NIOS_8.2.2_ReleaseNotes
Comments
Description
NIOS 8.2.2 Release Notes INTRODUCTION ......................................................................................................................3 SUPPORTED PLATFORMS ..........................................................................................................3 NEW FEATURES......................................................................................................................8 NIOS 8.2.2 ........................................................................................................................8 NIOS 8.2.0 ........................................................................................................................8 NIOS 8.1.0 ...................................................................................................................... 10 NIOS 8.0.0 ...................................................................................................................... 13 CHANGES TO DEFAULT BEHAVIOR ............................................................................................ 17 NIOS 8.2.x....................................................................................................................... 17 NIOS 8.0.0 ...................................................................................................................... 17 CHANGES TO Infoblox API and RESTful API (WAPI) ........................................................................ 18 WAPI Deprecation and Backward Compatibility Policy ............................................................... 18 NIOS 8.2.x....................................................................................................................... 19 NIOS 8.1.x....................................................................................................................... 21 NIOS 8.0.0 ...................................................................................................................... 22 UPGRADE GUIDELINES ........................................................................................................... 25 Upgrading to NIOS 8.2.x ..................................................................................................... 25 Upgrading to NIOS 8.1.x ..................................................................................................... 25 Upgrading to NIOS 8.0.x ..................................................................................................... 25 BEFORE YOU INSTALL ............................................................................................................ 25 ACCESSING GRID MANAGER ..................................................................................................... 27 ADDRESSED VULNERABILITIES .................................................................................................. 27 RESOLVED ISSUES ................................................................................................................. 32 Fixed in NIOS 8.2.2 ........................................................................................................... 32 Fixed in NIOS 8.2.1 ........................................................................................................... 35 Fixed in NIOS 8.2.0 ........................................................................................................... 35 Fixed in NIOS 8.1.4 ........................................................................................................... 40 Fixed in NIOS 8.1.3 ........................................................................................................... 40 Fixed in NIOS 8.1.2 ........................................................................................................... 40 Fixed in NIOS 8.1.1 ........................................................................................................... 41 © 2017 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 1 of 63 400-0704-202 Rev. A 11/14/2017 NIOS 8.2.2 Release Notes Fixed in NIOS 8.1.0 ........................................................................................................... 42 Fixed in NIOS 8.0.5 ........................................................................................................... 47 Fixed in NIOS 8.0.4 ........................................................................................................... 48 Fixed in NIOS 8.0.3 ........................................................................................................... 49 Fixed in NIOS 8.0.2 ........................................................................................................... 49 Fixed in NIOS 8.0.1 ........................................................................................................... 50 Fixed in NIOS 8.0.0 ........................................................................................................... 51 KNOWN GENERAL ISSUES ........................................................................................................ 61 © 2017 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 2 of 63 400-0704-202 Rev. A 11/14/2017 NIOS 8.2.2 Release Notes INTRODUCTION Infoblox NIOS 8.2.x software, coupled with Infoblox appliance platforms, enables customers to deploy large, robust, manageable and cost-effective Infoblox Grids. This next-generation solution enables distributed delivery of core network services—including DNS, DHCP, IPAM, TFTP, and FTP—with the nonstop availability and real-time service management required for today’s 24x7 advanced IP networks and applications. Please note the following: • NIOS 8.2.x is not supported on the following appliances: IB-250, IB-250-A, IB-500, IB-550, IB-550-A, IB- 1000, IB-1050, IB-1050-A, IB-1550, IB-1550-A, IB-1552, IB-1552-A, IB-1852-A, IB-2000, IB-2000-A, IB-VM- 250, IB-VM-550, IB-VM-1050, IB-VM-1550, IB-VM-1850, IB-VM-2000, and Trinzic Reporting TR-2000 and TR-2000-A series appliances. You cannot upgrade to NIOS 8.2.x on these appliances. See Upgrade Guidelines in this document for additional upgrade information. • DNS Traffic Control: There are some significant changes in the functionality and user interface for Infoblox DNS Traffic Control (DTC). Infoblox recommends that you take some time to explore and navigate through the user interface to get familiar with the new features and changes. For detailed information, see New Features and Changes to Default Behavior in this document. SUPPORTED PLATFORMS Infoblox NIOS 8.2.x is supported on the following platforms: NIOS Appliances - Infoblox Advanced Appliances: PT-1400, PT-1405, PT-2200, PT-2205, PT-2205-10GE, PT-4000, and PT-4000-10GE - Network Insight Appliances: ND-800, ND-805, ND-1400, ND-1405, ND-2200, ND-2205, and ND-4000 - Trinzic Appliances: TE-100, TE-810, TE-815, TE-820, TE-825, TE-1410, TE-1415, TE-1420, TE-1425, TE-2210, TE-2215, TE-2220, TE-2225, IB-4010, IB-4020, and IB-FLEX virtual platform NOTES: Infoblox does not recommend using the TE-820 appliance as a Grid Master in a Grid that contains more than five (5) Grid members. In addition, running protocol services is not supported on a TE-820 Grid Master. - Cloud Network Automation: CP-V800, CP-V1400, and CP-V2200 - Trinzic Reporting: TR-800, TR-805, TR-1400, TR-1405, TR-2200, TR-2205, and TR-4000 - DNS Cache Acceleration Appliances: IB-4030 and IB-4030-10GE - Infoblox vNIOS Appliances for AWS and Microsoft Azure: TE-V820, TE-V825, TE-V1420, TE-V1425, TE-V2220, TE-V2225, CP-V800, CP-V1400, and CP-V2200. NOTE: TE appliances are also known as the IB appliances. Virtual vNIOS Appliances Infoblox supports the following vNIOS virtual appliances. Note that Infoblox does not support running vNIOS in any nested VMs or VM-inside-VM configuration. • vNIOS for VMware on ESX/ESXi Servers The Infoblox vNIOS on VMware software can run on ESX or ESXi servers that have DAS (Direct Attached Storage), or iSCSI (Internet Small Computer System Interface) or FC (Fibre Channel) SAN (Storage Area Network) attached. You can install the vNIOS software package on a host with VMware ESX or ESXi 6.5.x, 6.0.x, 5.5.x, 5.1.x, or 5.0.x installed, and then configure it as a virtual appliance. © 2017 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 3 of 63 400-0704-202 Rev. A 11/14/2017 refer to the Infoblox Installation Guide for vNIOS for Xen Hypervisor. © 2017 Infoblox Inc. refer to the Infoblox Installation Guide for vNIOS for AWS. Instead of manually provisioning IP addresses and DNS name spaces for network devices and interfaces. and 2016 Hyper-V The Infoblox vNIOS virtual appliance is now available for Windows Server 2008 R2 and Windows Server 2012 and 2012 R2 that have DAS (Direct Attached Storage). Grid members. or reporting servers depending on the supported models. All Rights Reserved. manageable and cost effective Infoblox Grids in your AWS cloud. You can configure some of the supported vNIOS for KVM appliances as independent or HA (high availability) Grid Masters. Some vNIOS appliances are not supported as Grid Masters or Grid Master Candidates. The Infoblox vNIOS for KVM functions as a hardware virtual machine guest on the Linux system. You can deploy large. For information about vNIOS virtual appliances for reporting. Note that vNIOS for Hyper-V is not recommended as a Grid Master or Grid Master Candidate. or as a Grid Master synchronizing with other AWS-hosted vNIOS Grid members in your Amazon VPC.NIOS 8. refer to the Infoblox Installation Guide for vNIOS for KVM Hypervisor and KVM-based OpenStack. robust. Note: All virtual appliances for reporting purposes are supported only for Windows Server 2012 R2. or extend your existing private Infoblox NIOS Grid to your virtual private cloud resources in AWS. You can migrate vNIOS virtual appliances from one ESX or ESXi server to another without any service outages.5 running Xen hypervisor and for Linux machines running Xenproject. You can also deploy the IB-VM-800 and IB-VM-1400 virtual appliances as reporting servers.2 Release Notes vSphere vMotion is also supported. Page 4 of 63 400-0704-202 Rev. • vNIOS for AWS (Amazon Web Services) The Infoblox vNIOS for AWS is a virtual Infoblox appliance designed for operation as an AMI (Amazon Machine Instance) in Amazon VPCs (Virtual Private Clouds). The migration preserves the hardware IDs and licenses of the vNIOS virtual appliances. A Microsoft Powerscript is available for ease of installation and configuration of the virtual appliance. With this release. and Grid members. A 11/14/2017 . It provides core network services and a framework for integrating all components of the modular Infoblox solution. For example. refer to the Infoblox Installation Guide for vNIOS on Microsoft Hyper-V. Grid Master Candidates. • vNIOS for Microsoft Server 2012. You can deploy certain vNIOS virtual appliances with different hard disk capacity.org 4. and across VPCs or Availability Zones in different Amazon Regions. or 160 GB hard disk. For more information about vNIOS for AWS. 55 GB. an Infoblox vNIOS for AWS instance can act as a standalone Grid appliance to provide DNS services in your Amazon VPC. All registered trademarks are property of their respective owners. For more information about vNIOS for Hyper-V. VMware Tools is automatically installed for each vNIOS virtual appliance. Infoblox supports the control functions in VMware Tools. You can deploy vNIOS for Xen virtual appliances as the Grid Master. Note that the IB-VM-800 and IB-VM-1400 virtual appliances are designed for reporting purposes.2. You can use vNIOS for AWS virtual appliances to provide enterprise-grade DNS and IPAM services across your AWS VPCs. For information about vNIOS for KVM hypervisor. you can shut down the virtual appliance. Note that the IB-VM-800 virtual appliances are designed for reporting purposes only. For more information about vNIOS on VMware. Administrators can install vNIOS virtual appliance on Microsoft Windows® servers using either Hyper-V Manager or SCVMM. For more information about vNIOS for Xen.3 hypervisor. refer to the Infoblox Installation Guide for vNIOS Reporting Virtual Appliances. through the vSphere client. you can deploy certain vNIOS appliances with a 50 GB. 2012 R2. as a virtual cloud Grid member tied to an on-premises (non-Cloud) NIOS Grid. refer to the Infoblox Installation Guide for vNIOS Software on VMware. • vNIOS for KVM Hypervisor The Infoblox vNIOS for KVM is a virtual appliance designed for KVM (Kernel-based Virtual Machine) hypervisor and KVM-based OpenStack deployments. • vNIOS for Xen Hypervisor The Infoblox vNIOS for Xen is a virtual appliance designed for Citrix XenServer 6. 1 GB Reporting) Default: daily limit) 8 IB-VM-800 300 2 Range: 3000 MHZ ✓3 ✓ ✓ No (Reporting (Primary & 4–8 only.NIOS 8. Page 5 of 63 400-0704-202 Rev. All registered trademarks are property of their respective owners.2. and disk allocation for each supported Infoblox virtual appliance model: NIOS Virtual Primary # of Memory Recommended NIOS for NIOS NIOS NIOS NIOS Supported Appliances Disk (GB) CPU Alloca. For information about the required specification for each NIOS virtual appliance model. CPU. CPU. and easy-to-manage DNS (Domain Name System) and IPAM (IP address management) services. DO NOT oversubscribe physical resources on the virtualization host. NOTE: Infoblox NIOS virtual appliances support any hardware that provides the required Hypervisor version. see the following table. A 11/14/2017 . You can then use the vNIOS for Azure instance as the primary DNS server to provide enterprise-grade DNS and IPAM services in the Microsoft Cloud. secure. and disk resources. All Rights Reserved. and disk resources must be adequately allocated for each virtual appliance that is running on the virtualization host. 2 GB Reporting) Default: daily limit) 8 4 IB-V805 ** 250 (+ user 2 32 2800 MHz ✓ ✓ ✓ No (Reporting defined only) reporting storage) IB-VM-810 55 2 2 2000 MHz ✓ ✓ ✓ ✓ No IB-VM-810 160 2 2 2000 MHz ✓ ✓ ✓ No © 2017 Infoblox Inc. To maintain high performance on your NIOS virtual appliances and to avoid not having enough resources to service all the NIOS virtual appliances. memory. You can also utilize Infoblox Cloud Network Automation with your vNIOS for Azure instances to streamline with IPAM. The vNIOS for Azure enables you to deploy robust. Required memory. CPU. CPU Core Clock VMware for MS for for for as Grid Cores tion Rate Hyper Xen KVM AWS & Master and (GB) -V * Azure Grid Master IB-VM-100 55 1 1 1300 MHz ✓ ✓ ✓ ✓ No 3 1 IB-VM-800 300 2 Range: 3000 MHZ ✓ ✓ ✓ ✓ No (Reporting (Primary & 2–8 only. and cost effective Infoblox appliances in the Microsoft Cloud. Infoblox NIOS provides core network services and a framework for integrating all the components of the modular Infoblox solution. improve visibility of your cloud networks. You can deploy one or more Infoblox vNIOS for Azure instances through the Microsoft Azure Marketplace and provision them to join the on-premises NIOS Grid. manageable. It provides integrated.2 Release Notes • vNIOS for Azure Infoblox vNIOS for Azure is an Infoblox virtual appliance designed for deployments through Microsoft Azure. and increase the flexibility of your cloud environment. For more information about vNIOS for AWS. a collection of integrated cloud services in the Microsoft Cloud. refer to the Infoblox Installation Guide for vNIOS for Microsoft Azure. The following table lists the required memory. 2 Release Notes 4 IB-V815 ** 250 2 16 1100 MHz ✓ ✓ ✓ Yes 2 IB-VM-820 55 2 4 3000 MHz ✓ ✓ ✓ ✓ Yes 2 IB-VM-820 160 2 4 3000 MHz ✓ ✓ ✓ ✓ Yes 4 2 IB-V825 ** 250 2 16 1600 MHz ✓ ✓ ✓ ✓ Yes 3 IB-VM-1400 555 4 Default: 8000 MHz ✓ ✓ No (Reporting (Primary & 8 only. Page 6 of 63 400-0704-202 Rev. All registered trademarks are property of their respective owners.2. 5 GB Reporting) daily limit) 4 IB-V1405 ** 250 (+ user 4 32 3600 MHz ✓ ✓ ✓ No (Reporting defined only) reporting storage) IB-VM-1410 55 4 8 GB 6000 MHz ✓ ✓ ✓ No 2 IB-VM-1410 160 4 8 6000 MHz ✓ ✓ ✓ Yes 4 IB-V1415 ** 250 4 32 1200 MHz ✓ ✓ ✓ Yes 2 IB-VM-1420 160 4 8 8000 MHz ✓ ✓ ✓ ✓ ✓ Yes 4 IB-V1425 ** 250 4 32 1800 MHz ✓ ✓ ✓ ✓ Yes 4 IB-V2205 ** 250 (+ user 8 64 2100 MHz ✓ ✓ ✓ No (Reporting defined only) reporting storage) 2 IB-VM-2210 160 4 12 12000 MHz ✓ ✓ Yes 4 IB-V2215 ** 250 8 64 2100 MHz ✓ ✓ ✓ Yes 2 IB-VM-2220 160 4 12 12000 MHz ✓ ✓ ✓ ✓ Yes 4 IB-V2225 ** 250 8 64 2100 MHz ✓ ✓ ✓ ✓ Yes IB-V4000 250 8 24 2400 MHz ✓ No (Reporting (+ 1500 GB only) reporting storage) IB-V5005 ** User User User N/A ✓ ✓ ✓ No defined defined defined reporting storage © 2017 Infoblox Inc.NIOS 8. A 11/14/2017 . All Rights Reserved. All Rights Reserved.2. Note that only IB-V1405 as a Reporting server has been qualified for OpenStack. © 2017 Infoblox Inc. IB-VM-820 with 55 GB disk is not supported as the Grid Master or Grid Master Candidate for the vNIOS for KVM. Page 7 of 63 400-0704-202 Rev. RHEL. All registered trademarks are property of their respective owners.NIOS 8. 1 For KVM hypervisor only. 4NIOS for KVM is supported in the following environments: OpenStack.2 Release Notes Network Overall # of CPU Memory Recommended NIOS for NIOS NIOS NIOS NIOS Supported Insight Virtual Disk (GB) Cores Alloca. 2 NIOS virtual appliance for Hyper-V is not recommended as a Grid Master or Grid Master Candidate. follow the recommended specifications and allocate your resources within the limits of the licenses being installed on the appliances. your system might experience high memory usage. ** To achieve best performance on your virtual appliances. SuSE Enterprise and Cloud. Not supported for KVM-based OpenStack. not as the Grid Master. A 11/14/2017 . 3 Does not support Elastic Scaling. Infoblox recommends that you disable dynamic memory allocation. CPU Core Clock VMware for MS for for for as Grid Appliances tion Rate Hyper Xen KVM AWS & Master and (GB) -V * Azure Grid Master Candidate 3 ND-V800 160 2 8 3000 MHz ✓ ✓ ✓ No 4 ND-V805 ** 250 2 32 2800 MHz ✓ ✓ ✓ No ND-V1400 160 4 16 8000 MHz ✓3 ✓ ✓ No 4 ND-V1405 ** 250 4 32 3600 MHz ✓ ✓ ✓ No 3 ND-V2200 160 8 24 24000 MHz ✓ ✓ No 4 ND-V2205 ** 250 8 32 2100 MHz ✓ ✓ ✓ No Cloud Overall # of Memory Recommended NIOS for NIOS for NIOS NIOS NIOS Supported Platform Disk (GB) CPU Alloca. The Identity Mapping feature is supported on the IB-VM-810 and IB-VM-820 appliances only if they are configured as Grid members. To avoid this issue. and CentOS. CPU Core Clock VMware MS for for for as Grid Virtual Cores tion Rate Hyper-V * Xen KVM AWS & Master and Appliances (GB) Azure Grid Master Candidate CP-V800 160 2 2 2000 MHz ✓ ✓ ✓ ✓ ✓ No CP-V1400 160 4 8 6000 MHz ✓ ✓ ✓ ✓ ✓ No CP-V2200 160 4 12 12000 MHz ✓ ✓ ✓ ✓ ✓ No NOTES: * When running NIOS in MS Hyper-V with dynamic memory allocation enabled. Does not support Elastic Scaling. which allows you to view and manage discovered IP addresses through the Cisco ACI cluster. Please note that this release does not include the support for NIC bonding through cloud-init on IB-FLEX. DNSMessenger Module Support for Threat Insight Threat Insight can now detect DNS tunneling activities instigated by the DNSMessenger malware. and End Points). Threat Insight can discover the SDN Controller and Elements (Spine.2.NIOS 8. NIOS 8. You can now spin up instances using mixed-mode interface type in OpenStack. • Cisco ISE Integration for NetMRI (RFE-6984) After you successfully register a NetMRI appliance with NIOS. NIOS also supports sending outbound notifications to DXL (Data Exchange Layer) endpoints. you can also configure the on- premises Grid to pull detected malicious domains from Threat insight in the Cloud so you can block applicable traffic using the on-premises DNS firewall configuration. You can also view devices that are discovered by a discovery member. DNSMessenger is a Remote Access Trojan (RAT) that attackers use to conduct malicious Powershell commands on compromised devices.2. RPZs for Blacklisted Domains (RFE-7158) You can now add any Response Policy Zones (RPZs) from different DNS and network views to the RPZ list that you use to block malicious domains detected by Threat Insight in the Cloud (on-premises or in the Cloud).) If your Grid is running NIOS 8. Licensing for IB-FLEX This release adds the following licenses to the IB-FLEX virtual platform: DCA and Unbound. Page 8 of 63 400-0704-202 Rev.x releases.3 or later.2.2. Contact your Infoblox representative for more information about IB-FLEX licenses.2 Release Notes NEW FEATURES This section lists new features in the 8.x. All registered trademarks are property of their respective owners. you can use the Cisco ISE integration © 2017 Infoblox Inc. McAfee Data Exchange Layer (DXL) Support for Outbound Notifications In addition to REST (REpresentational State Transfer) enabled endpoints.2 Support for Mixed-Mode Interface Type for IB-FLEX (RFE-8007) This release adds support for mixed-mode interface type (SR-IOV and Virtio) on IB-FLEX in the OpenStack environment. Once the Cisco ACI is integrated. (Note: You need the Infoblox Data Connector to transport the data from your on-premises Grid to the Cloud.0 Software-based DNS Cache Acceleration (vDCA) with Capacity Licensing (FLEX) You can configure the IB-FLEX virtual platform as a high-performance high-speed and very low latency caching- only name server by enabling virtual DNS cache acceleration on it. NIOS 8. Threat Insight This feature performs analytics to detect malicious activities based on DDI data from your on-premises Grid when the Grid is running NIOS 7. DNSMessenger uses DNS record queries and responses to create a bidirectional C&C channel that allows the submission of Powershell commands to infected devices and the return of responses back to the attackers. Network Insight Enhancements This release adds the following enhancements to Network Insight: • Cisco ACI Configuration: