NIOS 8.0.5 ReleaseNotes

NIOS 8.0.
5 Release Notes
INTRODUCTION ...................................................................................................................... 2
Supported Platforms............................................................................................................ 2
NEW FEATURES...................................................................................................................... 7
NIOS 8.0.0 ........................................................................................................................ 7
CHANGES TO DEFAULT BEHAVIOR ............................................................................................ 11

NIOS 8.0.0 Release............................................................................................................ 11
CHANGES TO Infoblox API and RESTful API (WAPI) ........................................................................ 12

WAPI Deprecation and Backward Compatibility Policy ............................................................... 13
NIOS 8.0.x Release ............................................................................................................ 13
UPGRADE GUIDELINES ........................................................................................................... 15

Upgrading to NIOS 8.0.x ..................................................................................................... 15
BEFORE YOU INSTALL ............................................................................................................ 16
ACCESSING GRID MANAGER ..................................................................................................... 18
ADDRESSED VULNERABILITIES .................................................................................................. 18
RESOLVED ISSUES ................................................................................................................. 22

Fixed in 8.0.5 .................................................................................................................. 22
Fixed in 8.0.4 .................................................................................................................. 22
Fixed in 8.0.3 .................................................................................................................. 23
Fixed in 8.0.2 .................................................................................................................. 24
Fixed in 8.0.1 .................................................................................................................. 25
Fixed in 8.0.0 .................................................................................................................. 25
KNOWN GENERAL ISSUES ........................................................................................................ 35
© 2018 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 1 of 37
400-0679-005 Rev. B 7/3/2018
NIOS 8.0.5 Release Notes
INTRODUCTION
Infoblox NIOS 8.0.x software, coupled with Infoblox appliance platforms, enables customers to deploy large,
robust, manageable and cost-effective Infoblox Grids. This next-generation solution enables distributed
delivery of core network services—including DNS, DHCP, IPAM, TFTP, and FTP—with the nonstop availability and
real-time service management required for today’s 24x7 advanced IP networks and applications.
Please note the following:
• NIOS 8.0.x is not supported on the following appliances: IB-250, IB-250-A, IB-500, IB-550, IB-550-A,
IB-1000, IB-1050, IB-1050-A, IB-1550, IB-1550-A, IB-1552, IB-1552-A, IB-1852-A, IB-2000, IB-2000-A,
IB-VM-250, IB-VM-550, IB-VM-1050, IB-VM-1550, IB-VM-1850, IB-VM-2000, and Trinzic Reporting TR-2000
and TR-2000-A series appliances. You cannot upgrade to NIOS 8.0.x on these appliances. See Upgrade
Guidelines on page 25 for additional upgrade information.
• DNS Traffic Control: There are some significant changes in the functionality and user interface for
Infoblox DNS Traffic Control (DTC). Infoblox recommends that you take some time to explore and
navigate through the user interface to get familiar with the new features and changes. For detailed
information, see New Features and Changes to Default Behavior in this document.
Supported Platforms
Infoblox NIOS 8.0.x is supported on the following platforms:

• NIOS Appliances
- Infoblox Advanced Appliances: PT-1400, PT-1405, PT-2200, PT-2205, PT-2205-10GE, PT-4000, and
PT-4000-10GE
- Network Insight Appliances: ND-800, ND-805, ND-1400, ND-1405, ND-2200, ND-2205, and ND-4000
- Trinzic Appliances: TE-100, TE-810, TE-815, TE-820, TE-825, TE-1410, TE-1415, TE-1420, TE-1425,
TE-2210, TE-2215, TE-2220, TE-2225, IB-4010, and IB-4020 (NOTE: TE appliances are also referred to as
the IB appliances.)
- Cloud Network Automation: CP-V800, CP-V1400, and CP-V2200
- Trinzic Reporting: TR-800, TR-805, TR-1400, TR-1405, TR-2200, TR-2205, and TR-4000
- DNS Cache Acceleration Appliances: IB-4030 and IB-4030-10GE
- Infoblox vNIOS Appliances for Microsoft Azure: TE-V820, TE-V1420, TE-V2220, CP-V800, CP-V1400, and
CP-V2200.
• vNIOS for VMware on ESX/ESXi Servers

