Infoblox NIOS 系统发布新版本 4.3r2-4。 新版本增加了许多特性如：API 中添加指定参数搜索、DNS 安全加强、IPv6 方面加强、DDNS 支持GSS-TSIG、网络视图和交叉网络、个人首页、安全备份等等。
在 API 中可以使用 Return_object 方法指定对象的一个某个特定属性值去搜索所需的对象。然后可以使用fill_partial_object 方法去返回对应对象的所有属性。
在CLI (命令行界面)中提供 DNS 查询并且对缓存攻击迹象有所反应。可以配置设备追踪2个参数：ID号不匹配的 DNS 响应和 UDP 端口未开放的 DNS 响应。也可以在 CLI 界面为这2个参数设置一个阀值,超过阀值就会产生警报(通过 Email 和SNMP )。
可以使用 Command 设置 IPV6 的多播监听发现。
提供CLI命令显示设备提供使用 GSS-TSIG 认证并与AD整合的 DDNS 更新的 DHCP 服务命令。可以使用这些命令来验证配置和发现存在潜在问题。
一个网络视图就是在单个路由域中的网路，共享网络和 DNS 视图。在同一个网格中可以在一个网络视图中独立管理一个网络。
GSS-TSIG 动态 DNS 更新
提供 DHCP 服务的设备可以使用 GSS-TSIG 发送安全动态DNS更新到 Windows 2003 AD 域控制器。同时也可以接受来自 DHCP 客户端和服务器的 GSS-TSIG 认证的动态更新。但是这2个特性目前不能同时使用。
可以使用 SCP(安全拷贝)来备份 NIOS 系统文件到运行 SSHv2 的服务器上。可以做即时备份也可以做定期备份。
提供面向管理任务应用程序的环境。提供了一个可以 运行Perl，Python,PHP，CGI脚本，带有 Infoblox API 的预安装环境。
垃圾回收站支持一下资源记录：主机,批量主机,批量主机模板，A记录，AAA 记录，别名记录，CName 记录，邮件记录，SRV，文本记录，和手动产生的名称服务器记录和 PTR 记录。
NIOS 4.3r2-4 不支持从4.1r4-0 直接升级。使用 4.1r4-0的用户需要先升级到 4.1r4-1在升级到最新版本。
Parameter Specific Search
In the API, you can now perform a quick search by specifying only specific fields in an object using the
return_object method. You can then retrieve all the fields for the corresponding object using the fill_partial_object method. For example, if you want to search all of the FQDNs in all of the DNS zones, you can perform a search with the return_object method set to “name”. The appliance returns only the FQDNs, not all the fields, in the zones. You can then retrieve all the fields using the fill_part_object method.
The NIOS appliance provides CLI commands for monitoring DNS queries and responses for signs of cache
poisoning attacks. You can configure the appliance to track two parameters: DNS responses with mismatched DNS transaction IDs and responses to UDP ports that are not open. You can also use the CLI commands to set a threshold value for both parameters. An alert is sent through email and/or SNMP traps when the threshold is exceeded. There are also new SNMP counters for both parameters. In order to help mitigate attacks, you can use the CLI commands to rate limit DNS responses from individual IP addresses and/or from network blocks.
You can now use the command set mld_version_1 to run IPv6 MLD (Multicast Listener Discovery) protocol version 1, as described in RFC 2710, Multicast Listener Discovery for IPv6. The appliance runs MLD version 2, as described in RFC 3810, Multicast Listener Discovery Version 2 for IPv6, by default. MLD version 2 is interoperable with version 1.
Infoblox provides CLI commands that report whether a NIOS appliance serving DHCP is configured to send GSS- TSIG authenticated DDNS updates to an AD integrated DNS server. You can use these commands to verify your configuration and troubleshoot potential issues. You can also test whether the appliance can communicate with the Key Distribution Center (KDC) and the AD domain controller.
Network Views and Overlapping Networks
A network view is a single routing domain with its own networks, shared networks, and DNS Views. You can manage the networks in one network view independently of the other network views on the same Infoblox grid. Because network views are mutually exclusive, the networks in each view can have overlapping address spaces with multiple duplicate IP addresses without impacting network integrity. Note that you can create up to 100 network views.