Integrating Cisco Application Policy Infrastructure Controller (APIC) on NIOS provides visibility into your Cisco APIC infrastructure. Leaf. All Rights Reserved. A 11/14/2017 . and SMB version 3.2. • Support of Keystone v3 for OpenStack (RFE-7622): NIOS now supports the Keystone server identity service version v2 and v3 when you configure OpenStack as the endpoint server for a vDiscovery job. You can also adjust the throttle for the lookup to control the number of requests sent to the DNS server. as well as the values collected for the device vendor. © 2017 Infoblox Inc.x (SMBv2. You can now configure NIOS to add DNS records to a specific DNS view so NIOS can handle the auto-creation of DNS records associated with multiple views that manage the same DNS zones.NIOS 8. device. user. data function and whether it is supported for the device. • Device Support Data for Discovered Devices (RFE-5452) Network Insight now provides advanced visibility into device support data. You can monitor domain users. and the time duration of the current status in the IPAM tab of Grid Manager. you can now find VLANs and group objects such as networks. A 11/14/2017 .2.x). • Capturing Tags from AWS and Azure: The metadata in the form of tags in AWS and Azure for NIOS can now be captured through a vDiscovery process and saved as extensible attributes. • Synchronizing Microsoft DNS Reporting Data (RFE-5140): You can now configure NIOS to synchronize DNS reporting data with Microsoft servers so you can view both Microsoft and NIOS data in the same NIOS DNS. the login status. • Discovery Diagnostic Tool Improvements (REF-6303) This release adds the following improvements to the Discovery Diagnostics dialog: ➢ View all existing discovery diagnostic tasks that have been executed in the last 12 hours. This feature enables you to enhance identity management across devices and applications that are connected to your network routers and switches. • Discovered Wi-Fi Data: Network Insight now saves the discovered data for Wi-Fi access points and displays it in the IPAM tab -> Discovered Data tab of Grid Manager as well as the End Host History dashboard.2 Support This release adds support for Cisco ISE version 2. SMB version 2. You can also configure the synchronization interval using a newly added CLI command. Cloud Network Automation Enhancement This release adds the following enhancement for Cloud Network Automation: • High Performance Virtual Appliances Support for AWS and Azure: This NIOS release supports the following virtual appliances in AWS and Azure: IB-V825. Cisco ISE 2. For detailed appliance specifications. ➢ Enable or disable SNMP debugging for the device. Page 9 of 63 400-0704-202 Rev. • DNS Resolution for End Hosts (RFE-6541) You can now specify whether you want to perform DNS lookups for discovered network devices and end hosts. All Rights Reserved. the IP addresses they log on to. Microsoft Management Enhancements • Microsoft 2016 Support: This release adds support for Microsoft Windows Server 2016. device model. You can integrate Cisco ISE with NIOS to exchange valuable network. and IB-V2225. and security-event information. vDiscovery Enhancements This release adds the following enhancements for vDiscovery: • Support for Multiple DNS Views (RFE-6828): When you configure vDiscovery jobs. • VLAN Smart Folder Improvements When using smart folders. DHCP and IPAM reports. interfaces. • SMB Versions 2 and 3 Upgrade (RFE-7216): Infoblox now supports the following versions of SMB (Server Message Block) protocol for Microsoft Windows servers: SMB version 1 (SMBv1). and unmanaged IP addresses by discovered VLANs. IB-V1425. such as the timestamp of the most recent data collection. All registered trademarks are property of their respective owners. see the table on page 4. you can enable NIOS to automatically create DNS records for discovered IP addresses of VM instances that are served by the appliance.x).x (SMBv3.2 Release Notes feature without having to install the Discovery license. and device version. NOTE: Infoblox recommends that you enable this feature right after you upgrade to NIOS 8. see Upgrade Guidelines on page 25. you can configure the record creation timestamp to be writable while keeping the record data intact during DDNS updates. All registered trademarks are property of their respective owners. When you enable this feature. DNS records are retained in the recursive cache even after they expire. A threat protection profile defines specific security settings and a ruleset that you can apply to a specific member or a group of members that share a similar kind of traffic.2. you can now install software-based subscription licenses on supported appliances (physical and virtual) when deploying the Advanced DNS Protection solution. a scalable service-provider grade platform with flexible resource allocation for the virtual machine. A 11/14/2017 . which will clear the current cache. • Threat Protection Profiles: When you configure Grid or Member security properties. The DTC heath check will consider the health monitors configured under DTC servers and their corresponding DTC pools before declaring the running state for the pools. you first install the Flex Grid Activation license on the Grid Master and then enable the following features as a bundle on the IB-FLEX member: Grid (enterprise). Fault Tolerant DNS Caching (RFE-7343) When an authoritative DNS server experiences an outage. All Rights Reserved. Whenever recursive query times out or returns a SERVFAIL response.0 Licensing for Appliance IB-FLEX Infoblox introduces a new virtual platform called IB-FLEX. You can also clone an existing profile and modify the settings to create a new one. Page 10 of 63 400-0704-202 Rev. DNS.” DNS Scavenging Modifiable Timestamp for DDNS Records (RFE-7114) On occasions where you want to avoid the removal of valid DDNS records that contain outdated timestamps through DNS scavenging. © 2017 Infoblox Inc. DNS Traffic Control.1. NIOS 8.” which includes the Round Trip Delay (RTD) and SNMP methods. FireEye. To configure IB-FLEX. Infoblox Advanced DNS Protection Enhancements This release adds the following enhancements to the Advanced DNS Protection feature: • Software ADP: In addition to the hardware-based Advanced Appliances (PT and IB-4030 appliances). Enabling the DNS fault tolerant caching option allows you to access the websites served by the DNS server despite the DNS outage. The existing “Ratio” method is changed to “Ratio:Fixed. NXDOMAIN Redirect.NIOS 8. Contact your Infoblox representative for more information about IB-FLEX and the Flex Grid Activation license. • Dynamic Load Balancing Methods (RFE-6407): This release adds a new load balancing method called “Ratio:Dynamic. DNS Firewall. Software ADP. Threat Protection Update.2 Release Notes DTC Enhancements This release adds the following enhancements to the DNS Traffic Control feature: • DTC Health Check (RFE-7044): If you have a multi-tier network architecture and want to monitor the availability of separate components for the DTC server.2. Enabling this during production requires a DNS service restart. you now have an option to select an active ruleset or a threat protection profile. the appliance returns the cached response to the client instead of the SERVFAIL response. and Cybersecurity Ecosystem. You can now select a check box to update the creation timestamp for dynamic records during DDNS updates even when there are no changes to the resource record data. • Grid VPN on LAN1 (RFE-6543): You can now configure Grid VPN on LAN1 interface for any members (with Threat Protection enabled) in a Grid that supports Advanced DNS Protection. The dynamic methods allow you to load balance the DTC servers based on their latency. For more information. you can now add a health monitor for each individual IP address or domain configured for the DTC server. all websites served by the DNS server become inaccessible. the appliance sends the first RPZ event and deduplicates subsequent events that match your filtering criteria within the configured lookback interval. Grid Manager now displays VLAN name and ID as “VLAN Name” and “VLAN ID” (instead of “Discovered VLAN Name” and “Discovered VLAN ID”) in the IPAM and Devices tabs. This feature provides consistency in how NIOS handles discovered data through vDiscovery. or networks. • Event Deduplication for RPZ Hits: While configuring notification rules. and timestamps when they were last discovered or became inactive. Data related to hosts that are no longer discovered by NetMRI will be removed. A few new variables and constructs are also added to the event templates. • Improvements for the VRF Mapping Window (RFE-7035): When you have a lot of VRFs displayed in the VRF Mapping window. Depending on your configuration. you can filter the data by VRF Name. For detailed information about the new additions. If you have a large amount of data to download.NIOS 8. Oftentimes. © 2017 Infoblox Inc. You can now join such members using cloud API calls through the MGMT port. refer to the WAPI Documentation. You can also sort the data by ascending or descending order. Device Name. and other related fields. RPZ hits come from the same client IPs. Device/IP Address. • Custom rules via WAPI (RFE-5924): You can now push custom rules to the Grid using WAPI calls. managed status. query FQDNs. • New Threat Protection Rules for Recursive Resolution: The updated ruleset now includes rules that are specifically designed for recursive caching servers. Network Insight Enhancements This release adds the following enhancements to the Network Insight feature: • New Reports: This release adds the IP Address Inventory and Network Inventory reports. such as sysLocation and sysContact. • IPAM Sync Improvements (RFE-3071): When you use the “IPAM Sync” feature to synchronize data discovered by NetMRI. allowing for simple serialization of complex structures. All Rights Reserved. you can decide whether you want to reduce the amount of redundant RPZ hit events or not. • The Last Discovered Field for Subnets (RFE-6357): Grid Manager now displays the Last Discovered data for networks (or subnets) that are discovered by NetMRI or during an IPAM sync. To avoid receiving excessive RPZ events at the endpoint. This release also adds a few new fields to be displayed in Grid Manager. or Network View. API Outbound Notifications Enhancements This release adds the following significant enhancements to the API Outbound Notification feature: • New configuration and template capabilities: Additional configuration is now possible in areas such as rate limiting and login and logout templates. making it easy to include synchronization information via extensible attributes. You can send requests to the local WAPI while processing endpoint events. For detailed information. this release adds new objects and structs for threat protection functions. A 11/14/2017 . and includes information such as VLANs on subnets. you can configure the appliance to remove or deduplicate subsequent RPZ events (after sending the first event) within a certain time period based on Source IP. XMLA quoting has also been added with additional capabilities compared to XML quoting. refer to the Infoblox NIOS Administrator Guide. this feature significantly reduces the download time. • Discovery Diagnostics Downloads in Text Format (RFE-5551): This functionality allows you to download discovery diagnostics in text format from Network Insight members in the click of a button. You can add WAPI integration username and password as well as server certificate validation when you configure endpoints. Page 11 of 63 400-0704-202 Rev. All registered trademarks are property of their respective owners. is added to NIOS during an IPAM sync.2. Each report provides an inventory of discovered IP addresses and subnets. In addition.2 Release Notes • MGMT Port for Cloud API Calls: Infoblox supports elastic scaling for software ADP members. • Inclusion of sysLocation and sysContact during IPAM Sync (RFE-7430): Additional information discovered by NetMRI. • WAPI Integration: This release supports WAPI integration for API outbound notifications. • More advanced XML parsing: You can now select XMLA as the parsing option for endpoint responses to support XML documents with tag attributes. only the data related to discovered hosts appears in NIOS. Query Name. • UI Consistency for Network Insight: To maintain consistency in field names across products. RPZ Policy. 2 Release Notes DNS Traffic Control Enhancements This release adds the following enhancements to the DNS Traffic Control (DTC) feature: • CNAME Support for LBDN Records (RFE-7110): You can now use DTC to respond directly to CNAME queries. You can create rules that specify how a DNS member responds to queries for A and AAAA records for certain domain names and non-existent domain names. TLS 1. You can also have the appliance retain all leases until they expire. 7106. This feature allows you to monitor different HTTPS sites on a single server. Thales HSM Client Upgrade (RFE-7460) NIOS supports version 3. Specifying Source Port Settings (RFE-5026) You can now configure BIND query-source at the DNS view level. When using this option. which defines the IP address and port used as the source for outgoing queries. All registered trademarks are property of their respective owners. Support for EDNS Client Subnet (RFE-3315) This release adds support for the EDNS Client Subnet (ECS) option for recursive DNS.21. Support for SafeNet Network HSM Upgrades This NIOS release supports SafeNet Network HSM upgrades (formerly Luna SA). (RFE-7148) • New objects for network resize. (RFE-7142) • Other additional WAPI objects and changes. • Server Name Indication (SNI) Support (RFE-7531): DTC now supports SNI for HTTPS health checks. you can modify the “rules” field of the parent object dtc:topology.2. All Rights Reserved. Support for IPv6 NXDOMAIN Redirection (RFE-7451) NIOS now supports IPv6 NXDOMAIN redirection. or re- attached to a VM. A 11/14/2017 . Cloud Network Automation Enhancements (RFE-7192) When configured.3 of Thales. the recursive DNS resolver provides the client subnet to the authoritative DNS server so it can build an optimized reply. DHCP Lease Management Enhancements (RFE-7104) This release adds more options to how you can manage DHCP leases.2 for the key exchange for Grid communication. © 2017 Infoblox Inc. • To create a dtc:topology:rule object.2 Support for OpenVPN (RFE-7068) This release uses TLS 1. In addition to one-lease-per-client per member support.NIOS 8. 7107. and 7138) • Export and import data for backup and restore. you can now configure the appliance to release leases that have a client ID when the client moves from one network to another. (RFE-4818. refer to the WAPI Documentation and the WAPI Deprecation and Backward Compatibility Policy section in this document. For details. Page 12 of 63 400-0704-202 Rev. detached from. Support for Unrestricted Reporting Virtual Appliances (RFE-4159 and 3601) This release supports subscription-based reporting on virtual appliances that do not have capacity restrictions for reporting. NIOS vDiscovery now automatically synchronizes VM information associated with existing DNS records or fixed addresses when the corresponding discovered IP address is attached to. WAPI Enhancements This release includes the following PAPI and WAPI enhancements. NIOS 8. IB-V1415. IB-V825. RPZ. ND-V805. see the table on page 4 of this document. All registered trademarks are property of their respective owners. You can specify regular expressions for extracting and checking part of the response content. © 2017 Infoblox Inc. provided that they do not use the "All Available" load balancing method and do not have in-zone wildcards. Grid-wide licenses are valid across the entire Grid. • A “Priority” setting has been added for LBDNs. For example. create. TE-1415. Pools and Servers. TE-825. In the case of overlapping LBDNs (configured with similar Patterns and associated Zones). For example. Once installed. A 11/14/2017 . You can also deploy the following high performance virtual appliances: IB-V805. and IB_FLEX. CPU. ND-V1405. In addition. the HTTP Health Monitor editor has added a Test dialog so you can test the HTTP health monitor configuration. This is particularly useful for load balancing Intranet applications. You can edit.0. the Priority field is used to determine which LBDN is selected when processing a DNS response. IB-V815.com. IB-V2225. and disk allocation. Page 13 of 63 400-0704-202 Rev. For required memory. Reporting Subscription. and TE-2225 (also knowns as IB appliances) • Advanced Appliances: PT-1405. since GeoIP does not work for internal networks.infoblox. IB-V1425. • Geography topology rules may now use "City" in geographic conditions. All Rights Reserved. • DTC servers now allow multiple records and record types to be configured for a single server. IB-V2205.2. Infoblox High Performance Physical and Virtual Appliances This NIOS release supports the following high performance NIOS physical appliances: • Trinzic Appliances: TE-815. FireEye. • The HTTP/HTTPS health monitor can now check the content of the returned page to determine the health of a server. You can customize the database by editing the CSV file prior to an import. and ND-2205 • Reporting Appliances: TR-805. • A new graphical user interface for configuration. which shows the relationship between Load Balanced Domain Names. IB-V2215. PT-2205. You can perform load balancing based on whether a client IP address belongs to a network with extensible attribute values that match the topology rules. TE-2215. provided that other conditions and factors are met for the respective features. and PT-2205-10GE • Network Insight Appliances: ND-805. TR-1405. and TR-2205 For more information about each physical appliance. you can search the page to make sure that “Under Maintenance” is not on the returned page. IB-V1405. available on the Technical Support web site at https://support. a member must have the correct appliance model to run the Reporting feature even if a Reporting Subscription Grid-wide license is already installed for the Grid. You may assign DTC LBDNs to signed zones. • The SNMP health monitor now supports SNMPv3. and ND-V2205. Support for Grid-wide Licenses This NIOS release introduces the following Grid-wide licenses: Security Ecosystem. • You can now apply most changes to DTC configuration without interrupting the DNS service. ND-1405. or delete DTC objects directly from this graphical interface.2 Release Notes NIOS 8. • DTC now supports CSV import for GeoIP databases. refer to the installation guides.0 DNS Traffic Control Enhancements This release adds the following significant enhancements to the DNS Traffic Control (DTC) feature: • A topology ruleset now supports extensible attribute rules that can be used for topology load balancing. • DTC now supports DNSSEC. TE-1425. o You can select either the Instance Profile or IAM credential to authenticate AWS API calls for o For vDiscovery. Page 14 of 63 400-0704-202 Rev. the Infoblox NIOS Administrator Guide now includes suggested network communication and ports for the different clustering types. searchable copies. You can also view the number of peers (reporting members). and DHCP data through the Infoblox API or RESTful API. except for zone apex CNAME records. Infoblox Reporting Enhancements This release adds the following enhancements to the Reporting feature: • Reporting License Usage report: This new internal report provides reporting license usage over a given time frame and license usage warning count if there is any license usage violation. deployment and service monitoring. When you select this option. This feature enables timely and accurate integration with your external systems. networks. You use this option to restrict certain networks and networking information by not sharing it with the Multi-Grid Master.2 Release Notes Enhancements to Infoblox Cloud Offerings This release adds the following enhancements to the Infoblox Cloud offerings: • vNIOS for Azure in the Marketplace: You can now easily download and deploy vNIOS for Azure virtual appliances directly from the Azure Marketplace. You can get information about the status of each peer node.NIOS 8. The default dashboard displays bar chart that shows license usage in megabytes over a given time frame. The appliance uses RESTful API templates that you create to convert NIOS events into REST API messages in which you define specific actions for those events. Enhancements for Multi-Grid Configuration This release adds the following enhancements for a Mutli-Grid configuration: • You can now restrict synchronization of snapshots. selected network views. • Reporting Clustering Dashboard: This dashboard provides detailed information about the status of the entire indexer cluster. and indexes. o Consolidation of Route 53 zones and records into a single DNS view: You can now serve all those zones in a consolidated way from NIOS by querying a single Grid member.2. you can prevent the Multi-Grid Master from having © 2017 Infoblox Inc. the appliance bypasses remote SSL certificate validation. • vNIOS for AWS: o Amazon Route 53 Aliases are now mapped to CNAME records in NIOS. volume and storage consumption monitoring. and then periodically synchronize IPAM. and extensible attributes by using the Disable Sync to MGM option on the Grid Masters of managed Grids. Support for Outbound Notifications using RESTful API Through Grid Manager. • Best practices for capacity planning. In addition. and customizing searches are now thoroughly described in the Infoblox NIOS Administrator Guide. you can choose to use an unsecured HTTPS connection if your discovered endpoints are OpenStack or VMware. A 11/14/2017 . You can choose between a full and partial synchronization depending on your requirements. and number of copies (buckets). The vNIOS for Azure virtual appliance is pre-configured for Microsoft Azure so you only need to take a few easy steps to complete the deployment. you can now configure the appliance to send outbound RESTful API notifications to REST endpoints so you can prioritize your security needs or perform network management tasks. DNS. All registered trademarks are property of their respective owners. • For reporting clustering. search head. All Rights Reserved. you can use the Object Change Tracking and Synchronization feature to track changes made to common NIOS objects. External Database Synchronization If you have external applications that use information in the NIOS database. network containers. you can select the entities you want to manage and then perform a bulk conversion. • Support for CSV import and export. all synchronized data is deleted and future synchronization is disabled. 