The Infoblox vNIOS on VMware software can run on ESX or ESXi servers that have DAS (Direct Attached
Storage), or iSCSI (Internet Small Computer System Interface) or FC (Fibre Channel) SAN (Storage Area
Network) attached. You can install the vNIOS software package on a host with VMware ESX or ESXi 6.x.x,
5.5.x, 5.1.x, or 5.0.x installed, and then configure it as a virtual appliance.
vSphere vMotion is also supported. You can migrate vNIOS virtual appliances from one ESX or ESXi server to
another without any service outages. The migration preserves the hardware IDs and licenses of the vNIOS
virtual appliances. VMware Tools is automatically installed for each vNIOS virtual appliance. Infoblox
supports the control functions in VMware Tools. For example, through the vSphere client, you can shut
down the virtual appliance.
You can deploy certain vNIOS virtual appliances with different hard disk capacity. Some vNIOS appliances
are not supported as Grid Masters or Grid Master Candidates. Note that the IB-VM-800 and IB-VM-1400
virtual appliances are designed for reporting purposes. For more information about vNIOS on VMware, refer
to the Infoblox Installation Guide for vNIOS Software on VMware.
400-0679-005 Rev. B 7/3/2018
• vNIOS for Microsoft Server 2008 R2, 2012, and 2012 R2 Hyper-V
The Infoblox vNIOS virtual appliance is now available for Windows Server 2008 R2 and Windows Server 2012
and 2012 R2 that have DAS (Direct Attached Storage). Administrators can install vNIOS virtual appliance on
Microsoft Windows® servers using either Hyper-V Manager or SCVMM. A Microsoft Powerscript is available
for ease of installation and configuration of the virtual appliance. Note that vNIOS for Hyper-V is not
recommended as a Grid Master or Grid Master Candidate. With this release, you can deploy certain vNIOS
appliances with a 50 GB, 55 GB, or 160 GB hard disk. You can also deploy the IB-VM-800 and IB-VM-1400
virtual appliances as reporting servers. For more information about vNIOS for Hyper-V, refer to the Infoblox
Installation Guide for vNIOS on Microsoft Hyper-V.
Note: All virtual appliances for reporting purposes are supported only for Windows Server 2012 R2.
• vNIOS for Xen Hypervisor

The Infoblox vNIOS for Xen is a virtual appliance designed for Citrix XenServer 6.1 and 6.2 running Xen
hypervisor and for Linux machines running Xenproject.org 4.3 hypervisor. You can deploy vNIOS for Xen
virtual appliances as the Grid Master, Grid members, or reporting servers depending on the supported
models. Note that the IB-VM-800 virtual appliances are designed for reporting purposes only. For more
information about vNIOS for Xen, refer to the Infoblox Installation Guide for vNIOS for Xen Hypervisor. For
information about vNIOS virtual appliances for reporting, refer to the Infoblox Installation Guide for vNIOS
Reporting Virtual Appliances.
• vNIOS for KVM Hypervisor

The Infoblox vNIOS for KVM is a virtual appliance designed for KVM (Kernel-based Virtual Machine)
hypervisor and KVM-based OpenStack deployments. The Infoblox vNIOS for KVM functions as a hardware
virtual machine guest on the Linux system. It provides core network services and a framework for
integrating all components of the modular Infoblox solution. You can configure some of the supported
vNIOS for KVM appliances as independent or HA (high availability) Grid Masters, Grid Master Candidates,
and Grid members. For information about vNIOS for KVM hypervisor, refer to the Infoblox Installation
Guide for vNIOS for KVM Hypervisor and KVM-based OpenStack.
• vNIOS for AWS (Amazon Web Services)