Extensible attributes are fields that you use to define specific properties for Infoblox objects, such as hosts, networks and fixed addresses. You use extensible attributes to capture object properties for enhanced IP address management. NIOS appliances include predefined extensible attributes. You can also create user- defined extensible attributes for specific usage. Depending on the type of data that you want to capture for each object, you can either use the predefined attributes or create new ones. For example, you can associate the predefined attribute “Country” with a network to keep track of its location. You can also create a new attribute “Owner” and associate it with fixed addresses to track owners of network devices.
GSS-TSIG Dynamic DNS Updates
A NIOS appliance that serves DHCP can now send secure dynamic DNS updates using GSS-TSIG to Active Directory domain controllers running Microsoft Windows 2003. This feature provides a secure alternative to client updates. You can enable this feature at the grid level and override it at the member level, allowing easy configuration. Note that a NIOS appliance serving DHCP and DNS can either send GSS-TSIG authenticated DDNS updates to an AD domain controller or receive GSS-TSIG authenticated DDNS updates from DHCP clients and servers. The appliance does not support both features at the same time.
The Home perspective is the default perspective when you log in to the appliance for the first time. For subsequent logins, the appliance displays the perspective that you last accessed. You can always go back to the Home perspective by clicking its icon. The Home perspective contains buttons and links to quickly access panels and editors for viewing and managing data.
You can use SCP (Secure Copy) to backup the NIOS system files to a server running SSHv2. You can use SCP for both scheduled and immediate backups.
The bloxTools Environment provides tools for creating custom applications that facilitate the administrative tasks in your organization. It provides a pre-installed environment for running applications using Perl, Python, PHP, CGI scripting, and Infoblox API libraries. It also includes sample applications which you can use or modify to suit your business needs. The bloxTools Environment runs as a service on a standalone appliance or on a grid master.
Enhanced Recycle Bin
The recycle bin supports the following additional resource records: host, bulk host, bulk host templates, A, AAAA, CNAME, DNAME, MX, SRV, TXT, and manually created NS and PTR records.
Selecting Multiple Objects for Permissions
When you add object permissions to an admin group or an admin role, you can search for the objects to which you want to apply permissions. After the appliance displays the search results in the Select Object dialog box, you can use SHIFT+click to select multiple contiguous objects and CTRL+click to select multiple noncontiguous objects.
Next Available IP Address
When you define a fixed address or a host record in the DHCP and IPAM perspective, you can now have the appliance obtain the next available IP address. In past releases, you had to enter an IP address in the text field. When you select the option to get the next available IP address, the appliance retrieves the first unused IP address, based on certain criteria, in the specified DHCP range or network for which you have administrative permissions.
Source Address for DNS
You can specify which network interface—VIP, MGMT, or any—the appliance will use as the source address for queries, notifications, and zone transfer requests. You can set this in the API and in the General section of the Member DNS Properties editor.
Relay Agent Filter
When you create a relay agent filter, you can now set the following values for the Circuit ID and Remote ID:
- Any: The circuit ID/remote ID can contain any value.
- Not Set: The circuit ID/remote ID must be blank.
- Matches Value: The circuit ID/remote ID must match the specified value.
Host Name Code Page
The NIOS appliance now supports UTF-8 encoding of host names for Microsoft Windows clients that support Microsoft Windows code pages. When you use the appliance as a DHCP server, you can configure the DHCP service on the appliance to convert client host names that are encoded with a Microsoft code page to UTF-8 encoded characters. The appliance then stores the UTF-8 encoded host names in the database or sends them in the DDNS updates. The appliance displays the host names in their original characters in the following panels in the Infoblox GUI:
- DHCP Lease History
- DHCP Lease Details
- IP Address Management
- Audit Log
Filter Disabled Objects
In the IP Address Management panel, you can use the Disabled Objects filter to list only disabled objects assigned to IP addresses.
Enhanced License Information
The show license CLI command has two additional options. Use show license all to view license information for all grid members, and use show license csv to view license information in CSV format.