6158.2. • Threat Analytics Status for Grid: This widget displays the statistical information about the DNS tunneling events.3 Upgrade) You can now select either the Interim or Standard DDNS update method. • New templates for blocking DNS packets by record type and matching text string. • Threat Analytics Status for Member: This widget displays statistics about the DNS tunneling events for a specific Grid member. 5726. Network Insight Enhancements This release adds the following enhancements to the Network Insight feature: • When converting unmanaged entities to managed objects in NIOS. 6554. • Rule description details added to the rule category. 6694. 4424. and Detections. Support for Bidirectional Forwarding Detection (BFD) The BFD protocol is designed to provide faster failure detection using millisecond timer intervals. as follows: • DNS RPZ Hits Report: You can select to review detailed RPZ hits or aggregated RPZ hits. You view different information using the following tabs: Detections Over Time. 6695. 5283. just select a specific entity and perform the conversion. Enhancements for Service Restarts (RFE-642) You can now review pending activities that will take effect before you restart services on the appliance. Infoblox Security Infrastructure Enhancements (RFEs: 4422. DDNS Update Method (DHCP 4. Security Visibility Grid Manager now provides the following security dashboard widgets to increase visibility of your Infoblox security infrastructure: • Dig Request: This widget enables you to perform a DNS lookup on the Grid Master or on a specified Grid member and displays the output of the dig command. 6733. 6284. All Rights Reserved. 6693.2 Release Notes access to the snapshots of the managed Grids. 5824. To convert multiple entities to the same IPAM object type. • You can also perform an automatic conversion for unmanaged entities in a network view by configuring conversion rules for the Grid. you can choose to convert them one at a time or as a group. To convert a single entity. For dual-stack clients that acquire both IPv4 and IPv6 leases and use the same DNS name for both types. • Support for all known RR types for both TCP and UDP packets in Threat Protection rules. Top 10 Grid Members. • DNS RPZ Hits Trend by Mitigation Action Report: Provides trends for the total number of RPZ hits for each mitigation action along with the total client hits in a given time frame. this report now includes IPAM data. you can configure IPv4 and IPv6 to use different DDNS update methods (Infoblox recommends using Interim for IPv4 and Standard for IPv6). and for rate limiting DNS query with specific record type. When you disable synchronization. It can be enabled with routing protocols to achieve fast network re-convergence.NIOS 8. • Fixed inconsistencies in DNS Firewall reports. All registered trademarks are property of their respective owners. A 11/14/2017 . 6877) This release adds a few enhancements to the Infoblox Security Infrastructure features. © 2017 Infoblox Inc. • “Last Seen” timestamp in RPZ threat details. You can also enable or disable the appliance to display the Restart Banner and to track the admin users who perform service restarts. Page 15 of 63 400-0704-202 Rev. Whenever there is an error in the NIOS configuration. Support for Database Snapshots (RFE-6562) This release adds support for database snapshots. A 11/14/2017 . This is potentially faster and minimizes the impact on network services than restoring the database using the backup file. A forwarding member NS group is a collection of one or more name servers. The default value for the data generation interval for these report is one day (86400 seconds). you can specify a forward/stub NS group instead of assigning name servers or Grid members individually. When you configure a forward or stub zone. the DHCPv6 server automatically renews the expired leases. This feature helps reduce the amount of IPv6 leases in the database as the DHCP server can issue the same lease multiple times for the same client.2 Release Notes NS Groups for Stub and Forward Zones (RFE-585) NIOS now supports NS (Name Server) groups for stub and forward zones. A DHCP client can retrieve the same lease and retain the same IP address from the DHCPv6 server. This will help you mitigate the impact of user errors in the NIOS configuration. You can use the set log_txn_id CLI command to turn this feature on and off. refer to the Infoblox CLI Guide. © 2017 Infoblox Inc. If the authentication fails. Opening Technical Support Requests through Grid Manager (RFE-5147) When you encounter product issues or require assistance. All registered trademarks are property of their respective owners. you will receive an email. Specifying the Data Generation Intervals for Reports (RFE-4993) You can now specify the time interval when NIOS generates data for the DNS Statistics per View and DNS Statistics per Zone reports. All Rights Reserved. Infoblox Technical Support automatically authenticates and authorizes the contact email address that you use. and use the set ssl_tls_ciphers command to enable or disable a specific cipher suite or all cipher suites. Enabling DHCP Transaction ID Logging by Default (RFE-6446) In this release.2. You can configure the certificate authentication service to manually or automatically validate client certificates. you can send a request to Infoblox Technical Support by opening a support case through Grid Manager. When you enable this feature. When you submit a support request. Enabling and Disabling SSL/TLS Support for Security (RFE-5301 and 4170) Through the Infoblox CLI. DHCP Lease Affinity (RFE-3043) Infoblox provides a DHCPv6 lease affinity feature that allows you to reuse expired IPv6 leases for DHCP clients. It sends a confirmation email to the contact email address if the email address is registered on the Infoblox Technical Support server.NIOS 8.509 digital certificates. The Infoblox certificate authentication service uses OCSP to validate certificate status for X. you can now use the set ssl_tls_protocols command to enable and disable different versions of the SSL/TLS protocol. Infoblox recommends that you create a database snapshot prior to making significant changes. and a stub member NS group is a collection of one or more Grid members. For more information about the CLI commands. PIV Card Support for Two-Factor Authentication (RFE-6279) This release adds support for Personal Identity Verification (PIV) card users to the two-factor authentication method. you can roll back the NIOS database to the snapshot that you have created earlier. Page 16 of 63 400-0704-202 Rev. the logging of DHCP transaction ID is enabled by default. Ability to Select Core Files for Support Bundle (RFE-6449) You can now select core files to be included in the Infoblox support bundle when you download it. NIOS 8.2 Release Notes TLSA Resource Records for DANE (RFE-3207) You can now define whether a certificate or a public key must be associated with a domain name when you define a TLSA (Transport Layer Security) resource record through Grid Manager.2. IPv6 Enhancements (RFE-4040) The appliance now supports using IPv6 anycast addresses for NS records to override the auto-generated IP addresses. The wizard will then use information from the selected record to create a DTC server. You can use this feature to forward WINS packets to dedicated Windows DNS and DHCP servers. © 2017 Infoblox Inc. Page 17 of 63 400-0704-202 Rev. For detailed information about these commands. Starting with this release. All registered trademarks are property of their respective owners. the appliance tests the resolution of the child NS RRset. the appliance will use the parent NS RRset.0. refer to the Infoblox CLI Guide. When this feature is enabled and there is a “disjoint” between the parent and child NS RRsets. Support for Query Response Screening (RFE-6515) Infoblox now provides a CLI command that you use to enable the DNS query response screening feature. you can select a DNS record to provide information for creating a DTC Server.x releases. when the DTC server wizard is launched from the Traffic Control tab. You will see this change when you install or upgrade to NIOS 8. ➢ The Traffic Control Visualization can now be viewed in two panels: A panel that is displayed next to the Traffic Control list view or in an expanded full size panel. you do not have to depend on an external Certificate Authority to issue a digitally signed TLS certificate for your domain name. ➢ Management of Health Monitors and Topology Rulesets have been moved to dialogs that are launched from the Traffic Control tab.2. DNS records can be selected under DNS or IPAM.x.x • In NIOS 8.0 • The Infoblox DNS Traffic Control solution delivers an enhanced user interface through Grid Manager. Also. and you can launch the DTC Server wizard.2. CHANGES TO DEFAULT BEHAVIOR This section lists changes to default behavior in NIOS 8. Adding Extensible Attribute Values Hosts (RFE-6274) When configuring Host records. Ability to Forward WIN packets from NIOS to Microsoft Servers (RFE-7081) This release provides CLI commands that you use to enable the forwarding of WINS packets from NIOS to Microsoft DNS and DHCP servers.NIOS 8.2. When you define your own TLSA record. A 11/14/2017 . NIOS 8. All Rights Reserved. you can now select to associate extensible attributes with all the host records you have defined or associate extensible attributes with only a selected host. you will experience the following changes: ➢ The DTC Server wizard has been integrated with IPAM and DNS.x. If the resolution fails for all name servers. the appliance adds IP addresses of the external secondary servers to the “also-notify” statement for all master zones. 5. All registered trademarks are property of their respective owners. refer to the latest versions of the Infoblox API Documentation and the Infoblox WAPI Documentation. • In previous release.3. when port redundancy was configured and if LAN1 was not available. 2.6. All Rights Reserved.12.NIOS 8.1 to behave as if they were sent against 1.7.4.7. © 2017 Infoblox Inc.7.1. 2. 2. this behavior has changed.12. WAPI Deprecation and Backward Compatibility Policy This policy covers the interfaces exposed by the Infoblox WAPI and the protocol used to communicate with it. CHANGES TO Infoblox API and RESTful API (WAPI) This section lists changes made to the Infoblox API and RESTful API in NIOS releases.12.1.5. you can select the resource record type (NSEC or NSEC3) you want to use for handling non-existent names in DNS for the Resource Record Type for Nonexistent Proof option. the appliance does not automatically revert from LAN2 to LAN1 even when the LAN1 interface is available. For detailed information about the supported methods and objects. Once the LAN1 connection was available.2.14 to 6. After a failover.12.18 and later 6. 1. 1.3. the appliance fetches a fresh copy from the authoritative server if the pre-fetch condition (Eligible and Trigger settings) is met.2. This caused the documentation to also display v2.7. ➢ New menu actions have been added to the Action menu (the gear icon) and the visualization tooltip.1 as the latest version and requests sent as 2.1. • Starting with this release. You can use these actions to quickly add servers to pools and pools to LBDNs.x releases.4.7.0. 1.2.1 instead of 1. 2. Page 18 of 63 400-0704-202 Rev. previously available WAPI versions are intended to remain accessible and operative with later versions. the alias to the current WAPI version was incorrectly specified as 2. The default is now NSEC3 versus NSEC in previous releases. 1. the Infoblox appliance failed over to LAN2. 1. bloxTools is now supported on NIOS virtual appliances.5. the IB-4030 and IB-4030-10GE appliances use the cache pre-fetch option to replace the old cache refresh.0.2 Release Notes ➢ The visualization panel has many improvements for visualizing and managing traffic control structures. When a query asks for data that has been cached. • When configuring DNSSEC. 1.1.12. including tooltip menus for directly editing Traffic Control objects. 2.7. You can select the Prefer LAN1 when available option when you enable port redundancy to always use LAN1 when it is available. Cache pre-fetch detects cached records that are about to expire and fetch another copy before the actual expiration. available through the NIOS products and on the Infoblox Support web site.1.5.7. Starting with this release.3.1. • In previous releases.1. 2. 1. Unless explicitly stated in the release notes. the appliance reverted to LAN1 automatically. The latest available WAPI version is 2.2.7. 1.7. 2. A 11/14/2017 .3.2.2. 2. 1.6. 2.2. If this option is not selected.4.4. 1.17. bloxTools is not supported on NIOS virtual appliances. the appliance no longer reverts automatically back from LAN2 to LAN1. This option helps minimize the time window in which no answer is available in the cache.2.2.6. NOTE: In NIOS versions 6. This issue was rectified in NIOS 6.0. 1.1. 2.12.18 or later. 1.1. 2.1. This NIOS release supports the following WAPI versions: 1.3. 1.2.7.5 immediately after upgrading from an affected release to NIOS 6. 1. in addition to returning the data. 2. Any WAPI scripts using v2.1 in the URI written to run against NIOS versions 6.x should be changed to v1. 1. 2.4. 4 and the release notes contain an announcement of the v1.0 includes the following WAPI changes: New Structures: ➢ vtftpdirmember ➢ remoteddnszone ➢ networkview:assocmember ➢ upgradegroup:schedule ➢ upgradegroup:member ➢ smartfolder:groupby ➢ smartfolder:groupbyvalue ➢ smartfolder:queryitem ➢ smartfolder:queryitemvalue ➢ radius:server ➢ upgradestep ➢ hotfix ➢ tacacsplus:server ➢ zonerolloverinfo ➢ discoverytaskport ➢ hsm:safenet ➢ hsm:thales ➢ dxl:endpoint:broker ➢ member:dnsip ➢ setting:dynamicratio © 2017 Infoblox Inc.5 deprecation. This policy applies to both major and minor versions of the WAPI. After that.x NIOS 8. Infoblox seeks to avoid any deprecation that has not been announced in advance.0 includes the following PAPI changes: New Structures: ➢ Infoblox::DXL::Endpoint::Broker ➢ Infoblox::Grid::DNS::IP ➢ Infoblox::DTC::Pool::DynamicRatioSetting ➢ Infoblox::DTC::Server::Monitor ➢ Infoblox::Grid::Discovery::DeviceSupportInfo ➢ Infoblox::Grid::Discovery::DeviceDataCollectionStatus ➢ Infoblox::Grid::Discovery::DeviceSupportInfoResponse ➢ Infoblox::Grid::Member::Discovery::CiscoAPICConfig New Objects: ➢ Infoblox::DXL::Endpoint ➢ Infoblox::Grid::ThreatInsight::CloudClient NIOS 8. Page 19 of 63 .2.5. the announced WAPI version and all prior versions will no longer be supported in subsequent releases.NIOS 8. however product modifications and enhancements may affect specific API requests without a prior announcement. Infoblox reserves the right to change this policy. API requests adherent to versions later than v1. v1. All Rights Reserved. if the current WAPI release is v3.0 for example) would continue to work with subsequent releases.2.5 API requests would continue to work with later releases for one year from the announcement date. For example.2. some or all requests for these deprecated versions may not work with versions later than v1. NIOS 8. Upon deprecation.4 and v1. All registered trademarks are property of their respective owners.2.2 Release Notes The planned deprecation of a given version of the WAPI will normally be announced in the release notes at least one year in advance.5 (v2. Infoblox does not warrant that all API requests will be unaffected by future releases. 400-0704-202 Rev. A 11/14/2017 . 2.2 Release Notes ➢ dtc:server:monitor ➢ discovery:devicesupportinfo ➢ discovery:devicedatacollectionstatus ➢ discovery:ciscoapicconfiguration New Objects: ➢ approvalworkflow ➢ authpolicy ➢ discovery:devicesupportbundle ➢ distributionschedule ➢ dns64group ➢ ftpuser ➢ grid:filedistribution ➢ grid:threatanalytics ➢ ipv6dhcpoptiondefinition ➢ ipv6dhcpoptionspace ➢ ipv6fixedaddresstemplate ➢ ipv6rangetemplate ➢ mastergrid ➢ member:filedistribution ➢ member:threatanalytics ➢ mssuperscope ➢ natgroup ➢ radius:authservice ➢ record:dname ➢ record:dnskey ➢ record:ds ➢ record:nsec ➢ record:nsec3 ➢ record:nsec3param ➢ record:rrsig ➢ smartfolder:children ➢ smartfolder:global ➢ smartfolder:personal ➢ tacacsplus:authservice ➢ tftpfiledir ➢ threatanalytics:moduleset ➢ threatanalytics:whitelist ➢ upgradegroup ➢ upgradeschedule ➢ hsm:safenetgroup ➢ hsm:thalesgroup ➢ hsm:allgroups ➢ dxl:endpoint ➢ threatinsight:cloudclient .NIOS 8. A Page 20 of 63 11/14/2017 . 400-0704-202 Rev. All registered trademarks are property of their respective owners.© 2017 Infoblox Inc. All Rights Reserved. 2.1. NIOS 8.0 includes the following PAPI changes: New Structures: ➢ Infoblox::Grid::Member::DNS::ViewAddressSetting New Objects: ➢ Infoblox::Grid::ThreatProtection::Profile ➢ Infoblox::Grid::ThreatProtection::Profile::Rule Deprecation: ➢ The settings for enable_one_lease_per_client and it's override field override_enable_one_lease_per_client are deprecated for the following objects: Infoblox::Grid::DHCP.1.0 includes the following WAPI changes: New Structures: ➢ setting:viewaddress ➢ threatprotection:natport ➢ threatprotection:natrule ➢ threatprotection:statinfo ➢ threatprotection:ruleconfig ➢ threatprotection:ruleparam ➢ ldap_server ➢ ldap_eamapping ➢ ntpac ➢ ntpaccess ➢ ntpserver ➢ ntpkey ➢ grid:ntp ➢ member:ntp ➢ lomuser ➢ grid:consentbannersetting ➢ grid:informationalbannersetting ➢ scheduledbackup ➢ member:dnsgluerecordaddr .1.2 Release Notes NIOS 8. New fields lease_per_client_settings and override_lease_per_client_settings should be used.NIOS 8. Infoblox::Grid::Member::DHCP. The relations between new and deprecated fields are as follows: o 'ONE_LEASE_PER_CLIENT' in lease_per_client_settings corresponds to the True value of enable_one_lease_per_client o 'RELEASE_MATCHING_ID' in lease_per_client_settings corresponds to the False value of enable_one_lease_per_client o 'NEVER_RELEASE' has no corresponding value in enable_one_lease_per_client o use_lease_per_client_settings is equivalent to use_enable_one_lease_per_client ➢ Infoblox::Grid::Admin::User no longer supports regexp search by ca_certificate_issuer (only exact search is allowed from now on).x NIOS 8. Page 21 of 63 400-0704-202 Rev. A 11/14/2017 .© 2017 Infoblox Inc. All registered trademarks are property of their respective owners. All Rights Reserved. AAAA. The relations between new and deprecated fields are as follows: o 'ONE_LEASE_PER_CLIENT' in lease_per_client_settings corresponds to the True value of enable_one_lease_per_client o 'RELEASE_MATCHING_ID' in lease_per_client_settings corresponds to the False value of enable_one_lease_per_client o 'NEVER_RELEASE' has no corresponding value in enable_one_lease_per_client o use_lease_per_client_settings is equivalent to use_enable_one_lease_per_client NIOS 8. • Object Infoblox::DTC::Server ‘translation’ and ‘override_translation’ were deprecated.2. AAAA.NIOS 8. CNAME. Infoblox::DTC::Server NAPTR records This release also adds the following new objects for PAPI and WAPI: PAPI new objects: ➢ Infoblox::Grid::ObjectsChangesTrackingSetting ➢ Infoblox::Grid::DNS::AllNsgroups .2 Release Notes New Objects: ➢ threatprotection:profile ➢ threatprotection:profile:rule ➢ grid:threatprotection ➢ threatprotection:ruleset ➢ threatprotection:statistics ➢ threatprotection:rulecategory ➢ threatprotection:ruletemplate ➢ threatprotection:grid:rule ➢ ldap_auth_service ➢ rir ➢ rir:organization ➢ kerberoskey ➢ hostnamerewritepolicy ➢ recordnamepolicy Deprecation: ➢ The settings for enable_one_lease_per_client and it's use field use_enable_one_lease_per_client are deprecated for the following objects: grid:dhcpproperties and member:dhcpproperties. Object Infoblox::OCSP::AuthService has been deprecated. CNAME.0.0 This NIOS release includes the following API changes: • Admin permission All OCSP Services was renamed to All Certificate Auth Services. These functions were implemented using object Infoblox::DTC::Record::A. The new field lease_per_client_settings (use-flag is use_lease_per_client_settings) should be used. use new object Infoblox::Grid::Admin::CertificateAuthService. NAPTR records New Object Name Old Object Name Infoblox::Grid::Admin::CertificateAuthService Infoblox::OCSP::AuthService Infoblox::DTC::Record::A. All Rights Reserved. Page 22 of 63 400-0704-202 Rev. A 11/14/2017 .© 2017 Infoblox Inc. All registered trademarks are property of their respective owners. 