The Infoblox vNIOS for AWS is a virtual Infoblox appliance designed for operation as an AMI (Amazon
Machine Instance) in Amazon VPCs (Virtual Private Clouds). You can deploy large, robust, manageable and
cost effective Infoblox Grids in your AWS cloud, or extend your existing private Infoblox NIOS Grid to your
virtual private cloud resources in AWS. You can use vNIOS for AWS virtual appliances to provide enterprise-
grade DNS and IPAM services across your AWS VPCs. Instead of manually provisioning IP addresses and DNS
name spaces for network devices and interfaces, an Infoblox vNIOS for AWS instance can act as a
standalone Grid appliance to provide DNS services in your Amazon VPC, as a virtual cloud Grid member tied
to an on-premises (non-Cloud) NIOS Grid, or as a Grid Master synchronizing with other AWS-hosted vNIOS
Grid members in your Amazon VPC; and across VPCs or Availability Zones in different Amazon Regions. For
more information about vNIOS for AWS, refer to the Infoblox Installation Guide for vNIOS for AWS.
NOTE: Infoblox NIOS virtual appliances support any hardware that provides the required Hypervisor version,
memory, CPU, and disk resources. To maintain high performance on your NIOS virtual appliances and to avoid
not having enough resources to service all the NIOS virtual appliances, DO NOT oversubscribe physical resources
on the virtualization host. Required memory, CPU, and disk resources must be adequately allocated for each
virtual appliance that is running on the virtualization host. For information about the required specification for
each NIOS virtual appliance model, see the following table.
The following table lists the required memory, CPU, and disk allocation for each supported Infoblox virtual
appliance model:
400-0679-005 Rev. B 7/3/2018
NIOS Virtual Primary # of Memory Recommended NIOS for NIOS NIOS NIOS NIOS Supported
Appliances Disk (GB) CPU Allocation CPU Core Clock VMware for MS for for for as Grid
Cores (GB) Rate Hyper Xen KVM AWS Master and
-V Grid
Master
IB-VM-100 55 1 1 1300 MHz      No
IB-VM-800 300 2 Range: 2 – 8 3000 MHZ 3   1  No

(Reporting (Primary & Default: 8
only; 1 GB Reporting)
daily limit)
IB-VM-800 300 2 Range: 4 – 8 3000 MHZ 3     No

(Reporting (Primary & Default: 8
daily limit)
IB-V805 * 250 (+ user 2 32 2800 MHz    4  No

(Reporting defined
only) reporting
storage)
IB-VM-810 55 2 2 2000 MHz      No
IB-VM-810 160 2 2 2000 MHz      No
IB-V815 * 250 2 16 1100 MHz    4  Yes
IB-VM-820 55 2 4 3000 MHz      Yes2
IB-VM-820 160 2 4 3000 MHz      Yes2
IB-V825 * 250 2 16 1600 MHz    4  Yes
IB-VM-1400 555 4 Default: 8 8000 MHz 3     No

(Reporting (Primary & GB
daily limit)
IB-V1405 * 250 (+ user 4 32 3600 MHz    4  No

(Reporting defined
only) reporting
storage)
IB-VM-1410 55 4 8 GB 6000 MHz      No
IB-VM-1410 160 4 8 6000 MHz      Yes2
IB-V1415 * 250 4 32 1200 MHz    4  Yes
400-0679-005 Rev. B 7/3/2018
IB-VM-1420 160 4 8 8000 MHz      Yes2
IB-V1425 * 250 4 32 1800 MHz    4  Yes
IB-V2205 * 250 (+ user 8 64 2100 MHz    4  No

(Reporting defined
only) reporting
storage)
IB-VM-2210 160 4 12 12000 MHz      Yes2
IB-V2215 * 250 8 64 2100 MHz    4  Yes
IB-VM-2220 160 4 12 12000 MHz      Yes2
IB-V2225 * 250 8 64 2100 MHz    4  Yes
IB-V4000 250 8 24 2400 MHz      No

