的、 易于管理且成本效益高的 Infoblox 网格。此下一代解决方案将为网络和应用提供不间断的分布式核心网络服务— 包括 DNS、 DHCP、 NTP、 TFTP、 FTP 和实时服务管理技术。

NIOS 7.0.0 版中的新功能包括:

云网络自动化

Infoblox 云网络自动化的解决方案为你的 CMP (云管理平台) 中的物理和虚拟网络设备提供自动化的IPAM(IP 地址管理)。您可以使用Infoblox网格自动化提供和管理云网络中虚拟设备的创建和销毁过程中所需要的的IP地址,DNS 和 DHCP 服务,而不是手动的设定。

当云计算中包含大量的有多个网络接口服务器和 Vm (虚拟机)时,手动配置和删除设备的 IP 地址和管理 DNS 和 DHCP 数据容易出错且耗费大量时间。利用云计算网络自动化 IP 地址和 DNS 记录管理能最小化人为错误,提高您的云计算网络的可见性、 灵活性和效率。

云网络自动化包括两个组成部分: 已安装的云网络自动化许可的主网格控制器和一个或多个云平台设备。云网络自动化许可证能够可视化和汇报云计算租户,网络、 虚拟机 IP 地址和 DNS 资源分配。云平台设备为你您本地的云设备提供 DNS 和 DHCP 服务。这些设备为你的数据中心提供本地化的的可伸缩性的云 API 请求,并由提供网格主机提供可见性。

DNS 流量控制

Infoblox DNS 流量控制提供了一种通过基于查询源 ip 地址,服务器可用性和网络结构调整 DNS 响应的负载平衡解决方案。通过 DNS 流量控制,你可以在全球设置多个站点并配置支持的对象和负载平衡方法的将流量导向到最佳可用的服务器。

支持 IPv6 网格

Infoblox 设备现在在大多数部署中支持 IPv6 的网络。你可以以下模式之一部署网格和配置网格控制器、 网格成员、 报表成员和高可用设备组: 仅使用 IPv4、 仅使用IPv6 ,或 IPv4 和 IPv6 双模式。您还可以配置默认通信协议设置使用 IPv4 或 IPv6 协议。此外,服务和功能,如 NTP 、 DNS 防火墙和管理员通知现在都支持 IPv4 和 IPv6 地址。此外,网格通信现在可以支持仅使用 IPv6,你可以仅配置IPv6 地址给设备(不要求必须使用 IPv4 地址)。

对 Microsoft 站点的支持

此版本增强Microsoft 管理解决方案的支持。

DNS 防火墙增强功能

此版本添加了以下 DNS 防火墙增强功能:

  • RPZ 区的威胁严重性级别
  • 在 syslog记录威胁详细信息
  • DNS 和高级保护 DNS 系统日志的分类和过滤
  • DNS RPZ 点击量排行报表中的严重程度

自动缓解幻域攻击

此版本提供了几个 CLI 命令,减轻幻域攻击(大量的查询请求解析根本不存在的域)。当幻像域攻击发生时,DSN服务器为等待未响应的服务器,耗费宝贵资源。当资源消耗殆尽时,递归服务器可能会减少合法查询,导致严重的性能问题。为了减轻幻域攻击,可以使用下列 CLI 命令来控制无响应的查询: set holddown, set fetches_per_server, set fetches_per_zone, 和 set recursion_query_timeout。有关这些命令的信息,请参阅 Infoblox CLI 指南 》。

DNSSEC 增强

现在,您可以添加网格时指定其 使用多个加密算法生成 KSK 和 ZSK。当您在网格级别添加多个算法时,您可以在区域一级重写。默认情况下,本装置使用 RSA/SHA1算法加密 KSK 和 ZSK。现在,您可以添加 DSA、 RSA/MD5、 RSA/SHA1,RSA/SHA-256 或 RSA/SHA-512 的算法。

配置固定地址时无需重启 DHCP 服务

当您配置或修改一个固定的地址时,默认情况下,为了使新的配置生效需要 DHCP 服务重新启动。现在可以通过启用不重启服务生效的方式来配置一个不在DHCP地址池的固定IP地址来覆盖此默认行为

无视新的租约的 MAC 地址

除了 UID (客户机唯一标识符),现在可以设置 DHCP 服务器忽略 DHCP 客户端的 MAC 地址 (硬件地址)。针对一个DHCP客户端可以指定可多达 10 忽略的 MAC 地址。

被委派的区域的名称服务器组

当您配置名称服务器组时,现在可以创建一组外部名称服务器作为一个代理服务器组并将其分配给委托区域。指定一个代理服务器组而不是配置多个名称服务器分别委派区域可以显著降低配置的重复性。

Network Insight 资产汇聚端口报告

现在设备发现中可以包括所有连接到汇聚端口主机 (物理的和虚拟的)

Report中的增强

此版本添加搜索结果发送到邮箱的功能。

Infoblox API 和基于 Rest 的 API 增强

添加新受支持的对象。


Infoblox NIOS 7.x software, coupled with Infoblox appliance platforms, enables customers to deploy large, robust, manageable and cost-effective Infoblox Grids. This next-generation solution enables distributed delivery of core network services—including DNS, DHCP, IPAM, TFTP, and FTP—with the nonstop availability and real-time service management required for today’s 24x7 advanced IP networks and applications.