2.2 Release Notes ➢ Infoblox::Grid::DNS::Nsgroup::ForwardStubServer ➢ Infoblox::Grid::DNS::Nsgroup::StubMember ➢ Infoblox::Grid::DNS::Nsgroup::ForwardingMember ➢ Infoblox::Grid::BFD::Template ➢ Infoblox::Notification::REST::Endpoint ➢ Infoblox::Notification::REST::Template ➢ Infoblox::Notification::REST::TemplateParameter ➢ Infoblox::Notification::REST::TemplateInstance ➢ Infoblox::DTC::Record::A ➢ Infoblox::DTC::Record::AAAA ➢ Infoblox::DTC::Record::CNAME ➢ Infoblox::Grid::Member::QueryFQDNParameter ➢ Infoblox::Grid::Member::QueryFQDNResponse ➢ Infoblox::DNS::Record::DHCID ➢ Infoblox::Grid::DBSnapshot ➢ Infoblox::DNS::Record::TLSA ➢ Infoblox::Grid::LicenseSubPool ➢ Infoblox::Grid::LicenseGridWide ➢ Infoblox::Grid::Member::License ➢ Infoblox::Grid::ServiceRestart::Request::ChangedObject WAPI new objects: ➢ ad_auth_service ➢ db_objects ➢ deleted_objects ➢ allnsgroup ➢ nsgroup:forwardstubserver ➢ nsgroup:stubmember ➢ nsgroup:forwardingmember ➢ nsgroup:delegation ➢ bfdtemplate ➢ notification:rest:endpoint ➢ notification:rest:template ➢ notification:rest:templateparameter ➢ notification:rest:templateinstance ➢ dtc:record:a ➢ dtc:record:aaaa ➢ dtc:record:cname ➢ dtc:monitorhttp ➢ record:dhcid ➢ upgradestatus ➢ filterrelayagent ➢ fixedaddresstemplate ➢ rangetemplate ➢ dhcpoptionspace ➢ dhcpoptiondefinition ➢ dhcp:statistics ➢ orderedranges ➢ record:ns ➢ discovery:gridproperties ➢ discovery:memberproperties .NIOS 8. All registered trademarks are property of their respective owners. All Rights Reserved. ➢ bulkhostnametemplate © 2017 Infoblox Inc. A 11/14/2017 . Page 23 of 63 400-0704-202 Rev. 6.13 2.12.2.13 2.0 Microsoft Windows 7® 0.603 5.72 6.20.13 2.18.72 6.fc14.603 45.12.22.i686 Ubuntu x86_64 GNU/Linux 5.2 Release Notes ➢ capacityreport ➢ localuser:authservice ➢ dbsnapshot ➢ record:tlsa ➢ license:gridwide ➢ grid:servicerestart:request:changedobject ➢ certificate:authservice ➢ mgm:grid (available in MGM only) ➢ mgm:networkview (available in MGM only) ➢ mgm:network (available in MGM only) ➢ mgm:member (available in MGM only) ➢ mgm:monitorentry (available in MGM only) ➢ mgm:monitordata (available in MGM only) ➢ mgm:usermapping (available in MGM only) WAPI new structs: ➢ objectschangestrackingsetting ➢ exclusionrangetemplate ➢ option60matchrule ➢ zonenameserver ➢ discovery:seedrouter ➢ discovery:scaninterface ➢ discovery:port ➢ discovery:advancedpollsetting ➢ capacityreport:objectcount ➢ thresholdtrap ➢ trapnotification ➢ grid:licensesubpool ➢ ocsp_responder ➢ ad_auth_server Supported Perl and Dependency Versions for the Infoblox API Perl Crypt::SSLeay LWP::UserAgent XML::Parser Net::INET6Glue OS Version Version Version Version Version 5.25.603 5.0 0.1® 0.13 2.2 Red Hat® Enterprise Linux® 5.44 0.0 Microsoft Windows 8.44 0.603 7.3 0.603 .72 6.44 0.13 2.6- 5.72 6.22.NIOS 8.72 6.3 Microsoft Windows 8® 5.1 Fedora core 2.3 0.44 0.16.72 6.2 0.44 0.13 2.603 5.44 0.22. 72 6. Page 24 of 63 400-0704-202 Rev. All Rights Reserved. A 11/14/2017 . All registered trademarks are property of their respective owners.13 2.10.Apple® Mac OS X 10.44 0.18.603 © 2017 Infoblox Inc.3 5.2 0. it will clear the DNS cache.2 and keep this feature enabled to handle unreachable authoritative servers.1 in the URI written to run against NIOS versions 6.2. Upgrading to NIOS 8.5 0. • There are special restrictions for configuration changes when upgrading to NIOS 8. This issue was rectified in NIOS 6.5. which will clear the current cache.x • If you set up your Grid to use Infoblox Threat Insight but have not enabled automatic updates for Threat Analytics module sets.12.9. your upgrade will fail. Managing NIOS Software and Configuration Files of the Infoblox NIOS Administrator Guide.12.14 to 6.18 and later 6.0 Apple® Mac OS X 10.0 and later versions.2.603 5.201 to NIOS 8. All Rights Reserved. This caused the documentation to also display v2.1 to behave as if they were sent against 1.3. A 11/14/2017 . Infoblox recommends that you run the upgrade test. you must manually upload the latest module set to your Grid or enable automatic updates before upgrading. Otherwise.0. • If you are upgrading from 7.0 and later releases.1. if you enable this when you are trying to mitigate an ongoing attack on an authoritative server that is outside of your control. which will magnify the issues that your system is experiencing.7.13 2.x • Infoblox recommends that you enable DNS Fault Tolerant Caching right after you upgrade to NIOS 8.2.0. Page 25 of 63 400-0704-202 Rev.2 UPGRADE GUIDELINES Upgrading to NIOS 8.0 (for the Splunk app) after the NIOS upgrade.18 or later.12.44 0.3.7. BEFORE YOU INSTALL To ensure that new features and enhancements operate properly and smoothly.17. For detailed information about the restrictions. Any WAPI scripts using v2. refer to Chapter 10.x and have reporting clustering configured. Therefore.22.72 6.1 as the latest version and requests sent as 2.1 instead of 1. so you can resolve any potential data migration issues before the upgrade. you must download and upgrade to IBRA 1.x releases. Infoblox recommends that administrators planning to perform an upgrade from a previous release create and archive a backup of the Infoblox appliance configuration and data before upgrading. • In NIOS versions 6.5.200 or 7. Infoblox recommends that you evaluate the capacity on your Grid and review the upgrade guidelines before you upgrade from a previous NIOS release.x should be changed to v1.x • During a scheduled full upgrade to NIOS 8.16.12. All registered trademarks are property of their respective owners.NIOS 8. the alias to the current WAPI version was incorrectly specified as 2.12. Upgrading to NIOS 8. You can run an upgrade test before performing the actual upgrade. You cannot use IPv6 addresses for NXDOMAIN redirection while the upgrade is in progress. © 2017 Infoblox Inc.0.2 Release Notes 5.1.7.5 immediately after upgrading from an affected release to NIOS 6.12. Note that enabling this feature requires a DNS service restart. you can use only IPv4 addresses for NXDOMAIN redirection. 22.x.x. and 10.x.2.x releases 7.x Safari 8.x.x Apple® Mac OS X 10. 31. 27.x. 25.x.x Google Chrome 37.2.x.x releases Technical Support Infoblox technical support contact information: Telephone: 1-888-463-6259 (toll-free.x. 31.x.x.2. 30. and 16.2xx releases 7.x Red Hat® Enterprise Linux® 7.x. 22.x. 21.3. 25.x.x* Mozilla Firefox 37. 31. 21. 27. 16.x Mozilla Firefox 32.x.x.x Microsoft Windows XP® (SP2+) Microsoft Internet Explorer® 11.x.x Google Chrome 43.x. 36. and 16.x.S. 21.x. 27. 36. A 11/14/2017 .x. ext.x. 25. 10. and 10. 30.x.19 and earlier 7. 25. 25. Infoblox supports the following browsers for Grid Manager: OS Browser Microsoft Windows 10® Microsoft Internet Explorer® 11.x.com Web: https://support. 41.x Google Chrome 41. 40. 42. 22.x.x. 32. 40.x Mozilla Firefox 32. and 16.x.x.x.2.x.x releases 8.10 and earlier 8.x. 30. 36.com GUI Requirements Grid Manager supports the following operating systems and browsers. 25.x.x.x.x.x.x. 10.x. 22. and 16. 9. 30.0. and 10. and 16. Grid Manager supports only SSL version 3 and TLS version 1 connections.x.x. 31. and 10.0. 30.x releases 7.x.1 and 8.x.x.17 and earlier 7. 27.x.x.100 7.x.x.x.x.x.1.x.x Google Chrome 37.x.x. and 16. 21.x © 2017 Infoblox Inc. 22. U. 27.x. 36.x*. 27. 22.x Mozilla Firefox 32. 21.x Mozilla Firefox 32.2.x.x*.x.x. All registered trademarks are property of their respective owners. 31.x. 21.x.11 and earlier 7.11. 16.x Red Hat® Enterprise Linux® 5.x.200 releases 7.10. and 10. 10.x.x.x. 30.x releases 6.NIOS 8.x Google Chrome 37.0 8.x. 8. You can also schedule a full upgrade from these releases. 36.x.x Mozilla Firefox 32.x Apple® Mac OS X 10.x Microsoft Windows 7® Microsoft Internet Explorer® 11. and 10.infoblox.x. 1 E-mail: support@infoblox. 16.x.x.28 and earlier 6.x.3. 36.x.1. 36. 22.x.x. 7. and 16. 31.3. and 10.0.9 and earlier 7. 22. 32. 7.x. 21. 25.x*.x.x. Infoblox recommends that you use a computer that has a 2 GHz CPU and at least 1 GB of RAM. 31. 31. 16. 30. 25.x Google Chrome 37.x. 31.1.x.x. All Rights Reserved. 30.x. 30. and 16. 27.x Mozilla Firefox 32.202-LD and earlier 7. and Canada). 16. 16. 37. +1-408-625-4200.6 and earlier 8.x Google Chrome 37.x releases 7.x.x. 10.x Microsoft Windows 8. 27. 37. 36.12.x.12.2.x releases 7.x.2 Release Notes The following is a list of upgrade and revert paths. You must install and enable Javascript for Grid Manager to function properly.201 and 7. and 16.0.x.0® Microsoft Internet Explorer® 11.x Mozilla Firefox 32. 27. 16. 22.x. 21. Page 26 of 63 400-0704-202 Rev.3.x Google Chrome 37.x.x. and 10. 37. 25.x.x. 21.x Safari 8.x.x*.x. 36. 16.3.x Google Chrome 37.x.x.x.1.x. and 10.x Mozilla Firefox 39.x.1 and 8. 9.2. 16.x.x Red Hat® Enterprise Linux® 6.x. x Safari 7.x.com/events/uploads/infoblox/login. 25. Page 27 of 63 400-0704-202 Rev.x. 25.viewcentral. 30. your home page in Grid Manager.x Mozilla Firefox 32.x Apple® Mac OS X 10.x Mozilla Firefox 32.x When viewing Grid Manager. OpenSSL could do a one-byte buffer overread. expand the Help panel.x. 31. ensure that you have installed your NIOS appliance.x. 16. © 2017 Infoblox Inc.x.x. set the screen resolution of your monitor as follows: Minimum resolution: 1280 x 768 Recommended resolution: 1280 x 1024 or better Documentation You can download the Infoblox NIOS Administrator Guide from the appliance. and configured it accordingly. and 16.x.x Google Chrome 37.x.x. 3. and 16.x.x. 31.html.nist. 22.x. ACCESSING GRID MANAGER Before you log in to Grid Manager. 31. To log in to Grid Manager: 1.x.x. All Rights Reserved. 2.x. including vulnerabilities that do not affect Infoblox appliances. 27.x.8.509 certificate had a malformed IPAddressFamily extension. 21.x Safari 5.2 Release Notes Apple® Mac OS X 10.x. 30.x Google Chrome 37. 30. 25. and then click Documentation -> Admin Guide. and 10.x. Grid Manager displays the Dashboard. 22. The Infoblox Support website at https://support. and 10.x. 36. 31.x.x. refer to Infoblox KB #2899. 21.9.x.com also provides more information.x. For vulnerabilities that are not listed in this section. 27.x Apple® Mac OS X 10.6.2. 25. Training Training information is available at http://inter.x.x Apple® Mac OS X 10. All registered trademarks are property of their respective owners.x. 36.x. 27. Open an Internet browser window and enter https://<IPv4 address or hostname of your NIOS appliance> or https://[IPv6 address] of your NIOS appliance.x. The default user name is admin and password is infoblox. ADDRESSED VULNERABILITIES This section lists security vulnerabilities that were addressed in the past 12 months. and 10. and 10. 36.gov/. and then click Login or press Enter. CERT VULNERABILITY NOTE CVE-2017-3735 If an X. Enter your user name and password.NIOS 8.x Safari 5. 21.x Safari 6.x.x Mozilla Firefox 32.x. 22. as described in the installation guide or user guide that shipped with your product.x. From Grid Manager.x. Read the Infoblox End-User License Agreement and click I Accept to proceed.x Google Chrome 37. please refer to the National Vulnerability Database (NVD) at http://nvd.x Mozilla Firefox 32.x. 16. A 11/14/2017 . and 16. 30. 27.x. resulting in an erroneous display of the certificate in text format.x Google Chrome 37. The Grid Manager login page appears.x.x. and 16.infoblox. For additional information about these vulnerabilities. 36.x.x.7.x.x.x. 16. 16. 21. 22. including their severities. c and s3_srvr.2 Release Notes CERT VULNERABILITY NOTE CVE-2016-10229 udp.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations. CVE-2016-7434. CERT VULNERABILITY NOTE CVE-2017-3143 An attacker who was able to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted might be able to manipulate NIOS into accepting a dynamic update. “named” could stop execution after encountering an assertion error in resolver. CVE-2017-6458. CERT VULNERABILITY NOTE CVE-2016-9147 An error handling a query response containing inconsistent DNSSEC information could trigger an assertion failure and cause the DNS service to stop. CERT VULNERABILITY NOTE CVE-2017-3142 An attacker who was able to send and receive messages to an authoritative DNS server might be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. the querying process could resume in an inconsistent state. resulting in a denial of service to clients. CVE-2017-6451.NIOS 8.1u and 1. All Rights Reserved. All registered trademarks are property of their respective owners.0.5 allowed remote attackers to execute arbitrary code via UDP traffic that triggered an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. CVE-2017-6452. © 2017 Infoblox Inc. CERT VULNERABILITY NOTE CVE-2017-3136 Using DNS64 with 'break-dnssec yes' could cause the DNS service to exit with an assertion failure. resulting in either an INSIST assertion failure or an attempt to read through a NULL pointer.c in the Linux kernel before 4. resulting in additional recursions that consumed DNS resources indefinitely and caused performance issues or DNS outage. CERT VULNERABILITY NOTE CVE-2017-3140 RPZ policy handling could affect servers using RPZ policies that included NSIP or NSDNAME triggers. CVE-2017-6460. CVE-2017-6459. CERT VULNERABILITY NOTE CVE-2016-9444 An unusually-formed answer containing a DS resource record could trigger an assertion failure and cause the DNS service to stop.2.c. CERT VULNERABILITY NOTE CVE-2016-8864 While processing a recursive response that contained a DNAME record in the answer section. CVE-2017-6455.c.8p10 to address the following medium to low severity vulnerabilities: CVE-2017-6464. CVE-2017-6462. CVE-2016-9042. CERT VULNERABILITY NOTE CVE-2017-3137 Processing a response containing CNAME or DNAME records in an unusual order could cause a DNS resolver to terminate.2. Page 28 of 63 400-0704-202 Rev. CERT VULNERABILITY NOTE CVE-2016-6306 The certificate parser in OpenSSL before 1. CERT VULNERABILITY NOTE CVE-2017-3135 Under some conditions when using both DNS64 and RPZ to rewrite query responses. CVE02017-6463. related to s3_clnt. CERT VULNERABILITIES for NTPD Upgraded NTPD to ntp-4.2 before 1. CERT VULNERABILITY NOTE CVE-2016-9131 A malformed response to an ANY query can trigger an assertion failure during recursion and cause the DNS service to stop.0. resulting in a denial of service to clients. A 11/14/2017 . resulting in a denial of service to clients.0. 0. CERT VULNERABILITY NOTE CVE-2015-8000 If responses from upstream servers contained an invalid class parameter for certain record types. Page 29 of 63 400-0704-202 Rev.1.c in the Linux kernel before 4. CERT VULNERABILITY NOTE CVE-2015-8704 A DNS server could exit due to an INSIST failure in apl_42. CERT VULNERABILITY NOTE CVE-2015-7547 The glibc DNS client side resolver was vulnerable to a stack-based buffer overflow when the getaddrinfo() library function was used.0.c in OpenSSL before 1.1.0 before 1. ▪ Recursive resolvers were potentially vulnerable when logging. which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in- window attack. an error could occur when data that had been received in a resource record was formatted to text during debug logging.c or an unpredictable crash (e. or relay program to terminate abnormally. if they were fed a deliberately malformed record by a malicious server.0a allowed remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.2 before 1. This issue could affect both authoritative and recursive servers if they were performing debug logging.0 through 7. Depending on the BIND version in which this occurred.0. resulting in a denial of service to clients. © 2017 Infoblox Inc.2i. attacker-controlled DNS servers. CERT VULNERABILITY NOTE CVE-2015-8705 In some versions of BIND.4 were affected by this vulnerability.g.2.c or alist.2. segmentation fault or other termination). All Rights Reserved. client. or through a man-in-the-middle attack.2 Release Notes CERT VULNERABILITY NOTE CVE-2016-6304 Multiple memory leaks in t1_lib. CERT VULNERABILITY NOTE CVE-2016-1286 An attacker who controlled a server to make a deliberately chosen query to generate a response that contained RRSIGs for DNAME records could cause the DNS service to fail due to an assertion failure in resolver .2.0 through 7. ▪ A server which had cached a specially constructed record could encounter this condition while performing 'rndc dumpdb'. Software using this function might be exploited with attacker-controlled domain names.1. A 11/14/2017 .c or db. CERT VULNERABILITY NOTE CVE-2016-1285 A defect in the control channel input handling could cause the DNS service to fail due to an assertion failure in sexpr. CERT VULNERABILITY NOTE CVE-2016-5696 The net/ipv4/tcp_input. 1. ▪ Masters using text-format db files could be vulnerable if they accepted a malformed record in a DDNS update message.1.8 and NIOS 7. Examples included but might not be limited to the following: ▪ Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer from their masters. causing a denial of service.7 did not properly determine the rate of challenge ACK segments. All registered trademarks are property of their respective owners.c when a malformed packet was sent to the control channel.c. Note that NIOS 7. CERT VULNERABILITY NOTE CVE-2015-8605 A badly formed packet with an invalid IPv4 UDP length field could cause a DHCP server.NIOS 8.c when performing certain string formatting operations. the error could cause either a REQUIRE assertion failure in buffer. and 1. DNS service might terminate with an assertion failure.1u. 1. CERT VULNERABILITY NOTE CVE-2015-5722 Parsing a malformed DNSSEC key could cause a validating resolver to exit due to a failed assertion. CERT VULNERABILITY NOTE CVE-2015-6364 and CVE-2015-5366 A flaw was found in the way the Linux kernel networking implementation handled UDP packets with incorrect checksum values. 1.2 before 1.2 before 1.9. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or. CERT VULNERABILITY NOTE CVE-2015-1781 A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input.0. CERT VULNERABILITY NOTE CVE-2015-1789 The X509_cmp_time function in crypto/x509/x509_vfy.0.8zg.0 and BIND 9. A 11/14/2017 .0.2. execute arbitrary code with the permissions of the user running the application. © 2017 Infoblox Inc.0.9. 1.0.660 OID for a hash function.2b allowed remote attackers to cause a denial of service (infinite loop) via vectors that triggered a NULL value of a BIO data structure. potentially.NIOS 8.8zg. A remote attacker could deliberately trigger this condition by using a query that required a response from a zone containing a deliberately malformed key. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel.1 before 1.0.1. CERT VULNERABILITY NOTE CVE-2015-1792 The do_free_upto function in crypto/cms/cms_smime.0.2 Release Notes CERT VULNERABILITY NOTE CVE-2015-6564 Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution CERT VULNERABILITY NOTE CVE-2015-6563 Fixed a privilege separation weakness related to PAM support.c in OpenSSL before 0.c in OpenSSL before 0. and 1. resulting in a denial of service on the system.0.1 before 1.0 before 1. and 1. and 1.0. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users CERT VULNERABILITY NOTE CVE-2015-5986 An incorrect boundary check could cause DNS service to terminate due to a REQUIRE assertion failure.0 before 1.1 encoding and lacks inner EncryptedContent data.0s.0.0.1n. It was introduced in the changes between BIND 9.1 before 1. Page 30 of 63 400-0704-202 Rev.0.c in OpenSSL before 0. as demonstrated by an unrecognized X. CERT VULNERABILITY NOTE CVE-2015-5477 A remotely exploitable denial-of-service vulnerability that exists in all versions of BIND 9 currently supported.0.0.0. 1. CERT VULNERABILITY NOTE CVE-2015-1790 The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.0s.0.0.0s.2 before 1. 1.0. All registered trademarks are property of their respective owners.9.0. 1. An attacker could deliberately exploit this by providing a maliciously constructed DNS response to a query.2b allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that used ASN.0 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data. All Rights Reserved. or causing a denial of service in applications using the edge triggered epoll functionality.8zg.1n.1n. as demonstrated by an attack against a server that supported client authentication with a custom verification callback. y in GNU BASH through v. 4. Although it was not possible to exploit this as a security issue in NIOS. SSL3 is disabled in NIOS. CERT VULNERABILITY NOTE CVE-2014-8104 The OpenVPN community issued a patch to address a vulnerability in which remote authenticated users could cause a critical denial of service on Open VPN servers through a small control channel packet. 4." CERT VULNERABILITY NOTE CVE-2014-3470 Enabling anonymous ECDH cipher suites on TLS clients could cause a denial of service. CERT VULNERABILITY NOTE CVE-2014-7186 The redirection implementation in parse. CERT VULNERABILITY NOTE CVE-2014-3567 A denial of service vulnerability that is related to session tickets memory leaks. allowing a man-in-the-middle (MITM) attack to decrypt and modify traffic between a client and a server.2. Page 31 of 63 400-0704-202 Rev.2 Release Notes CERT VULNERABILITY NOTE CVE-2015-4620 A recursive resolver configured to perform DNSSEC validation. 