(Reporting (+ 1500 GB
only) reporting
storage)
Network Overall # of Memory Recommended NIOS for NIOS NIOS NIOS NIOS Supported
Insight Virtual Disk (GB) CPU Allocation CPU Core Clock VMware for MS for for for as Grid
Appliances Cores (GB) Rate Hyper Xen KVM AWS Master and
-V Grid
Master
Candidate
ND-V800 160 2 8 3000 MHz 3     No
ND-V805 *5 250 2 32 2800 MHz    4  No
ND-V1400 160 4 16 8000 MHz 3     No
ND-V1405 *5 250 4 32 3600 MHz    4  No
ND-V2200 160 8 24 24000 MHz 3     No
ND-V2205 *5 250 8 32 2100 MHz    4  No
400-0679-005 Rev. B 7/3/2018
Cloud Overall # of Memory Recommended NIOS for NIOS for NIOS NIOS NIOS Supported
Platform Disk (GB) CPU Allocatio CPU Core Clock VMware MS for for for as Grid
Virtual Cores n Rate Hyper-V Xen KVM AWS Master and
Appliances (GB) Grid
Master
Candidate
CP-V800 160 2 2 2000 MHz      No
CP-V1400 160 4 8 6000 MHz      No
CP-V2200 160 4 12 12000 MHz      No
NOTES:
* To achieve best performance on your virtual appliances, follow the recommended specifications and allocate
your resources within the limits of the licenses being installed on the appliances.
1
For KVM hypervisor only. Not supported for KVM-based OpenStack. Does not support Elastic Scaling.
2
NIOS virtual appliance for Hyper-V is not recommended as a Grid Master or Grid Master Candidate. IB-VM-820
with 55 GB disk is not supported as the Grid Master or Grid Master Candidate for the vNIOS for KVM. The
Identity Mapping feature is supported on the IB-VM-810 and IB-VM-820 appliances only if they are configured as
Grid members, not as the Grid Master.
3
Does not support Elastic Scaling.
4
NIOS for KVM is supported in the following environments: OpenStack, RHEL, SuSE Enterprise and Cloud, and
CentOS. Note that only IB-V1405 as a Reporting server has been qualified for OpenStack.
5
ND virtual appliances are designed for Network Insight only. Discovery is supported in OpenStack only with
SRIOV enabled.
400-0679-005 Rev. B 7/3/2018
NEW FEATURES
This section lists new features in the 8.0.x releases.
NIOS 8.0.0
DNS Traffic Control Enhancements

This release adds the following significant enhancements to the DNS Traffic Control (DTC) feature:
• A topology ruleset now supports extensible attribute rules that can be used for topology load
balancing. You can perform load balancing based on whether a client IP address belongs to a network
with extensible attribute values that match the topology rules. This is particularly useful for load
balancing Intranet applications, since GeoIP does not work for internal networks.
• The HTTP/HTTPS health monitor can now check the content of the returned page to determine the
health of a server. For example, you can search the page to make sure that “Under Maintenance” is not
on the returned page. You can specify regular expressions for extracting and checking part of the
response content. In addition, the HTTP Health Monitor editor has added a Test dialog so you can test
the HTTP health monitor configuration.
• A new graphical user interface for configuration, which shows the relationship between Load Balanced
Domain Names, Pools and Servers. You can edit, create, or delete DTC objects directly from this
graphical interface.
• DTC now supports DNSSEC. You may assign DTC LBDNs to signed zones, provided that they do not use
the "All Available" load balancing method and do not have in-zone wildcards.
• DTC servers now allow multiple records and record types to be configured for a single server.
• DTC now supports CSV import for GeoIP databases. You can customize the database by editing the CSV
file prior to an import.
• The SNMP health monitor now supports SNMPv3.
• A “Priority” setting has been added for LBDNs. In the case of overlapping LBDNs (configured with
similar Patterns and associated Zones), the Priority field is used to determine which LBDN is selected
when processing a DNS response.
• Geography topology rules may now use "City" in geographic conditions.
• You can now apply most changes to DTC configuration without interrupting the DNS service.
Infoblox High Performance Physical and Virtual Appliances

This NIOS release supports the following high performance NIOS physical appliances:
• Trinzic Appliances: TE-815, TE-825, TE-1415, TE-1425, TE-2215, and TE-2225 (also knowns as IB
appliances)
• Advanced Appliances: PT-1405, PT-2205, and PT-2205-10GE
• Network Insight Appliances: ND-805, ND-1405, and ND-2205
• Reporting Appliances: TR-805, TR-1405, and TR-2205
For more information about each physical appliance, refer to the installation guides, available on the Technical
Support web site at https://support.infoblox.com.
You can also deploy the following high performance virtual appliances: IB-V805, IB-V815, IB-V825, IB-V1405,
IB-V1415, IB-V1425, IB-V2205, IB-V2215, IB-V2225, ND-V805, ND-V1405, and ND-V2205. For required memory,
CPU, and disk allocation, see the table on page 4 of this document.
Support for Grid-wide Licenses

This NIOS release introduces the following Grid-wide licenses: Security Ecosystem, Reporting Subscription,
and RPZ. Once installed, Grid-wide licenses are valid across the entire Grid, provided that other conditions and
factors are met for the respective features. For example, a member must have the correct appliance model to
run the Reporting feature even if a Reporting Subscription Grid-wide license is already installed for the Grid.
400-0679-005 Rev. B 7/3/2018
Enhancements to Infoblox Cloud Offerings