New features in NIOS 7.0.0 include:

Cloud Network Automation

The Infoblox Cloud Network Automation solution automates IPAM (IP address management) for physical and virtual network devices on your CMP (Cloud Management Platform). Instead of manually provisioning IP addresses and DNS name spaces for network devices and interfaces, you can use Cloud Network Automation to provision and manage IPAM, DNS, and DHCP within the Grid automatically as VMs (Virtual Machines) are created and destroyed.

When your Cloud consists of a large number of servers and VMs (virtual machines) that have multiple associated network interfaces, manually provisioning and de-provisioning IP addresses and managing DNS and DHCP data can be error-prone and time consuming. Utilizing Cloud Network Automation minimizes human errors by streamlining IP Address and DNS record management, improves visibility of your cloud networks, and maximizes the flexibility, efficiency, and agility of your cloud environment.

Cloud Network Automation includes two components: the Grid Master that has a Cloud Network Automation license installed and one or more Cloud Platform Appliances. The Cloud Network Automation license enables visibility and reporting on cloud tenant, network, VM IP address, and DNS record allocation. Cloud Platform Appliances enable processing of API requests from your CMP locally on the same appliances that serve DNS and DHCP to your cloud. These appliances provide local survivability and additional scalability of Cloud API requests within your data centers in addition to the visibility provided by the Cloud Network Automation license on the Grid Master.

DNS Traffic Control

Infoblox DNS Traffic Control provides a load balancing solution by adjusting DNS responses based on DNS query source IP, server availability, and network topology. Through DNS Traffic Control, you can set up multiple global sites and configure supported objects and load balancing methods to direct responses to the best available servers.

Support for IPv6 Grid

The Infoblox appliance now supports IPv6 networking configuration in most deployments. You can deploy a Grid and configure a Grid Master, Grid Member, reporting member and an HA pair in one of the following modes: IPv4 only, IPv6 only, or IPv4 and IPv6 dual mode. You can also configure the default communication protocol settings using IPv4 or IPv6. In addition, services and functionality such as NTP service, DNS Firewall, and admin notifications now support both IPv4 and IPv6 addresses. In addition, Grid communication can now support IPv6 only, and you can configure an appliance with only IPv6 addresses (no IPv4 addresses are required).

Support for Microsoft Sites

This release enhances the Microsoft Management solution by adding support for managing Microsoft Active Directly Sites and Subnets on Microsoft servers through Grid Manager.

DNS Firewall Enhancements

This release adds the following enhancements for DNS Firewall:

  • Threat severity levels for RPZ zones
  • Threat details in the syslog
  • Categorization and filtering for DNS and Advanced DNS Protection syslog messages
  • Severity level in the DNS Top RPZ Hits report

Automated Mitigation of Phantom Domain Attacks

This release provides a few CLI commands for mitigating phantom domain attacks in which a flood of queries are sent to resolve non-existent domains. When phantom domain attacks happen, the recursive server continues to query non-responsive servers, spending valuable resources waiting for responses. When resources are fully consumed, the recursive server may drop legitimate queries, causing serious performance issues. To mitigate phantom domain attacks, you can use the following CLI commands to control queries to non-responsive servers: set holddown, set fetches_per_server, set fetches_per_zone, and set recursion_query_timeout. For information about these commands, refer to the Infoblox CLI Guide.

DNSSEC Enhancement

You can now add multiple cryptographic algorithms that the Grid Master uses when it generates the KSK and ZSK. When you add multiple algorithms at the Grid level, you can override them at the zone level. By default, the appliance uses RSA/SHA1 for both KSK and ZSK. You can now add DSA, RSA/MD5, RSA/SHA1, RSA/SHA-256, or RSA/SHA-512 algorithms.

Configuring Fixed Addresses without Restarting DHCP Service

When you configure or modify a fixed address, a DHCP service restart is required by default in order for the new configuration to take effect. You can now override this default behavior by enabling the appliance to take immediate action without restarting DHCP service when you configure or modify a fixed address that is outside a DHCP range. You can enable this feature at the Grid or member level. For Cloud Network Automation deployment, this feature is automatically enabled on the Cloud Platform Appliance that has a valid Cloud Platform license installed.

Ignoring MAC Addresses for New Leases

In addition to the UID (unique client identifier), you can now set the DHCP server to ignore the MAC address (hardware address) of a DHCP client when it places a request to the DHCP server for a new lease. When you configure the appliance to ignore the MAC addresses of DHCP clients, you can specify up to 10 MAC addresses to be ignored.

Name Server Groups for Delegated Zones

When you configure a name server group, you can now create a set of external name servers as a delegation name server group and assign it to delegated zones. Specifying a single delegation name server group instead of configuring multiple name servers individually for delegated zones can significantly reduce configuration efforts.

Network Insight Assets for Trunk Reports

Device discovery now includes in the Asset tab all hosts (physical and virtual) connected to a trunk port.

Reporting Enhancement

This release adds the capability to email reporting search results.

Infoblox API and RESTful API Enhancement

This release adds newly supported objects for the API and RESTful API.