4. CVE-3014-6277. © 2017 Infoblox Inc. CERT VULNERABILITY NOTE CVE-2014-6271. but you can disable SSL3 on your reporting server to protect it from the vulnerability.NIOS 8. AND CVE-2014-7169 GNU Bash through v. CERT VULNERABILITY NOTE CVE-2014-9298 An attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses because NTP's access control was based on a source IP address. CERT VULNERABILITY NOTE CVE-2014-3566 SSL3 is vulnerable to man-in-the-middle-attacks.y in GNU BASH through v. All registered trademarks are property of their respective owners.3 processed trailing strings after function definitions in the values of environment variables. with a root trust anchor defined. which allowed remote attackers to execute arbitrary code via a crafted environment (also known as the "ShellShock" vulnerability). Note that SSL3 is still used for transmission of reporting data. CERT VULNERABILITY NOTE CVE-2014-0224 A specially crafted handshake packet could force the use of weak keying material in the SSL/TLS clients. All Rights Reserved. CERT VULNERABILITY NOTE CVE-2014-7187 Off-by-one error in the read_token_word function in parse. and connections must use TLSv1 (which is already used by all supported browsers).3 allowed remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly an unspecified impact through the "redir_stack" issue. could be deliberately crashed by an attacker who could cause a query to be performed against a maliciously constructed zone. A 11/14/2017 . CERT VULNERABILITY NOTE CVE-2014-8500 Failure to place limits on delegation chaining could allow an attacker to crash named or cause memory exhaustion by causing the name server to issue unlimited queries in an attempt to follow the delegation. it could cause some incorrect error conditions and messages while administering the product. CVE-2014-6278.3 allowed remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly an unspecified impact through deeply nested for loops (also known as the "word_lineno" issue). CERT VULNERABILITY NOTE CVE-2015-0235 Addressed an internal issue in C library (GNU C Library gethostbyname*). NIOS-64462 Critical An HA member experienced a disk full alert due to file rotation issues for reporting data. Fixed in NIOS 8. © 2017 Infoblox Inc. an appliance with a SNIC could return PCIe bus errors and trigger a SNIC reset or system reboot. All registered trademarks are property of their respective owners. For descriptions of the severity levels. The resolved issues are listed by severity. CERT VULNERABILITY NOTE CVE-2014-0591 A crafted query against an NSEC3-signed zone could cause the named process to terminate. CERT VULNERABILITY NOTE CVE-2014-0195 Remote attackers could trigger buffer overrun attack through invalid DTLS fragments to an OpenSSL DTLS client or server. NIOS-64410 Critical Under certain circumstances.2 Release Notes CERT VULNERABILITY NOTE CVE-2014-0221 Remote attackers could utilize DTLS hello message in an invalid DTLS handshake to cause a denial of service.2. the changes were not updated on the Microsoft servers because synchronization with the Windows servers did not occur. NIOS-64533 Critical Under specific circumstances. ID Severity Summary NIOS-65205 Major Under certain circumstances. RESOLVED ISSUES The following issues were reported in previous NIOS releases and resolved in this release. PIV card support for two-factor authentication might not function properly. the BGP unexpectedly restarted when restarting the DNS service.NIOS 8. Page 32 of 63 400-0704-202 Rev.6 might fail. NIOS-64623 Major WAPI: When using the WAPI to update a fixed address/Microsoft reservation that included custom DHCP options 66 and 67. CERT VULNERABILITY NOTE CVE-2014-0198 Enabling SSL_MODE_RELEASE_BUFFERS failed to manage buffer pointer during certain recursive calls that could cause a denial of service. resulting in an unassociated subnet.12. NIOS-64834 Critical When handling TCP output packets that resulted in a large number of socket buffer fragments. upgrading from 6. All Rights Reserved.24 to 8.1. causing DNS service outage. refer to Severity Levels on page 61. DNS service entered a restart loop. resulting in a denial of service. NIOS-65095 Critical Unable to assign a managing member to the Microsoft server in some specific configurations.2 ID Severity Summary NIOS-65101 Critical Microsoft AD synchronization might go into a warning state when a Microsoft site is deleted. NIOS-64571 Critical Running vDiscovery tasks for AWS endpoints might affect the Grid Manager performance. A 11/14/2017 . NIOS-65037 Critical Under certain circumstances.2. NIOS-64869 Major This release reverted the changes made to the “None” setting for zone transfers. NIOS-64394 Major It took a long time to import a lot of bulk host records through CSV import. resulting in an erroneous display of the certificate in text format. NIOS-64992 Major A newly added IPv6 static route through Grid Manager was not reflected in the output of the show routes CLI command. NIOS-64769 Major Under certain circumstances. DNS service for certain members was interrupted due to issues related to IP header offset. NIOS-65079 Major NIOS went into a restart loop due to two OMAPI socket descriptor issues that were later fixed in an ISC patch. a Microsoft failover association encountered data loss after Microsoft servers were added to the database in RW mode. OpenSSL could do a one-byte buffer overread.2 Release Notes NIOS-65048 Major A newly created zone contained auto-generated A records from Grid members that were not part of the NS group to which the zone was assigned. NIOS-64773 Major When using an IPV4/IPv6 LAN and MGMT address. NIOS-64899 Major The administrator password was displayed in text format in the audit log files when defining or creating a new AD connection.NIOS 8. NIOS-65103 Major Under specific circumstances. NIOS-64923 Major The passive node of an HA Grid Master encountered multiple segmentation faults when Cisco ISE was enabled. Page 33 of 63 400-0704-202 Rev. DNS service restarted with assertion failure. NIOS-65051 Major An upgrade could fail due to a database initialization issue. NIOS-63080 Major In a specific configuration. NIOS-64832 Major On some occasions. NIOS experienced an LDAP authentication issue when using AAA records to reach the LDAP servers. vDiscovery did not function properly in AWS. when deleting a selected exclusion range. NTP lost connection due to DNS service outage. NIOS-64674 Major On certain occasions. NIOS-64875 Major Unable to add a host record with a name that contained a dot and a hyphen under the strict hostname policy violation. All registered trademarks are property of their respective owners. NIOS-65036 Major Under specific configuration. All Rights Reserved. A 11/14/2017 . NIOS-62245 Major Certain IB-VM-820 appliances that did not have the serial console or pass the emergency prompt failed the boot-up process during an upgrade. NIOS-64952 Major Unable to view IPAM data in the IPAM tab of Grid Manager. NIOS might delete other exclusion ranges that were not selected for deletion.2. NIOS-65024 Major RPZ did not function properly after replacing the temporary RPZ license with a permanent one. NIOS-64913 Major Addressed the following vulnerability: CVE-2017-3735: If an X.509 certificate had a malformed IPAddressFamily extension. NIOS-64562 Major The Grid Master was inaccessible due to a disk full issue. © 2017 Infoblox Inc. NIOS-63875 Major Under specific circumstances. NIOS-64736 Major Unable to perform vDiscovery in an OpenStack environment that used public endpoints.2 Release Notes NIOS-64635 Major After adding a shared record group with an empty shared A record. NIOS-63762 Minor The NIOS Administrator Guide did not have comprehensive documentation about configuring prefix delegation.2. © 2017 Infoblox Inc. NIOS-63940 Major Under certain circumstances. reverting a standalone Grid member failed. NIOS-64743 Minor WAPI: The limitation of the size of a WAPI multiple object request was not documented. NIOS-63866 Major On rare occasions. NIOS-64602 Major The DNS names appeared in reverse order when searching in a smart folder. NIOS-65187 Minor The IPv4 address for the B-ROOT server has been changed. NIOS-63947 Major No NS records from the default NS group were assigned to the automatically created reverse zones. All registered trademarks are property of their respective owners. the Grid Master Candidate could reach a high database usage with a lot of “version_deleted_object” stored in the database. NIOS-64513 Major The Threat Protection and RPZ dashboards both displayed the same statistics on a Grid member. NIOS-64897 Minor Unable to apply a permanent Discovery license through Grid Manager on an ND-805 appliance. NIOS-64680 Major The show hardware status CLI command did not show the second power supply that was installed. All Rights Reserved. associating a zone with the shared record group caused the appliances associated with the zone to go offline.NIOS 8. NIOS-64665 NIOS-62611 Major NIOS tracked and limited TCP DNS queries. NIOS-64666 Major PAPI: It took longer than expected to execute a PAPI script in a specific NIOS version. A 11/14/2017 . NIOS-64450 Major SSH sessions were terminated automatically when running traffic capture in maintenance mode. unable to access the reporting server due to some licensing issues. which could affect TCP connections. Page 34 of 63 400-0704-202 Rev. NIOS-64540 Major The appliance would still perform zone transfers when you overrode the zone transfer setting to “None” at the zone level if your Grid or member setting allowed zone transfers. NIOS-63847 Major This release supports the SAN (Subject Alternate Name) over the commonName used in the self-signed certificates due to a change in the Google Chrome browser. NIOS-64429 Minor Upgrading a reporting license on a Grid in which the Grid license was already installed caused a conflict. All Rights Reserved. NIOS-63354 Critical Grid Manager returned an error when users tried to view or remove a scheduled task in the Administration -> Workflow -> Task Manager tab.NIOS 8.2. the appliance used a fixed password (instead of generating random passwords) for Cloud API users. All registered trademarks are property of their respective owners.0 ID Severity Summary NIOS-63829 Critical The NIOS Administrator Guide omitted a few supported appliances for Threat Insight. NIOS-63336 Critical Added a note to the NIOS Administrator Guide recommending users to keep at least one member in the default upgrade group to ensure that a scheduled upgrade was successful. NIOS-63631 Critical Unable to filter by extensible attribute in a smart folder. Page 35 of 63 400-0704-202 Rev.2.1 release followed by the 8.1 ID Severity Summary NIOS-64632 Major Certain upgrade sequences in the NIOS 8. NIOS-64047 Major Unable to add an authoritative root zone under certain circumstances. NIOS-63579 Critical A DHCP Grid member incorrectly inherited some DHCP options. the appliance did not use the assigned facility. NIOS-63134 Critical The appliance asked for read/write permission for DNS scavenging when limited- access users tried to update Active Directory configuration for a DNS zone.2. NIOS-63414 Critical When copying audit log to syslog.2 Release Notes Fixed in NIOS 8. the DHCP configuration file did not reflect the IP addresses of the primary servers in the zone configuration if the domain name for the zone was in upper case letter. ID Severity Summary NIOS-64370 Major Discovered data by Network Insight was not populated in the expected fields in NIOS. passing on PXE lease time to certain printers. NIOS-63106 Critical Auto-created PTR records associated with a specific hostname were deleted after a NIOS-63105 parent zone was imported through Grid Manager. © 2017 Infoblox Inc. A 11/14/2017 . unable to modify networks that were associated with a specific extensible attribute. Fixed in NIOS 8. NIOS-63998 Major When DDNS updates was enabled and a zone was authoritative. This issue was resolved after creation_timestamp was set for all RRs that were imported through Import Zone. NIOS-64039 Major Threat Insight: Limited-access users were unable to add whitelisted domains.2.0 upgrade NIOS-64621 could cause issues on the Grid members. NIOS-63411 Critical Under certain cirucumstances. NIOS-63243 Critical For new installations. NIOS-63964 Major Unable to upload pool licenses under certain circumstances. NIOS-63570 Critical NTP clients were unable to synchronize using NTP access keys there were longer than 20 bytes. NIOS-63739 Major When HA members performed an HA failover. NIOS-63648 Major The appliance was unable to generate a new DHCP configuration file. NIOS-63610 Major DDNS updates did not automatically update reverse-mapping zones.2 Release Notes NIOS-63932 Major Navigating to the Cloud -> VMs tab in Grid Manger took longer than expected. NIOS-63771 Major In certain configurations. NIOS-63624 Major Under certain circumstances that involved extremely high volumes of DDNS updates. A 11/14/2017 . reporting data might consume more disk space than expected on the Grid member.net) has been changed. NIOS-63858 Major On June 1st UTC. NIOS-63606 Major User Identity Mapping was not supported on TE-825 Grid Master. NIOS-63764 Major Unable to reclaim records that had the “Not Queried Since…” property in the “Last Queried” column. Page 36 of 63 400-0704-202 Rev. NIOS-63843 Major An unexpected reboot causing the Grid Master to fail over during the restoration of an authoritative zone from the Recycle Bin. NIOS-63756 Major Under certain circumstances. the BFD process failed intermittently. causing an issue in the authentication service. NIOS-63657 Major An IB-4030 appliance experienced an error while transferring traffic to another IB- 4030 appliance. NIOS-63666 Major Under certain circumstances.2. the parent cache for ZRQ sub transaction was initialized incorrectly. NIOS-63617 Major On some occasions. NIOS-63786 Major The extensible attribute functionality did not perform properly due to an incorrect entry in the extensible attribute definition. All registered trademarks are property of their respective owners. © 2017 Infoblox Inc. NIOS-63747 Major NIOS did not support the UPN attribute in the certificate. All Rights Reserved. activating duel stack mode caused a Grid Master failure. NIOS-63704 Major A user group with read-only permissions experienced issues that resulted in users’ inability to view certain information in Grid Manager. NIOS-63879 Major The appliance did not respond with all the expected records in a zone after an old ZSK was removed. returning unexpected results. NIOS-63776 Major A DNS scheduled restart group was not executed at the configured time.root-servers. the WINS forward on the members failed. NIOS-63721 NIOS-63908 Major In certain configurations. DNS responses were sent through the anycast loopback interface instead of the LAN/VIP interface in a multiple primary configuration. NIOS-63831 Major This release removed the support for IPv6 stub and not-so-stubby area types.NIOS 8. the database could leak memory. NIOS-63785 Major Active Directory authentication failed if the appliance could not resolve the FQDN for the first server. the IPv6 address for B-ROOT server (b. NIOS-63766 Major WAPI: The ‘:=’ operator used for FQDN search was case sensitive. NIOS-63459 Major An HA failover occurred after the installation of a certificate.2 Release Notes NIOS-63603 Major In a specific configuration. the primary DNS server experienced a mismatched SOA serial number. NIOS-63506 Major Unable to download updates for ADP rulesets when using the automatic update feature. NIOS-63364 Major On some occasions. NIOS-63343 Major Under certain circumstances. a newly created DTC server caused the DNS service to go into a restart loop. resulting in DNS outage. NIOS-63406 Major Unable to restore an external DNS view from the Recycle Bin after it was deleted. unable to set up snapshots of sub Grids.5 allowed remote attackers to execute arbitrary code via UDP traffic that triggered an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. the DHCP service restarted on some appliances.NIOS 8. NIOS-63431 Major Remote users and AD users were unable to view reports. All Rights Reserved.c in the Linux kernel before 4. NIOS-63313 Major Unable to log in to the Grid Master due to a disk full error caused by issues related to journal queue files. users were unable to include certain DHCP options in their requests. an HA failover occurred after DHCP services restarted. All registered trademarks are property of their respective owners. NIOS-63494 Major Unable to add members to the name server group. NIOS-63568 Major Unable to modify the IP address of a Grid member. NIOS-63546 Major Improved the documentation for IPAM Plugin v4. A 11/14/2017 .1. NIOS-63368 Major Unable to run vNIOS for Hyper-V on Microsoft Windows 2008 R2. NIOS-63567 Major WAPI: Call for RPZ rule SubstituteIPAddressCname was not functioning properly. a forced restart could cause DNS outage. Page 37 of 63 400-0704-202 Rev. unable to view the syslog. NIOS-63384 Major A traffic capture contained numerous files from different areas. NIOS-63395 Major Unable to run the Captive Portal service after an upgrade. NIOS-63532 Major In a multi-Grid configuration. instead of one single file. © 2017 Infoblox Inc. NIOS-63312 Major On a special occasion. NIOS-63397 Major Under certain circumstances. NIOS-63478 Major Unable to recover glue records for a delegated zone using the CLI command set dns-auto-gen. NIOS-63391 Major Under certain circumstances. NIOS-63380 Major Grid Manager returned an error after importing a TXT record through CSV import. NIOS-63517 Major Addressed the following vulnerability: CVE-2016-10229: udp. NIOS-63552 Major Unable to create a hots record using the same MAC address that was still in the DHCP configuration.2. NIOS-63362 Major On rare occasions.2. 2. NIOS-63164 Major Under certain circumstances. NIOS-63184 Major Unable to properly remove Microsoft servers and their associated records from the Grid. the valid DHCPv6 lease time for a roaming host could be configured to a value less than the preferred lease time. NIOS-63050 Major Unable to overwrite files that were created earlier when using the NIOS appliance as a file server for Avaya VoIP phones. CVE-2016-9042. NIOS-63041 Major Under specific circumstances. NIOS-63116 Major Under certain circumstances. CVE-2017-6451. NIOS-63163 Major CSV export did not include DNSSEC signed zones. CVE-2017-6455. NIOS-63173 Major Certain normal non-segment TCP DNS queries triggered a threat protection rule. the PXE lease time inherited the incorrect time value. A 11/14/2017 . the DHCP service might not reference the correct UIDs of leases. NIOS-62937 Major The API Documentation contained incorrect syntax for Infoblox::DNS::Member::SoaMname.NIOS 8. NIOS-63233 Major Certain threat protection rules unexpectedly blocked valid traffic. NIOS-62951 Major Under certain circumstances. NIOS-63229 Major Excessive error messages logged for DDNS update failures during database transactions. NIOS-63109 Major Under certain circumstances. the IB-4030 might reboot due to power cycle recovery. NIOS-63163 Major Grid Manager returned a timeout error when users searched a host record by DNS view and by a host alias at the same time. Page 38 of 63 400-0704-202 Rev. global search did not function as expected. CVE-2016-7434. NIOS-63033 Major In some situations. CVE-2017- 6460. © 2017 Infoblox Inc. generating alerts. NIOS-63209 Major Grid Manager returned a timeout message when users navigated to the Data Management -> DHCP -> Networks -> tab and click on a range. NIOS-63220 Major This release upgrades NTPD to ntp-4. users experienced slow GUI performance on the Grid after enabling identity mapping and synchronizing network users with Microsoft Servers. CVE-2017-6452. NIOS-63244 Major When the One Lease Per Client feature was enabled. the distribution process failed on the passive node of an HA pair during an upgrade. CVE-2017-6462. NIOS-63240 Major Unable to see the correct NS records because the name server groups were not populated correctly.2 Release Notes NIOS-63262 Major In certain situations. CVE-2017-6463. All Rights Reserved. CVE-2017-6458. NIOS-63155 Major Unable to remove a discovery member from the Grid. NIOS-62967 Major Unable to log in to FTP or SFTP in the bloxTools environment due to some password format issues. All registered trademarks are property of their respective owners. CVE-2017-6459.8p10 to address the following medium to low severity vulnerabilities: CVE-2017-6464.2. the Grid Master might fail the upgrade test and the actual upgrade. © 2017 Infoblox Inc.NIOS 8. NIOS-63577 Minor Unable to get search results when using multiple filter criteria in the Current Leases tab in Grid Manager. causing a DNSSEC validation failure. NIOS-63373 Minor Added more information for the SNMP trap for the LDAP service state change. NIOS-62609 Minor Grid Manager returned an error when users opened a smart folder containing objects that were no longer in the database. NIOS-62750 Major Users with first and last names were unable to log in to Grid Manager when authenticating through a nested group or non-nested group if Nested Group Query was enabled. NIOS-63716 Minor Under certain circumstances.2. NIOS-62275 Minor The “Allow Underscore” hostname policy did not function as expected.2 Release Notes NIOS-62846 Major Under certain conditions. NIOS-62635 Major Unable to use the Identity Mapping feature under certain circumstances. causing NIOS to return errors. NIOS-63526 Minor When using the export_data log_files method in the API. A 11/14/2017 . Page 39 of 63 400-0704-202 Rev. NIOS-63547 Minor An authoritative zone was removed during a zone transfer. NIOS-55439 Major It took longer than expected to return data in the Network Users Widget if there are large networks in the Grid. NIOS-62189 Major The “Scheduled Task Restarts” feature did not function properly. NIOS-63616 Minor DDNS updates did not support CAA resource records. NIOS-60745 Major The RRSIGs for DNSKEY records were not regenerated. NIOS-62833 Major Under some circumstances. both nodes of the DHCP failover association restarted with a “segfault” error. an HA pair was unable to upgrade properly due to some timing issues. NIOS-63166 Minor NetMRI sent “enable” command even when the device was already in privilege mode. NIOS-60468 Major The reporting services was using the VIP of the HA interface as the source destination while using the MAC address of the LAN1 interface. the resulting tar. the DHCP service experienced a delay. NIOS-61644 Major When using the MAC address of a deleted fixed address to request a lease. All Rights Reserved. certain reports did not function properly. NIOS-63378 Minor The disk usage on the Gird Master was high while exporting the GSS-TSIG keys.gz file contained paths with a leading “/”. All registered trademarks are property of their respective