This release adds the following enhancements to the Infoblox Cloud offerings:
• vNIOS for Azure in the Marketplace: You can now easily download and deploy vNIOS for Azure virtual
appliances directly from the Azure Marketplace. The vNIOS for Azure virtual appliance is pre-configured
for Microsoft Azure so you only need to take a few easy steps to complete the deployment.
• Pay-as-you-go for vNIOS for AWS: Take advantage of the pay-as-you-go licensing model (known as the
Paid NIOS model) in the AWS Marketplace for the CP-V800 and IB-V1420 models. When you use the Paid
NIOS model to launch the vNIOS for AWS virtual appliance, the appliance comes pre-installed with the
following permanent licenses: vNIOS, Grid, DNS, and CNA (Cloud Network Automation). As long as the
virtual appliance is up and running, you can use the NIOS features that these licenses provide.
• vNIOS for AWS:
o Amazon Route 53 Aliases are now mapped to CNAME records in NIOS, except for zone apex
CNAME records.
o Consolidation of Route 53 zones and records into a single DNS view: You can now serve all those
zones in a consolidated way from NIOS by querying a single Grid member.
o You can select either the Instance Profile or IAM credential to authenticate AWS API calls for
Route 53 and vDiscovery jobs.
o For vDiscovery, you can choose to use an unsecured HTTPS connection if your discovered
endpoints are OpenStack or VMware. When you select this option, the appliance bypasses
remote SSL certificate validation.
External Database Synchronization

If you have external applications that use information in the NIOS database, you can use the Object Change
Tracking and Synchronization feature to track changes made to common NIOS objects, and then periodically
synchronize IPAM, DNS, and DHCP data through the Infoblox API or RESTful API. You can choose between a full
and partial synchronization depending on your requirements. This feature enables timely and accurate
integration with your external systems.
Support for Outbound Notifications using RESTful API

Through Grid Manager, you can now configure the appliance to send outbound RESTful API notifications to REST
endpoints so you can prioritize your security needs or perform network management tasks. The appliance uses
RESTful API templates that you create to convert NIOS events into REST API messages in which you define
specific actions for those events.
Infoblox Reporting Enhancements

This release adds the following enhancements to the Reporting feature:
• Reporting License Usage report: This new internal report provides reporting license usage over a given
time frame and license usage warning count if there is any license usage violation. The default
dashboard displays bar chart that shows license usage in megabytes over a given time frame.
• Reporting Clustering Dashboard: This dashboard provides detailed information about the status of the
entire indexer cluster. You can get information about the status of each peer node, search head, and
indexes. You can also view the number of peers (reporting members), searchable copies, and number
of copies (buckets).
• Best practices for capacity planning, volume and storage consumption monitoring, deployment and
service monitoring, and customizing searches are now thoroughly described in the Infoblox NIOS
Administrator Guide.
• For reporting clustering, the Infoblox NIOS Administrator Guide now includes suggested network
communication and ports for the different clustering types.
400-0679-005 Rev. B 7/3/2018
Enhancements for Multi-Grid Configuration

This release adds the following enhancements for a Mutli-Grid configuration:
• You can now restrict synchronization of snapshots, selected network views, network containers,
networks, and extensible attributes by using the Disable Sync to MGM option on the Grid Masters of
managed Grids. You use this option to restrict certain networks and networking information by not
sharing it with the Multi-Grid Master. In addition, you can prevent the Multi-Grid Master from having
access to the snapshots of the managed Grids. When you disable synchronization, all synchronized data
is deleted and future synchronization is disabled.
• Support for CSV import and export.
Enhancements for Service Restarts (RFE-642)

You can now review pending activities that will take effect before you restart services on the appliance. You
can also enable or disable the appliance to display the Restart Banner and to track the admin users who
perform service restarts.
Network Insight Enhancements

This release adds the following enhancements to the Network Insight feature:
• When converting unmanaged entities to managed objects in NIOS, you can choose to convert them one
at a time or as a group. To convert a single entity, just select a specific entity and perform the
conversion. To convert multiple entities to the same IPAM object type, you can select the entities you
want to manage and then perform a bulk conversion.
• You can also perform an automatic conversion for unmanaged entities in a network view by configuring
conversion rules for the Grid.
Security Visibility
Grid Manager now provides the following security dashboard widgets to increase visibility of your Infoblox
security infrastructure:
• Dig Request: This widget enables you to perform a DNS lookup on the Grid Master or on a specified Grid
member and displays the output of the dig command.
• Threat Analytics Status for Grid: This widget displays the statistical information about the DNS
tunneling events. You view different information using the following tabs: Detections Over Time, Top
10 Grid Members, and Detections.
• Threat Analytics Status for Member: This widget displays statistics about the DNS tunneling events for a
specific Grid member.
Infoblox Security Infrastructure Enhancements (RFEs: 4422, 4424, 5283, 5726, 5824, 6158, 6284, 6554,
6693, 6694, 6695, 6733, 6877)
This release adds a few enhancements to the Infoblox Security Infrastructure features, as follows:
• DNS RPZ Hits Report: You can select to review detailed RPZ hits or aggregated RPZ hits; this report now
includes IPAM data.
• Support for all known RR types for both TCP and UDP packets in Threat Protection rules.
• New templates for blocking DNS packets by record type and matching text string, and for rate limiting
DNS query with specific record type.
• “Last Seen” timestamp in RPZ threat details.
• Fixed inconsistencies in DNS Firewall reports.
• DNS RPZ Hits Trend by Mitigation Action Report: Provides trends for the total number of RPZ hits for
each mitigation action along with the total client hits in a given time frame.
• Rule description details added to the rule category.
400-0679-005 Rev. B 7/3/2018
DDNS Update Method (DHCP 4.3 Upgrade)

You can now select either the Interim or Standard DDNS update method. For dual-stack clients that acquire
both IPv4 and IPv6 leases and use the same DNS name for both types, you can configure IPv4 and IPv6 to use
different DDNS update methods (Infoblox recommends using Interim for IPv4 and Standard for IPv6).
Support for Bidirectional Forwarding Detection (BFD)

The BFD protocol is designed to provide faster failure detection using millisecond timer intervals. It can be
enabled with routing protocols to achieve fast network re-convergence.
NS Groups for Stub and Forward Zones (RFE-585)

NIOS now supports NS (Name Server) groups for stub and forward zones. A forwarding member NS group is a
collection of one or more name servers, and a stub member NS group is a collection of one or more Grid
members. When you configure a forward or stub zone, you can specify a forward/stub NS group instead of
assigning name servers or Grid members individually.
Ability to Select Core Files for Support Bundle (RFE-6449)

You can now select core files to be included in the Infoblox support bundle when you download it.
Enabling DHCP Transaction ID Logging by Default (RFE-6446)

In this release, the logging of DHCP transaction ID is enabled by default. You can use the set log_txn_id CLI
command to turn this feature on and off.
PIV Card Support for Two-Factor Authentication (RFE-6279)

This release adds support for Personal Identity Verification (PIV) card users to the two-factor authentication
method. You can configure the certificate authentication service to manually or automatically validate client
certificates. The Infoblox certificate authentication service uses OCSP to validate certificate status for X.509
digital certificates.
Enabling and Disabling SSL/TLS Support for Security (RFE-5301 and 4170)
Through the Infoblox CLI, you can now use the set ssl_tls_protocols command to enable and disable
different versions of the SSL/TLS protocol, and use the set ssl_tls_ciphers command to enable or disable
a specific cipher suite or all cipher suites. For more information about the CLI commands, refer to the Infoblox
CLI Guide.
DHCP Lease Affinity (RFE-3043)

Infoblox provides a DHCPv6 lease affinity feature that allows you to reuse expired IPv6 leases for DHCP clients.
When you enable this feature, the DHCPv6 server automatically renews the expired leases. A DHCP client can
retrieve the same lease and retain the same IP address from the DHCPv6 server. This feature helps reduce the
amount of IPv6 leases in the database as the DHCP server can issue the same lease multiple times for the same
client.
Opening Technical Support Requests through Grid Manager (RFE-5147)

When you encounter product issues or require assistance, you can send a request to Infoblox Technical Support
by opening a support case through Grid Manager. When you submit a support request, Infoblox Technical
Support automatically authenticates and authorizes the contact email address that you use. It sends a
confirmation email to the contact email address if the email address is registered on the Infoblox Technical
Support server. If the authentication fails, you will receive an email.
Support for Database Snapshots (RFE-6562)