owners. NIOS-64124 Minor Certain RPZ contents were not displayed correctly the exported CSV file. NIOS-63990 Minor Text in the SNMP trap was not clear when a Grid member or the passive node of the Grid Master was rebooted. NIOS-63372 Minor Removed certain requirements from the documentation for reporting and threat protection. NIOS-62167 Major Unable to view active users and Microsoft servers displayed errors while using the Identity Mapping feature. All registered trademarks are property of their respective owners.3 ID Severity Summary NIOS-64123 Major Addressed the following vulnerability: CVE-2017-3143: An attacker who was able to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted might be able to manipulate NIOS into accepting a dynamic update. the IPv6 address for B-ROOT server (b. NIOS-63341 Enhance This release adds CLI commands for enabling and disabling the database transaction trace log.4 ID Severity Summary NIOS-64400 Major Addressed a regression. NIOS-61644 Major When using the MAC address of a deleted fixed address to request a lease.2. NIOS-63570 Critical NTP clients were unable to synchronize using NTP access keys there were longer than 20 bytes. Fixed in NIOS 8. All Rights Reserved. NIOS-60443 Enhance Updated the root zone KSK in NIOS. © 2017 Infoblox Inc.1. passing on PXE lease time to certain printers. NIOS-64122 Major Addressed the following vulnerability: CVE-2017-3142: An attacker who was able to send and receive messages to an authoritative DNS server might be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A 11/14/2017 . Fixed in NIOS 8. ID Severity Summary NIOS-63858 Major On June 1st UTC.net) has been changed. Page 40 of 63 400-0704-202 Rev. that caused the verification of TSIG-signed TCP message sequences for large zones (where not all the messages were signed) to fail incorrectly.2 ID Severity Summary NIOS-63579 Critical A DHCP Grid member incorrectly inherited some DHCP options.1.root-servers. Fixed in NIOS 8.2 Release Notes NIOS-59901 Minor Unable to remove blacklisted RPZs after removing the analytics member from the Grid. introduced with the fix for CVE-2017-3142.NIOS 8.1. both nodes of the DHCP failover association restarted with a “segfault” error. All Rights Reserved. NIOS-63617 Major On some occasions. ID Severity Summary NIOS-63229 Major Excessive error messages logged for DDNS update failures during database transactions. the WINS forward on the members failed. CVE-2017-6462. NIOS-63624 Major Under certain circumstances that involved extremely high volumes of DDNS updates. DNS responses were sent through the anycast loopback interface instead of the LAN/VIP interface in a multiple primary configuration. NIOS-63616 Minor DDNS updates did not support CAA resource records. CVE-2017- 6460. CVE-2017-6452. NIOS-63362 Major On rare occasions. NIOS-63771 Major The BFD function experienced some intermittent issues. the database could leak memory. CVE-2017-6463. resulting in additional recursions that consumed DNS resources indefinitely and caused performance issues or DNS outage. the Grid Master might fail the upgrade test and the actual upgrade. All registered trademarks are property of their respective owners.2.NIOS 8. the appliance used a fixed password (instead of generating random passwords) for Cloud API users. CVE-2017-6458. CVE-2016-9042. CVE-2017-6451. NIOS-63739 Major When HA members performed an HA failover. NIOS-63075 Major Addressed the following vulnerability: CVE-2017-3137: Processing a response containing CNAME or DNAME records in an unusual order could cause a DNS resolver to terminate. A 11/14/2017 . the DHCP service restarted on some appliances.2. CVE-2016-7434.8p10 to address the following medium to low severity vulnerabilities: CVE-2017-6464. CVE-2017-6459. Fixed in NIOS 8. unable to run vDiscovery on an AWS endpoint. © 2017 Infoblox Inc. Page 41 of 63 400-0704-202 Rev.2 Release Notes NIOS-63807 Major Addressed the following vulnerability: CVE-2017-3140: RPZ policy handling could affect servers using RPZ policies that included NSIP or NSDNAME triggers.1. NIOS-63682 Major Under certain circumstances. NIOS-63164 Major Under certain circumstances. NIOS-63610 Major DDNS updates did not automatically update reverse-mapping zones.1 ID Severity Summary NIOS-63243 Critical For new installations. CVE-2017-6455. NIOS-62972 Major Addressed the following vulnerability: CVE-2017-3136: Using DNS64 with 'break-dnssec yes' could cause the DNS service to exit with an assertion failure. NIOS-63220 Major This release upgrades NTPD to ntp-4. 2 Release Notes NIOS-62951 Major Under certain circumstances. Page 42 of 63 400-0704-202 Rev. the DNS service went into a restart loop. Fixed in NIOS 8.NIOS 8. NIOS-62246 Critical In a specific configuration. All Rights Reserved. NIOS-62295 Critical In an anycast configuration with port redundancy enabled. the DHCP service experienced high CPU usage. NIOS-62138 Critical Under specific circumstances. NIOS-62269 Critical On rare occasions. the IPv6 OSPF neighbor unexpectedly went offline after a NIC failover. the Default Dashboard did not display any content while other dashboards functioned properly. NIOS-60748 Critical It took longer than expected for limited-access users to access Grid Manager when there were a lot of top-level zones in the Grid. the IB-4030 might reboot due to power cycle recovery. NIOS-61774 Critical A DHCP range did not inherit IPv4 logic filters from its parent network or network container. NIOS-61968 Critical Reverse zones failed to load due to overlapping IPs from bulk hosts. the appliance experienced intermittent service outage due to issues related to zone reloading. © 2017 Infoblox Inc. users experienced slow GUI performance on the Grid after enabling identity mapping and synchronizing network users with Microsoft Servers. ID Severity Summary NIOS-63287 Major Unable to make zone changes due to Safenet HSM issues. NIOS-62372 Critical Under certain circumstances. NIOS-62964 Major Enabling Identity Mapping and synchronizing network users with Microsoft servers affected performance on Grid Manager. A 11/14/2017 . NIOS-63092 Major Unable to modify a zone and Grid properties or view DNS members under certain conditions.0 ID Severity Summary NIOS-62700 Critical After publishing a DTC topology to Grid members. NIOS-62942 Major On rare occasions. NIOS-62118 Critical On rare occasions. users were unable to remove obsolete NS records.1. NIOS-62574 Critical The appliance included auto-generated resource records in the CSV report even after the authoritative zone was removed from the DNS view in which other zones used the same records as the NS FQDN. causing DNS outage. NIOS-62126 Critical Unable to save Grid DHCP properties in a Grid in which specific GSS-TSIG settings were configured for certain Grid members.2. NIOS-63041 Major Under specific circumstances. the PT-2200 might experience DNS query timeouts due to a socket buffer issue. the PT-1400 appliance was unable to join the Grid after the threat protection service was enabled in monitoring mode. All registered trademarks are property of their respective owners. NIOS-62929 Major Unable to remove an auto-generated record from Grid Manager or through certain CLI commands in maintenance mode. vDiscovery did not function properly. a member HA pair stayed in the “upgrading & syncing storage files” mode after an upgrade. NIOS-62741 Major Under certain circumstances. the Grid Master restarted due to a failure in the “make_sec_data_conf” process. the Infoblox reporting application did not preserve the original option settings after an upgrade. NIOS-62489 Major In a VMware environment with outdated VMware tools. LDAP authentication did not function properly after an upgrade. NIOS-62537 Major The Member Detailed Status in Grid Manager and the CLI command output of "show hardware_status" did not reflect the correct power supply status when the power cable was unplugged on the IB-4010 appliance. Page 43 of 63 400-0704-202 Rev. NIOS-62585 Major On specific occasions. NIOS-62645 Major Unable to join the passive node of an HA pair that was running Infoblox Advanced DNS Protection to the Grid after it went offline.2. NIOS-62786 Major Under certain circumstances. All Rights Reserved. All registered trademarks are property of their respective owners. causing the DNS service to restart.NIOS 8. NIOS-62480 Major Addressed a few TCP ports on default installation. an RPZ CIDR tree insertion error could corrupt the tree data structure that contained overlapping networks. © 2017 Infoblox Inc. but domain controller (KDC) and keys were not set. NIOS-62832 Major Under special circumstances. NIOS-62813 Major The SOA email address was not updated even after the SOA RNAME was configured at the Grid level. NIOS-62507 Major Grid Manager did not display all the upgrade groups in the Upgrade Scheduler tab. causing DNS outage.2 Release Notes NIOS-62931 Major The IB-4030 appliance might not respond to DNS queries if the DSCP was set to a certain value. A 11/14/2017 . resulting in either an INSIST assertion failure or an attempt to read through a NULL pointer. NIOS-62603 Major Under certain circumstances. NIOS-62903 Major Under certain circumstances. the querying process could resume in an inconsistent state. especially in a multi-Grid configuration. the appliance experienced increased SWAP usage and reporting service interruptions. NIOS-62770 Major Generating the DHCP configuration file might fail if GSS-TSIG update was enabled. NIOS-62526 Major Under certain circumstances. the passive node of an HA pair experienced NTP restarts when the Grid was synchronized with external NTP servers. NIOS-62545 Major Addressed the following vulnerability: CVE-2017-3135: Under some conditions when using both DNS64 and RPZ to rewrite query responses. NIOS-62656 Major Changes made in the Active Directory user profile were reverted to default after users logged out and then logged back in to the system. NIOS-62492 Major Network Insight: Unable to properly detect certain IPv6 devices. NIOS-62237 Major When installing a temporary Reporting license on the IB-V1405 appliance that had a one-year Grid license. NIOS-62339 Major Unable to remove offline members from the Grid even after they were dissociated from the name server group. the “Response Policy Zones Hit Rate Configuration” was missing in the System Properties editor if the Grid license was not installed. upgrade test might fail. NIOS-62317 Major Under specific circumstances. Grid Manager did not display any DNS statistics for two Grid members while showing data for others. DNS views in the “Available” table were automatically moved to the “Selected” table when a DNS view was deleted from the “Selected” section. © 2017 Infoblox Inc.2.2 Release Notes NIOS-62464 Major Under certain circumstances. a DNS view experienced DNS outage when the order of the DNS views was set to automatic. NIOS-62450 Major In certain configurations. Page 44 of 63 400-0704-202 Rev. NIOS-62347 Major In the Member DNS Properties editor under the “Recursive views assigned to this member” section. All Rights Reserved. NIOS-62261 Major Unable to access a whitelisted URL because the appliance could not find the NS record for the whitelisted RPZ. NIOS-62207 Major Unable to download traffic capture on Grid members that were scheduled for an upgrade after the Grid Master had been upgraded. NIOS-62436 Major When using the appliance as a file server for Avaya VoIP phones. API scripts took longer than expected to complete. NIOS-62229 Major Under certain circumstances. NIOS-62389 Major Unable to set up HSM signing with a Thales HSM Group due to incompatible version of Thales. NIOS-62342 Major When users deleted a DNS zone from an external DNS view. NIOS-62255 Major The appliance deleted an incorrect record after synchronizing with the Microsoft server. NIOS-62454 Major Updated the Installation Guide for the IB-2200 Series to reflect the correct order of the hard disk drives. NIOS-62216 Major A CNAME record that contained a backslash (\) symbol in the name caused DNS outage.NIOS 8. All registered trademarks are property of their respective owners. NIOS-62283 Major HA failovers occurred due to issues related to the HTTPD process. the Grid Master shut down on occasions when Common Criteria mode was enabled. NIOS-62310 Major The associated fixed addresses did not exist even after the host addresses were configured for DHCP. users were unable to overwrite files that were previously created through the phones. NIOS-62388 Major On a standalone appliance. the glue A records for the name servers specified for another zone in the same DNS view might be deleted as well. the Reporting license was given a 60-day expiry period instead of one-year. NIOS-62264 Major Unable to download traffic captures due to an issue related to the length of the file name. NIOS-62244 Major Under certain circumstances. A 11/14/2017 . causing service disruptions on the server. NIOS-61955 Major Under certain circumstances. NIOS-62176 Major Infoblox DNS Firewall did not function properly after a temporary RPZ license was installed during an upgrade. the scrolling function might not perform correctly. NIOS-62003 Major If the list of discovered VLANs was very long.” NIOS-62194 Major During an upgrade. opening a Global Smart Folder in Grid Manager took longer than expected. All registered trademarks are property of their respective owners. A 11/14/2017 . an IPv6-only Grid did not function properly. NIOS-61929 Major When deleting exclusion ranges. an upgrade could affect service performance. the anycast behavior on the PT-2210 and 2220 appliances changed after an upgrade. Page 45 of 63 400-0704-202 Rev. NIOS-62164 Major The NTP server did not respond if IPv6 networks were granted the “Allow” permission in an Access Control List. NIOS-62135 Major Unable to change the TTL values for a few host records. NIOS-62025 Major PAPI or WAPI: The logic filter list was not applied to the newly created network when using a network template that was configured with IPv4 filters. NIOS-62036 Major Grid Manager might not display certain resource records when users sorted the records by principal in a specific DNS zone. NIOS-61884 Major In a specific configuration. NIOS-61815 Major Under certain circumstances. causing synchronization issues.2 Release Notes NIOS-62200 Major Search results for “Protected equals Yes” for a reverse-mapping zone returned results that included both “Yes” and “No. NIOS-59171 Major In certain configurations. NIOS-62165 Major The system intermittently restarted and the GUI was affected after a scheduled upgrade.NIOS 8. NIOS-61697 Major Neighbor history revision tracking via the use of partition tables could cause large NIOS-61989 repositories of data usage on ND appliances. NIOS-62108 Major Microsoft Management: The appliance accepted a trailing space in the NIOS-62078 Domain\Username credential field. NIOS-61937 Major This release adds the ability to hide IP addresses that are not in use when using Global Search. the appliance removed those that were not included as part of the filtered results. © 2017 Infoblox Inc. the appliance failed to run an upgrade test. the Grid Master failed over due to issues with the HTTPD process. All Rights Reserved. NIOS-62125 Major Grid Manager returned an error when users tried to open the IPAM List view for certain subnets. NIOS-61768 Major The SOA serial number was incremented after users modified the comment of a reverse-mapping zone. NIOS-62180 Major On certain appliances. NIOS-62095 Major Limited-access users were unable to access or view any predefined reports. the distribution process failed on certain Grid members. NIOS-61800 Major On rare occasions.2. NIOS-62880 Minor Updated the Infoblox NIOS Administrator Guide to reflect the fact that PTR records were not created if reverse-mapping zone was not available. NIOS-61549 Major DDNS updates from an external server caused certain DNS records to be removed. NIOS-62188 Minor Extensible attributes that were restricted to network containers and networks did not function as expected. NIOS-62233 Minor Unable to load a DNS zone if the zone name contained a trailing escape symbol (\).2 Release Notes NIOS-61752 Major When logged in using a specific AD account.NIOS 8. NIOS-62064 Minor Under certain circumstances. resulting in DNS outage. the “Owner” field in a custom report changed to “nobody” instead of the original owner. NIOS-62366 Minor The audit log recorded an entry for network changes even though no changes were made after opening and closing the network. Grid Manager returned an error when users tried to create a smart folder. Page 46 of 63 400-0704-202 Rev. NIOS converted A records to Host and put them in the forward zone. the TTL value for NS record was incorrectly inherited from the external primary server. NIOS-62054 Minor On some occasions. NIOS-62479 Minor The IB-2200 appliance sent an equipment failure SNMP trap with a “Minor” severity instead of a “Major” severity. NIOS-61478 Major When the “Nested Group Query” feature was enabled on Windows servers. NIOS-60348 Major Auto-generated A records appeared in DNS views for members that were not authoritative for any DNS zones in those views. All Rights Reserved. invalid SNMPv3 traps were sent by Grid members. NIOS-59362 Major Reporting: Certain dashboards returned lookup errors. All registered trademarks are property of their respective owners. NIOS-61706 Major Changes made to a network through Global Search were not reflected in the IPAM List view. NIOS-62386 Minor The online help for “Allow recursion” was outdated. © 2017 Infoblox Inc. authentication for all user accounts outside the “Users” OU group failed. NIOS-60275 Major In a specific configuration. accessing audit history from the IP MAP view of Grid Manager returned an error. A 11/14/2017 . NIOS-58546 Major Fixed the issue that the SNMPD process was running as root. NIOS-60230 Major When importing forward-mapping zone data using the “Import zone” feature from an external name server with the option “Create Hosts and Bulk Hosts during import” selected. NIOS-62199 Minor Under certain circumstances. NIOS-61145 Major It took longer than expected to migrate DNS data using DIW and AXFR. NIOS-62496 Minor The configured primary server was not displayed in the Primary name server (for SOA MNAME field) field of the Zone Properties editor.2. NIOS-62765 Minor NIOS returned NXDOMAIN for a bulk host after users removed the sub zone NIOS-62757 Minor Unable to review reports after joining a reporting server to the Grid due to an incompatible IBRA version. NIOS-61641 Minor An external syslog server was configured to monitor logs related to “Active Directory Authentication.” NIOS-61674 Enhance This release adds a check box in the GUI for enabling “DDNS protected' in the Host Record creation wizard. © 2017 Infoblox Inc. NIOS-62041 Minor Certain dashboards and reports did not display statistics within the selected time frame. NIOS-61414 Minor Multi-Grid Configuration: The strict delegation modes did not restrict the creation of network containers. NIOS-10777 Minor This release enhances the error message related to “no free leases.” but the syslog server displayed ZRQ logs from the passive node of an HA pair. Fixed in NIOS 8. NIOS-62012 Minor The IPAMv4 Top Utilization Networks Report did not reflect the actual utilization NIOS-62009 value. NIOS-61401 Minor WAPI: The appliance did not return all the shared record groups for some DNS zones when using WAPI calls that did not specify the FQDN. NIOS-61963 Minor Changed the label "Maximum concurrent outbound zone transfers per remote name server” to "Maximum concurrent inbound zone transfers per remote name server” in Grid Manager. All Rights Reserved. the performance of Grid Manager was slower than expected. the IB-4030-10GE could engage in the power cycle recovery loop during a reboot. NIOS-56058 Minor Some of the cloud related fields did not appear in the IPAM Network Details view.5 ID Severity Summary NIOS-63041 Major When certain threat protection response rules were enabled. NIOS-60674 Minor Limited-access users could modify the comment and extensible attribute fields of a Host record.NIOS 8. NIOS-61469 Minor On rare occasions. NIOS-63045 Enhance This release adds threat protection rules for dropping UDP DNS queries without NIOS-63044 “Recursive Desired” configured in the header. NIOS-61659 Enhance WAPI: The download file name was different than that in the WAPI Documentation. NIOS-61936 Minor Grid Manager displayed inconsistent status for active hosts in different tabs.2. Page 47 of 63 400-0704-202 Rev.0. NIOS-61652 Minor Updated the documentation to reflect the correct behavior of the LEDs on the TE- 2200 appliance.2 Release Notes NIOS-62050 Minor Temporary licenses could be installed on a vNIOS virtual appliance in an inappropriate order. All registered trademarks are property of their respective owners. NIOS-61975 Minor Removed the IB-4005 model from the set_temp_license menu. A 11/14/2017 . NIOS-62027 Minor The IPAMv4 Network Usage Statistics Dashboard did not display networks that were not associated with a member. NIOS-62176 Major The threat protection service did not automatically restart after a valid RPZ license was installed after an upgrade. resulting in incorrect FQDN being returned. the appliance experienced intermittent service outage due to issues related to zone reloading. upgrade test might fail. NIOS-62295 Critical In an anycast configuration with port redundancy enabled. NIOS-62317 Major Under specific circumstances. NIOS-62216 Major Creating a CNAME record using the backslash (\) character in the name could cause a DNS service outage. NIOS-61968 Critical Reverse zones failed to load due to overlapping IPs from bulk hosts. Fixed in NIOS 8. resulting in either an INSIST assertion failure or an attempt to read through a NULL pointer. ID Severity Summary NIOS-62603 Major Under certain circumstances. Grid Manager was very slow and it reverted to the product restart page. A high volume of such queries might overload the DNS process. causing the DNS service to restart. causing high CPU usage. It passed these queries to the standard DNS process.2. the license expiration did not align with that of the Grid license. NIOS-62234 Major An IB-820 Grid Master experienced gradual increase in swap space usage. NIOS-62190 Major Creating a sub zone that started with a wildcard character caused a zone failure. NIOS-62342 Major A records for name servers in the “external" DNS view were deleted after a zone that had the specific record as a name server was deleted. an RPZ CIDR tree insertion error could corrupt the tree data structure that contained overlapping networks.NIOS 8. NIOS-62237 Major When installing temporary Reporting licenses on certain high-performance Trinzic appliances. NIOS-62269 Critical On rare occasions. which was an invalid number and caused an error in NIOS. © 2017 Infoblox Inc. A 11/14/2017 . All registered trademarks are property of their respective owners. the IPv6 OSPF neighbor unexpectedly went offline after a NIC failover. NIOS-62096 Major Network Insight: The network view value in a VRF mapping rule was mapped to 0 (zero). Page 48 of 63 400-0704-202 Rev. All Rights Reserved.4 ID Severity Summary NIOS-62372 Critical Under certain circumstances. NIOS-62545 Major Addressed the following vulnerability: CVE-2017-3135: Under some conditions when using both DNS64 and RPZ to rewrite query responses.0. NIOS-62165 Major Under certain circumstances. the querying process could resume in an inconsistent state. the PT-1400 appliance was unable to join the Grid after the threat protection service was enabled in monitoring mode.2 Release Notes NIOS-62931 Major The IB-4030 might not accelerate DNS queries that had DSCP values configured for a certain value. NIOS 8.0. the Grid experienced high disk usage on multiple members.3 ID Severity Summary NIOS-62330 Major Addressed the following vulnerability: CVE-2016-9444: An unusually-formed answer containing a DS resource record could trigger an assertion failure and cause the DNS service to stop. NIOS-60748 Critical It took longer than expected for limited-access users to access Grid Manager. NIOS-62329 Major Addressed the following vulnerability: CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could trigger an assertion failure and cause the DNS service to stop. All Rights Reserved. the DHCP range did not inherit the logic filer list from its parent network. Fixed in NIOS 8. NIOS-61460 Critical In certain configuration. NIOS-57752 Minor The appliance logged messages related to purging scavenging tasks even after DNS scavenging was disabled at the Grid level. All registered trademarks are property of their respective owners.2.0. the appliance experienced high CPU usage. NIOS-62123 Minor Updated the Infoblox NIOS Administrator Guide to reflect the correct port usage for specific appliance roles. A 11/14/2017 . ID Severity Summary NIOS-62207 Major Downloads of the capture files failed during a scheduled upgrade. NIOS-62328 Major Addressed the following vulnerability: CVE-2016-9131: A malformed response to an ANY query can trigger an assertion failure during recursion and cause the DNS service to stop. NIOS-61341 Major Reporting: The Top NXDOMAIN NOERROR report did not return data for some Grid members.2 Release Notes NIOS-61478 Major Microsoft Management: Authentication for all user accounts outside the Users OU (organizational unit) failed when the nested group query was enabled. NIOS-61774 Critical On some occasions.2 ID Severity Summary NIOS-62118 Critical Under certain circumstances. Fixed in NIOS 8. © 2017 Infoblox Inc. resulting in a denial of service to clients. resulting in a denial of service to clients. resulting in a denial of service to clients. Page 49 of 63 400-0704-202 Rev. NIOS-62229 Minor This release enhances the Infoblox PAPI and WAPI performance to meet certain requirements. NIOS-60230 Major The import zone data feature did not function properly when the “Create Hosts and Bulk Hosts during Import” option was selected only for a forward-mapping zone. NIOS-61868 Major The diagnostic code for BFD has been changed for DNS service stop. when the zone was assigned to a name server group containing the Grid Master as Grid primary and an external secondary server. NIOS-60275 Major The TTL Value for a NS record was incorrectly inherited from the external primary server. NIOS-61674 Enhance This release added an option for enabling “DDNS protected' in the Add Host Record wizard. All registered trademarks are property of their respective owners.2 Release Notes NIOS-62180 Major In some cases. NIOS-61145 Major It took longer than expected to perform DNS zone transfers using DIW. Fixed in NIOS 8. NIOS-62017 Major CHAOS query was not supported when Advanced DNS Protection was enabled. The message indicates that a duplicate object is being added to the Pool or LBDN when the selected object is not a duplicate. affecting DNS responsiveness. This issue affects only the IB-4030 appliance.c. NIOS-62036 Major Grid Manager might not display certain records when users sort them by principal in a particular zone. All Rights Reserved. NIOS-61801 Major DNS Traffic Control: The menu actions “Add Existing Server” for a DTC pool and “Add Existing Pool” for an LBDN might fail with an invalid error message.2. © 2017 Infoblox Inc. Page 50 of 63 400-0704-202 Rev. credential validation on the sub Grid did not function properly.NIOS 8. NIOS-60348 Major Auto-generated A records appeared for Grid members that were not running DNS in the respective view. ID Severity Summary NIOS-61924 Major VMware Tools was displayed as “Not running” on the IB-V825 and IB-V1425 appliances.0. A 11/14/2017 . Grid Manager displayed an error when users opened a specific DNS zone. NIOS-61987 Major Under certain circumstances. the DNS cache on the IB-4030 appliance can become degraded over time. NIOS-62086 Major In a Multi-Grid configuration. NIOS-61469 Minor It took longer than expected to navigate through Grid Manager. “named” could stop execution after encountering an assertion error in resolver.1 ID Severity Summary NIOS-61839 Critical Addressed the following vulnerability: CVE-2016-8864: While processing a recursive response that contained a DNAME record in the answer section. Page 51 of 63 400-0704-202 Rev. NIOS-60509 Critical Global search returned swap space error and GUI performance was slower than usual.local zone. zone transfers did not function properly. NIOS-56196 Critical Under specific circumstances.infoblox. NIOS-58925 Critical In a situation to address timing issue for a DHCP failover association.2. NIOS-58885 Critical Under certain circumstances.rpz.rpz. NIOS-59013 Critical RFC1918 and 127.NIOS 8.0/8 were removed from the base.local feed and moved to the bogon. NIOS-57809 Critical AD authentication did not work properly when users tried to log in to the appliance using SSH. DHCP service was affected due to DHCP failover issues during service restarts. NIOS-58960 Critical Under certain circumstances. modifying NS groups using CSV import might cause the appliance to reboot. Grid Manager experienced latency when loading the DNS tab. causing mismatch with the actual network and DNS view. A 11/14/2017 . NIOS-59333 Critical login_denied messages were displayed instead of login_allowed messages for the SPLUNK-REPORTING-ADMIN group after an upgrade. NIOS-59953 Critical In a specific configuration.infoblox. some networks might experience behavioral changes due to DDNS issues. the NTP service was not synchronized correctly. NIOS-59827 Critical DNS scavenging might fail when users logged in remotely and executed DNS scavenging manually. All registered trademarks are property of their respective owners. NIOS-60700 Critical Unable to restart Grid services after an upgrade. All Rights Reserved. NIOS-59796 Critical Query logging for Network Insight caused some performance issues. DHCP clients were unable to get leases even when the secondary peer was in the partner-down state. NIOS-59676 Critical The Reporting Search tab did not populate data under the “What to Search” and “Data Summary” sections. NIOS-59153 Critical During an upgrade.0. DHCP ranges did not inherit properties from the network. © 2017 Infoblox Inc.0. NIOS-60518 Critical The appliance returned an error by automatically generating the FireEye URL in lower case irrespective of the Network/DNS view. NIOS-59828 Critical After adding an external DNS view. NIOS-59875 Critical This release adds the Prefer LAN1 when available option when port redundancy is enabled in configuration that uses the LAN1 as the primary source.0. causing service outage. NIOS-58120 Critical The match-recursive-only option was reset to the default value when DNS service was restarted.2 Release Notes Fixed in NIOS 8. NIOS-60045 Critical The NIC Usage tab in the System Activity Monitor dashboard on the IB-4030 appliance displayed the same line graph for both LAN1 and LAN2 ports.0 ID Severity Summary NIOS-60748 Critical Under certain circumstances. NIOS 8.2.2 Release Notes ID Severity Summary NIOS-61703 Major Under certain circumstances, the reporting cluster and Network Insight appliances failed to come online until manually rebooted. NIOS-61677 Major The swap usage on a reporting server exceeded the threshold value after an upgrade. NIOS-61575 Major Under specific circumstances, the IB-4030 appliance unexpectedly went offline. NIOS-61518 Major The appliance logged a “bulk host” failure error even when bulk hosts were resolved successfully. NIOS-61506 Major Upgrade test unexpectedly failed after distribution was completed successfully. NIOS-61461 Major Addressed the following OpenSSL vulnerabilities: CVE-2016-6306: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. CVE-2016-6304: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allowed remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. NIOS-61383 Major Under certain circumstances, a vNIOS virtual member was disconnected from the Grid. NIOS-61350 Major The syslog recorded excessive messages related to an error about applying Infoblox reporting application configuration files to all peers. NIOS-61263 Major When the database is big and the system was busy, it took longer than expected for the passive node of an HA pair to synchronize data with the active node when the appliance became a Grid Master Candidate. NIOS-61260 Major Under specific circumstances, DNS timeouts might occur after an upgrade. NIOS-61256 Major The Microsoft managing member experienced high database utilization due to pending synchronization jobs. NIOS-61243 Major The appliance denied a DHCP lease to the checkpoint firewall MAC address and sent a NIOS-61188 DHCPDISCOVER message indicating that the lease was issued to the secondary peer. NIOS-61167 Major The DNS service failed to start due to an unexpected syntax error in the named.conf file. NIOS-61145 Major The appliance experienced slow performance when migrating DNS data using DIW (Data Import Wizard) and AXFR. NIOS-61047 Major Network Insight: The appliance returned an error when users tried to drill down to the Interfaces tab of a discovered device. NIOS-61041 Major Under special circumstances, DNSSEC validation might fail. NIOS-60920 Major The RPZ Recent Hits tab did not display any data. NIOS-60906 Major The Smart folder filter was unable to filter data based on a custom filter name. NIOS-60891 Major vDiscovery stopped working for OpenStack. © 2017 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 52 of 63 400-0704-202 Rev. A 11/14/2017 NIOS 8.2.2 Release Notes NIOS-60880 Major CSV Import: The appliance returned an error while overriding the existing host address and modifying the new host address. NIOS-60828 Major The appliance logged the LDAP server failure traps even though the user authentication was successful. NIOS-60724 Major AD authentication did not work properly when users tried to log in to the appliance using SSH. NIOS-60711 Major Addressed the following vulnerability: CVE-2016-5696: The net/ipv4/tcp_input.c in the Linux kernel before 4.7 did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. NIOS-60661 Major Reporting: The reporting service encountered some lookup issues and did not function properly. NIOS-60599 Major Under certain circumstances, the Grid member displayed the “DNS acceleration usage high” status. NIOS-60533 Major On rare occasions, the appliance experienced DHCP failure after establishing GSS-TSIG security context. NIOS-60515 Major Unable to modify false records associated with the IP address in the External View. NIOS-60458 Major Unable to restore database if the CNAME record and the LBDN record shared the same FQDN. NIOS-60437 Major Under certain circumstances, Grid Master experienced an unexpected HA failover. NIOS-60429 Major This release disables all ArcFour ciphers used by the SSH service in NIOS. NIOS-60383 Major Under certain circumstances, the DHCP Lease History report did not show the status for fixed address. NIOS-60367 Major Under certain circumstances, Discovery diagnostics did not work on a Network Insight member. NIOS-60366 Major Grid Manager might not respond or experience a delay while loading the Action icon in the IPAM tab. NIOS-60353 Major Unable to configure DHCP expert mode in NIOS 7.2.0 and NIOS 7.3. 0. NIOS-60327 Major When Infoblox DDI for AWS was integrated with AWS Route 53 DNS service, task errors were not logged to the syslog. NIOS-60287 Major The "EARLY DROP TCP query multiple questions" rule dropped DNS packets from the specific TCP port when there were multiple questions being queried at same time. NIOS-60280 Major The number of RPZ zones per DNS view in a Grid should have been limited to 32. NIOS-60216 Major A CSV import triggered high CPU utilization, causing DNS service interruption. NIOS-60213 Major WAPI: Fingerprint was missing in lease objects. NIOS-60199 Major For IB-4030-10GE appliances, IPv6 OSPFv3 router priority should have been set to 0. NIOS-60183 Major Under certain upgrade scenarios, the bloxTools member might experience high memory utilization. © 2017 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 53 of 63 400-0704-202 Rev. A 11/14/2017 NIOS 8.2.2 Release Notes NIOS-60178 Major Unable to convert an unmanaged device that was discovered through vDiscovery to A or PTR record. NIOS-60162 Major Upgraded the NTP version to address a few NTP vulnerabilities. NIOS-57974 NIOS-60159 Major Unable to parse option 82 (remote ID and circuit ID) values through option filters. NIOS-60126 Major AD authentication did not work properly when users tried to log in to the appliance using SSH. NIOS-60060 Major When an endpoint was un-quarantined from the Cisco ISE portal, Cisco ISE sent a session notification that contained a "\" in the username, causing an error on the Grid Master. NIOS-60048 Major WAPI: The RESTART_IF_NEEDED option restarted all services on all Grid members. NIOS-60023 Major A Grid Manager session did not timeout when the traffic capture window was active. NIOS-59997 Major Network Insight: Discovered HSRP addresses were not displayed in Grid Manager. NIOS-59970 Major Under certain circumstances, the dhcpd process caused high swap memory utilization. NIOS-59968 Major Under certain circumstances, HA members experience DNS outage after an upgrade. NIOS-59953 Major During a scheduled upgrade, some Grid members were upgraded before their scheduled upgrade time. NIOS-59952 Major Grid Manager displayed an error while saving a DHCP range template. NIOS-59945 Major The appliance returned an error when users tried to access a Grid member through the remote console using SSH. NIOS-59935 Major Unable to upgrade from a pre-released NIOS version. NIOS-59489 Major Device discovery failed and displayed that SNMP polling was disabled on the group settings, even though it was enabled globally and polling was disabled at the Grid level, but enabled at the network level. NIOS-59913 Major After adding a bulk host, the primary server restarted the DNS service automatically, but the secondary server was not affected. NIOS-59902 Major Underscore zones inherited the SOA MNAME settings from the Grid member, instead of the parent zone. NIOS-59885 Major Under certain circumstances, the Grid Master failed over and the Grid members were offline after an upgrade. NIOS-59839 Major Reporting: A scheduled weekly task for exporting search results started a day after the scheduled time. NIOS-59830 Major Certain audit log data that was logged in the aduit.log file was not displayed in Grid Manager. NIOS-59820 Major When “Ignore client identifier” was selected, DHCP considered lease requests from the same MAC, either with or without client identifier and different client identifiers as identical requests. NIOS-59810 Major The TE-1410 appliance rebooted due to high swap usage. © 2017 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 54 of 63 400-0704-202 Rev. A 11/14/2017 NIOS-59558 Major Grid Manager was enforcing “named” to listen for DNS traffic on the interface that was used to send upstream queries. NIOS-59543 Major Under specific circumstances. A 11/14/2017 . NIOS-59406 Major The “set recursion_cache_size” command on an IB-1410 appliance allowed increasing the cache size to only 512 MB. NIOS-59688 Major Customer experienced discrepancies in Grid Manager after an unexpected HA Grid Master failover.NIOS 8. these leases are displayed as “Free” and DHCP expire messages are logged in the syslog. an IPv6 lease scavenging was not working as expected.2. All registered trademarks are property of their respective owners. NIOS-59357 Major DNS service took 3-5 seconds to function on an IB/VM 1400 appliance because named required 3-5 seconds to restart on an appliance with factory default settings. NIOS-59445 Major Under certain circumstances. All Rights Reserved. but NIOS is not vulnerable to any of those vulnerabilities. the “version_deleted_object” was incremented but these objects were not purged. NIOS-59538 Major Remote (RADIUS) users with assigned local groups could log in to the appliance via Grid Manager. NIOS-59750 Major HTTP file distribution was not getting replicated in Grid members when users were uploading files from the Grid Master. NIOS-59330 Major PAPI: Infoblox::DHCP::Range->network() returned only “/” when there were two scopes in the same network. but were unable to login via SSH. NIOS-59373 Major The TXID messages increased in the customer's external monitoring tool after an upgrade. DHCP clients were unable to renew a lease when the Client UID changed even though “Ignore client identifier” was enabled. the OSPF service restarted before the DNS service. one of the Grid members was losing connectivity from the Grid Master from time to time. NIOS-59349 Major Some of the interface information was missing with Cisco ASR VRF-aware routers. some scheduled searches did not return any data even though the same report generated chart data. NIOS-59680 Major This release allows users to disable SSLv3 usage during reporting (splunk) data transmission. NIOS-59403 Major Under certain circumstances. causing DNS query failures.2 Release Notes NIOS-59760 Major DNS integrity check ran on any member when the member's database had zones with DNS integrity check enabled. a PT-1400 appliance got in to a reboot recovery loop during its first start up. even though the physical memory was set to 8 GB. NIOS-59449 Major After the first DHCP renewal. two different lease times were acknowledged by different DHCP failover peers. In this release. © 2017 Infoblox Inc. NIOS-59667 Major Expired/free leases were showing as “Active” state. NIOS-59548 Major Each time any Grid object was deleted. NIOS-59759 Major In certain NIOS releases. Page 55 of 63 400-0704-202 Rev. NIOS-59421 Major Under certain circumstances. NIOS-59300 Major On rare occasions. NIOS-59444 NIOS-59427 Major Users suspected multiple open SSL vulnerabilities. the SSH session or the serial console was unexpectedly logged out. NIOS-59171 Major In an IPv6-only Grid. it was signed with two keys during the 15-day grace period after the ZSK rollover. MGMT. LAN2. import was completed successfully and the host address was removed completely. NIOS-58979 Major Unable to remove a name server from a name server group under certain circumstances. NIOS-58934 Major Unable to filter unmanaged devices using filters in the Data Management -> Devices tab. NIOS-59029 Major Unable to deploy Infoblox instances (GUI and API access) in OpenStack/KVM networks with DHCP enabled in the OpenStack network. NIOS-58964 Major The passive node of an HA Grid Master looped in the synchronizing state. NIOS-58900 Major Unable to synchronize Microsoft servers with the appliance on some occasions. NIOS-58892 Major Idle timeout did not take effect in Grid Manager. NIOS-59082 Major When CSV Import was performed with type=Delete. NIOS-59177 Major The appliance experienced increased SWAP usage and high CPU resource loads triggered by the http daemon. causing routing flaps. NIOS-59077 Major When a zone was set to pre-publish. All registered trademarks are property of their respective owners. ANY and queries were not going through the corresponding sources.NIOS 8. causing some active UI users to stay in this state for a few days. Page 56 of 63 400-0704-202 Rev. Delete operation was restricted to read-only objects such as host addresses. NIOS-58899 Major The BGPD service was terminated whenever the DNS service restarted or was NIOS-58397 terminated. it returned the old host record. NIOS-59011 Major Grid Master restarted automatically each time the user performed a CSV Import with action “REPLACE”. NIOS-58878 Major When using the CLI command for delete dhcp_ddns_updates to remove DDNS updates. LAN1. NIOS-59276 Major OSPF was advertised through the LAN Interface even though VIP VLAN interface was NIOS-59268 configured as the OSPF advertising interface. NIOS-59014 Major Under certain circumstances. excessive database transactions might occur. NIOS-58984 Major IPAM utilization threshold trigger value set at the Grid level was not showing the right color for network utilization. NIOS-59270 Major Users observed high CPU utilization on one of the Grid Members synchronizing with the Microsoft server. NIOS-58974 Major When performing a network discovery using an incorrect network view. NIOS-59122 Major The Audit History tab was not available for some IP addresses in IPAM and the “TypeError: 'NoneType' object is not iterable” error message was displayed. All Rights Reserved. users were unable to manage Microsoft synchronized zones from the Microsoft servers.2 Release Notes NIOS-59296 Major An IB-4030 appliance stopped working and rebooted automatically after a DNS acceleration cache alarm was triggered. When the search was performed for the DNS name. MS Synchronization with the Grid failed. A 11/14/2017 .2. NIOS-58913 Major In specific circumstances. © 2017 Infoblox Inc. NIOS-58781 Major The counts for DDNS updates in the timeout statistics were inconsistent NIOS-58643 Major Under certain circumstances. NIOS-58462 Major In the Net Map view for a network container. NIOS-58224 Major Unable to change the scheduled upgrade time for an upgrade group if the original upgrade time has passed. some DNS records were missing from the Microsoft managed DNS zones. which should be allowed. Grid Manager might experience slow performance due to heavy database operations. users were unable to add resource records to the associated networks or zones. A 11/14/2017 . NIOS-58831 Major The DNS configuration file was empty after an upgrade due to a buffer issue. All registered trademarks are property of their respective owners. NIOS-58354 Major It took longer than expected to load and display sub zone properties in Grid Manager. NIOS-58244 Major Unable to sort by the “Status” column in the Network Users -> User History tab. NIOS-58549 Major The appliance inadvertently returned some internal errors. Grid Manager logged out when users tried to navigate to other places in the view. NIOS-58596 Major On rare occasions. NIOS-58578 Major Unable to import host addresses through a CSV import if more than one host was returned. NIOS-58554 Major The password for the RPC connection to domain controller was logged in clear text in the audit log. the appliance experienced some DNS query issues after a number of client rebooted at the same time.2 Release Notes NIOS-58876 Major The IPv6 address for the I. NIOS-58856 Major DHCP option inheritance from parent network containers did not function consistently. DDNS updates using a TSIG key were denied. NIOS-58525 Major Network Insight: Unable to add a seed device that had the same name as an existing seed device in a different network view.root-servers. NIOS-58858 Major In a specific configuration. NIOS-58567 Major Under certain circumstances. NIOS-58326 Major Under certain circumstances. Page 57 of 63 400-0704-202 Rev.2.NIOS 8. © 2017 Infoblox Inc. NIOS-58566 Major An authenticated AD user might encounter an error when trying to change the TTL of a DNS A record. NIOS-58545 Major The appliance accepted community strings that might cause handling issues. NIOS-58577 Major Users might experience inheritance issues when using DHCP custom option spaces. NIOS-58501 Major Users experienced some inconsistent extensible attributes inheritance issues.net service has been changed from 2001:500:3:42 to 2001:500:9f:42. All Rights Reserved. changing the interface IP address could cause a DNS failure. NIOS-58312 Major In certain configurations. NIOS-58548 Major The appliance used the DES method instead of SHA-512 for hashed passwords. NIOS-52004 Major When uploading DNS query and response capture files to an SCP server and the connection between the Grid and the SCP server was not stable or if the server was not functional.” NIOS-57977 Major Unable to join an appliance that was pre-configured as an HA Grid Master using VLAN tagging. NIOS-58025 Major Unable to create custom extensible attributes on Cloud Platform members. Page 58 of 63 400-0704-202 Rev. NIOS-57124 Major PAPI: It took longer than expected to get an authentication policy using the Infoblox::Grid::Admin::AuthPolicy object when there was a large number of groups involved. the percentage for unused categories was listed as 100%. All registered trademarks are property of their respective owners. A 11/14/2017 . DNS views appeared in the 'selected' section instead of the 'available' section. NIOS-58137 Major Unable to navigate to the Reporting tab on an IB-VM-820 Grid Master. All Rights Reserved. NIOS-58007 Major The zone integrity check did not occur according to the configured frequency.NIOS 8. NIOS-57462 Major In a specific Microsoft Management configuration. the appliance might experience a disk full issue. NIOS-57991 Major Extensible attributes were not visible in Grid Manger after a CSV import using “ptrrecord. NOS-56931 Major When a stealth external name server was added to the name server group. NIOS-57744 Major Reporting: In the Grid Reporting Properties editor. © 2017 Infoblox Inc.2 NIOS-53291 NIOS-52666 Major The appliance did not return the expected value when filtering using IPv4 options that contained the “Option 82 Exists” rule. the IB-4010 Grid Master experienced an unexpected HA failover.2. NIOS-58126 Major Unable to join networks from different network views. NIOS-56366 Major This release adds CLI commands for SSL/TLS settings to support TLS 1.2 Release Notes NIOS-58196 Major Received “SERVFAIL” responses while querying PTR records in a zone that contained stale delegated NS records. NIOS-58027 Major It took longer than expected and a high CPU usage to remove a Microsoft synchronization definition. NIOS-57879 Major Unable to remove the glue A record from the DNS zone served by a name server that belonged to a NS group. removing all synchronized unmanaged networks also removed other networks created in NIOS for the network container. NIOS-57934 Major When changing the inheritance in the “allow queries from” and “allow recursion” settings under “queries” at the member level. NIOS-58112 Major Unable to delete a TXT record on a signed zone where the data in the TXT record contains two consecutive backslashes (\\). NIOS-57736 Major The Grid Master used the LAN1 interface instead of the VIP address to communicate with the HSM appliance. which could skew the calculation for the total used percentage. the serial number increments happened only on the secondary servers. NIOS-57688 Major Under certain circumstances. NIOS-59892 Minor In certain configurations.4 and prior versions. it lost its indexer role and ran as a forwarder.3. All Rights Reserved. NIOS-60181 Minor Grid Manager displayed an error when user re-enabled DNS by selecting “Enable in DNS" check box in the Host editor. NIOS-60693 Minor The appliance failed to do DNS scavenging for underscore zones.10. Page 59 of 63 400-0704-202 Rev. All registered trademarks are property of their respective owners. NIOS-61502 Minor A custom report for top devices identified did not work properly after an upgrade. NIOS-59943 Minor Unable to add a bulk host if the bulk host name conflicted with an existing host alias. NIOS-61299 Minor There was a typo in the vDiscovery Job wizard tooltip.2. NIOS-59928 Minor This release changes a warning message about DNS scavenging to clarify the message.2. the Toggle flat view option displayed all the subnets from all network views. the IB-4030 appliance returned an error. A 11/14/2017 . NIOS-59679 Minor In NIOS 7.tar. NIOS-61292 Minor WAPI: the MAC field in the fixedaddresss object did not support case-sensitive search. causing reporting issues. NIOS-60277 Minor After upgrading from NIOS 6. NIOS-60096 Minor Inconsistency in the IPv6 network name When user created and modified an IPv6 network through the PAPI. there was a delay while loading certain zones which have large number of records.201 to NIOS 7.NIOS 8. if the Grid Master has a NAT IP address. NIOS-61546 Minor The DHCPv4 Usage Statistics report displayed DHCPv4 utilization that was less than the actual utilization. NIOS-60630 Minor After executing the show dns cache and show dns cache_size CLI Commands.gz.10. an external management system rejected incoming SNMPv3 traps sent by the Infoblox Grid. the traffic. NIOS-60423 Minor Unable to add Grid members to the Grid using Elastic Scaling. NIOS-12775 Major The appliance experienced memory issues when DHCP was running through the OMAPI channel. NIOS-60983 Minor Updated the filter attributes for the DHCP MAC Address objects in the Infoblox API Documentation.2 Release Notes NIOS-51365 Major When a reporting indexer was offline and then rejoined the Grid. NIOS-60551 Minor The appliance displayed the “Loading” message when navigating to the next page of the RPZ entries.cap file was not stored in the root of tcpdumpLog. NIOS-61715 Minor A “failed LCD” warning was sent to the ND-800 appliance that did not have a LCD. NIOS-59732 Minor A new error message has been added to indicate that DNS Scavenging cannot be performed for underscore zones. but saved under \storage\tmp when it was extracted. NIOS-60675 Minor The appliance failed to display some of the time zone correctly. while converting lease to host in the IPAM list viewer. NIOS-60524 Minor Under certain circumstances. © 2017 Infoblox Inc. 2. users could enter invalid characters when using a TSIG key. ipv6networkcontainer. NIOS-57637 Minor Updated the Infoblox NIOS Administrator Guide to clarify the password history information. networkcontainer. © 2017 Infoblox Inc. NIOS-57582 Minor The appliance sent SNMP traps to clear OSPF and OSPFv6 issues. NIOS-52207 Minor The installation guide did not include the heat output or input current for the Infoblox 800 Series appliances. NIOS-58133 Minor The summary index for DNS tunneling contains all Advanced DNS Protection events. causing a manual backup failure. A 11/14/2017 . NIOS-59513 Minor Login was denied when the user was authenticated against Active Directory and belonged to a group that contained multiple instances of double backslashes. instead of only events related to DNS tunneling. NIOS-56329 Minor This release removes irrelevant logging in the audit log. NIOS-59662 Minor DNS Scavenging reclaimable objects were not displayed in Smart Folders. NIOS-57722 Minor Changed the “None” option to “Any” for the "Allow queries from" option in the Grid/Member DNS Query ACL section to improve usability. NIOS-58083 Enhance This release adds a check box to the Data Collector VM editor for enabling registration requests. NIOS-56267 Enhance This release improves usability so users do not disable remote access permanently by mistake.NIOS 8. certain messages related to reporting events were not clear.2 Release Notes NIOS-59675 Minor The named_cache file when collected in the support bundle was being truncated if the recursive cache was full. the regex did not work and returned error or incorrect results. All Rights Reserved. NIOS-58945 Minor In the syslog. NIOS-56936 Minor Grid Manager now does not display the Infoblox Community dashboard. causing a DNS configuration syntax error. NIOS-59435 Enhance Syslog messages were missing for a dual-stack Pool of DTC health monitors. NIOS-61098 Enhance Users can now use a CLI command to disable the feature that allows them to send requests to Infoblox Technical Support. ipv6fixedaddress and range objects. Page 60 of 63 400-0704-202 Rev. NIOS-58377 Minor A newly added bookmark did not appear in the Bookmarks tab and users were unable to re-add the bookmark. ipv6network. NIOS-58104 Minor The Infoblox NIOS Administrator Guide did not cover the file name convention for reporting backups. NIOS-58362 Minor Unable to synchronize bloxTools data in a specific bloxTools environment. NIOS-59567 Minor When the “$” character was used to search the “network” fields for objects such as network. All registered trademarks are property of their respective owners. fixedaddress. but did not send SNMP traps for the issues themselves. NIOS-57995 Minor When configuring an external primary or secondary DNS server in either a zone or name server group. NIOS-64534 DTC: If you configure an SNMP health monitor that does not contain any OIDs for dynamic ratio load balancing.3. the DTC service might restart. To prevent this. KNOWN GENERAL ISSUES ID Summary NFV2-49 You might encounter an error when you enable NIC bonding using a 1G NIC in an OpenStack environment.2 Release Notes Severity Levels Severity Description Critical Core network services are significantly impacted. NIOS-61781 In cases where NAT is disabled but NAT groups still have a value. Moderate Some loss of secondary services or configuration abilities. The upload will eventually succeed.0 and later. NIOS-64767 You might not be able to reach the Grid Master deployed in AWS through the MGMT interface. Workaround: Use a 10G NIC instead of 1G. All Rights Reserved. NIOS-62829 Threat Protection: It might take longer than expected for the appliance to download and apply an updated ruleset due to memory usage exceeding the threshold. reporting data from Grid members that have not been upgraded is not forwarded to the Reporting server that has already been upgraded due to security changes in SSL related to CVE-2014-3566 (POODLE).0 and later. NIOS-62852 Threat Protection: Using PAPI scripts to upload an updated ruleset might result in a “Read Timeout” error. Enhance An enhancement to the product. Workaround: Create a home directory for the user under /home. Major Network services are impacted. All registered trademarks are property of their respective owners.0. NIOS-62690 Scheduled and manual backup to an SCP server using a complete path might fail if the user account does not have a home directory.0. NIOS reporting forwarders may try to talk to indexers using an incorrect address.0 to NIOS 8. but there is an available workaround.0 or later before upgrading them to NIOS 8. Page 61 of 63 400-0704-202 Rev.3. © 2017 Infoblox Inc. Workaround: Upgrade all Grid members to NIOS 7. Workaround: Include at least one OID when you configure an SNMP health monitor. Minor Minor functional or UI issue. The upload will eventually succeed. NIOS-61798 RESTful API Outbound Notifications: The filename downloaded for a RESTful API template might have an unrecognizable template name if you do any of the following: • Use UTF-8 characters to name the template. NIOS-62159 Reporting: When you perform a scheduled full upgrade from a NIOS release earlier than 7.2. ensure that NAT group settings are cleared or empty when NAT is disabled. This could happen if you set up Grid communications using the MGMT and LAN1 ports on the Grid Master before joining the AWS member.NIOS 8. • Use Firefox 47 or any browsers that do not support UTF-8 filename download. • Download the template from NIOS. A 11/14/2017 . 168. which might cause a second reporting indexer to go offline and not being upgraded. all other security related functionality stops working. the Infoblox appliances ship with auto-provisioning enabled by default. All registered trademarks are property of their respective owners.1.2.NIOS 8. Workaround: Obtain permanent licenses to continue using these features.2 as documented in the Infoblox NIOS Administrator Guide and Installation Guides will not be assigned. NIOS-61721 REST API Outbound Notifications: If you configure the Grid Master Candidate as the outbound member. Workaround: Manually upload the latest module set to your Grid or enable automatic updates before upgrading. Page 62 of 63 400-0704-202 Rev. go to the Administration -> Reporting tab to start the reporting service. NIOS-61565 Object Change Tracking: In situations that involve a large database. You will get a message indicating that the appliance continues to process changes that you make in the background while downloading the ruleset updates. Threat Protection and RPZ installed on your appliance and the Security license expires. The Reporting service icon will appear in the Grid Manager tab. you might not be able to re-join the vNIOS member to the Grid when it reboots. However. All Rights Reserved. NIOS-61562 Reporting and Analytics: The Destination Path is an optional field in a single-site cluster.2 Release Notes NIOS-61756 Advanced DNS Protection: It might take longer than expected to download ruleset updates. Workaround: Restart the cluster master. NIOS-60959 No outbound events are recorded when you remove a parent object using an outbound template. NIOS-61042 Reporting and Analytics: When joining a reporting member to a Grid.168.2 (or any valid IP address) and netmask to 255. NIOS-61563 Reporting and Analytics: In a Reporting Clustering configuration. Grid Manager might still display an “OK” status for these services in their corresponding dashboards. including those being handled by the old Grid Master. Workaround: Manually set the IP address through the serial console using the set network CLI command to re-configure the default IP address to 192. © 2017 Infoblox Inc. the newly promoted Grid Master continues to handle all outbound related activities.255. During initial setup. NIOS-61603 Currently. Workaround: In Grid Manager. Workaround: Do not perform a full synchronization from the Grid Master Candidate until the file from the previous synchronization is fully synchronized to the Grid Master. Threat Analytics. your upgrade will fail. NIOS-61714 Temporary licenses: When you have temporary licenses for Security. but there is no functional impact. NIOS-61651 vNIOS for AWS and Azure: If you configure the LAN1 and MGMT interfaces using IPv6 parameters. ensure that you review its capacity before promoting it to the Grid Master because after the promotion. performing a full synchronization from the Grid Master Candidate while the previous file is still being synchronized to the Grid Master might cause the deletion of the original synchronization file. Workaround: Avoid using IPv6 parameters when configuring the LAN1 and MGMT interfaces for the vNIOS member. the status of the cluster master might return a service failure error after an upgrade. Workaround: Ensure that you enter a value for the Destination Path field. the default IP address of 192. NIOS-61681 If you set up your Grid to use Infoblox Threat Insight but have not enabled automatic updates for Threat Analytics module sets.0. A 11/14/2017 .255. the Reporting service icon might not appear in the Grid -> Grid Manager tab of Grid Manager.1. Page 63 of 63 400-0704-202 Rev.2. Workaround: 1. 3. Workaround: Superusers can fix these permissions for limited-access users when necessary. is not compatible with our community dashboard widget. ensure that you specify the 26525 network view with which the seed router associates. the seed router object will be created without a network view association. NIOS-56982 Reporting and Analytics: Unable to copy or bookmark a page using the “Link to Job” option in the Job Settings dialog in the Splunk -> Reports page. Wait another five minutes and verify that all cloud extensible attributes are no long Read-only. Workaround: Install a permanent Cloud license on the Grid. Delete the extensible attributes that have the same name as the mandatory cloud extensible attributes. regardless of whether the license is valid or has expired. This new community software however. clear the DNS cache before adding the rule. Workaround: To ensure that the RPZ rule takes effect immediately. 2. All registered trademarks are property of their respective owners. ISE-249 Cisco ISE: Unable to create a network active user if the user is configured with Cisco ISE server using the standby server address. and then delete the permanent license from the appliance. As a result. NETMRI. NIOS-57930 Reporting and Analytics: Object permissions for certain system searches are not migrated after an upgrade. All Rights Reserved.infoblox. Otherwise. the mandatory cloud extensible attribute creation will fail when you install the cloud license. the functionality of the Community Dashboard widget is inconsistent.com). This delay is mandated by the effective DNS cache setting and might cause some traffic to go through before the RPZ rule takes effect. BEAU-443 Cloud Network Automation: In a scenario when you define extensible attributes that have the exact same name (such as Tenant ID) as the mandatory cloud extensible attribute before you install a cloud license in the Grid. you might not be able to remove cloud extensible attributes because they remain as Read-only attributes. Uninstalled the cloud license. © 2017 Infoblox Inc. Install the cloud license again. Workaround: Use logos that are in PNG format. wait at least five minutes. NIOS-55312 An RPZ rule that was deleted and then added to an RPZ feed again might not take effect immediately. Network Insight: When adding seed routers through PAPI scripts. which will offer users enhanced features and a more robust experience. A 11/14/2017 .2 Release Notes NIOS-54840 Some of the cloud related features might still be functional even after you have removed a temporary Cloud license from your Grid. The Community Dashboard widget will subsequently be removed in the next NIOS maintenance release. N/A Infoblox has upgraded the software for our user community (community.NIOS 8. NIOS-58190 Reporting and Analytics: The reporting service does not support non-ASCII characters in the names of admin groups and admin users. NIOS-57850 Reporting and Analytics: Custom logos in report PDFs might not appear properly if the logo is in JPEG format. For example.
Copyright © 2024 DOKUMEN.SITE Inc.