This release adds support for database snapshots. Infoblox recommends that you create a database snapshot
prior to making significant changes. This will help you mitigate the impact of user errors in the NIOS
400-0679-005 Rev. B 7/3/2018
configuration. Whenever there is an error in the NIOS configuration, you can roll back the NIOS database to the
snapshot that you have created earlier. This is potentially faster and minimizes the impact on network services
than restoring the database using the backup file.
Specifying the Data Generation Intervals for Reports (RFE-4993)

You can now specify the time interval when NIOS generates data for the DNS Statistics per View and DNS
Statistics per Zone reports. The default value for the data generation interval for these report is one day
(86400 seconds).
TLSA Resource Records for DANE (RFE-3207)

You can now define whether a certificate or a public key must be associated with a domain name when you
define a TLSA (Transport Layer Security) resource record through Grid Manager. When you define your own
TLSA record, you do not have to depend on an external Certificate Authority to issue a digitally signed TLS
certificate for your domain name.
Adding Extensible Attribute Values Hosts (RFE-6274)

When configuring Host records, you can now select to associate extensible attributes with all the host records
you have defined or associate extensible attributes with only a selected host.
Ability to Forward WIN packets from NIOS to Microsoft Servers (RFE-7081)

This release provides CLI commands that you use to enable the forwarding of WINS packets from NIOS to
Microsoft DNS and DHCP servers. You can use this feature to forward WINS packets to dedicated Windows DNS
and DHCP servers. For detailed information about these commands, refer to the Infoblox CLI Guide.
IPv6 Enhancements (RFE-4040)

The appliance now supports using IPv6 anycast addresses for NS records to override the auto-generated IP
addresses.
Support for Query Response Screening (RFE-6515)

Infoblox now provides a CLI command that you use to enable the DNS query response screening feature. When
this feature is enabled and there is a “disjoint” between the parent and child NS RRsets, the appliance tests
the resolution of the child NS RRset. If the resolution fails for all name servers, the appliance will use the
parent NS RRset.
CHANGES TO DEFAULT BEHAVIOR
This section lists changes to default behavior in NIOS 8.x releases.
NIOS 8.0.0 Release
• The Infoblox DNS Traffic Control solution delivers an enhanced user interface through Grid Manager.
Starting with this release, you will experience the following changes:
 The DTC Server wizard has been integrated with IPAM and DNS. DNS records can be selected
under DNS or IPAM, and you can launch the DTC Server wizard. The wizard will then use
information from the selected record to create a DTC server. Also, when the DTC server wizard
is launched from the Traffic Control tab, you can select a DNS record to provide information
for creating a DTC Server.
 Management of Health Monitors and Topology Rulesets have been moved to dialogs that are
launched from the Traffic Control tab.
400-0679-005 Rev. B 7/3/2018
 The Traffic Control Visualization can now be viewed in two panels: A panel that is displayed
next to the Traffic Control list view or in an expanded full size panel.
 The visualization panel has many improvements for visualizing and managing traffic control
structures, including tooltip menus for directly editing Traffic Control objects.
 New menu actions have been added to the Action menu (the gear icon) and the visualization
tooltip. You can use these actions to quickly add servers to pools and pools to LBDNs.
• Starting with this release, the IB-4030 and IB-4030-10GE appliances use the cache pre-fetch option to
replace the old cache refresh. Cache pre-fetch detects cached records that are about to expire and
fetch another copy before the actual expiration. When a query asks for data that has been cached, in
addition to returning the data, the appliance fetches a fresh copy from the authoritative server if the
pre-fetch condition (Eligible and Trigger settings) is met. This option helps minimize the time window
in which no answer is available in the cache.
• When configuring DNSSEC, you can select the resource record type (NSEC or NSEC3) you want to use
for handling non-existent names in DNS for the Resource Record Type for Nonexistent Proof option.
The default is now NSEC3 versus NSEC in previous releases.
• In previous releases, bloxTools is not supported on NIOS virtual appliances. bloxTools is now supported
on NIOS virtual appliances.
• In previous release, when port redundancy was configured and if LAN1 was not available, the Infoblox
appliance failed over to LAN2. Once the LAN1 connection was available, the appliance reverted back to
LAN1 automatically. Starting with this release, this behavior has changed. After a failover, the
appliance no longer reverts automatically back from LAN2 to LAN1. You can select the Prefer LAN1
when available option when you enable port redundancy to always use LAN1 when it is available. If
this option is not selected, the appliance does not automatically revert back from LAN2 to LAN1 even
when the LAN1 interface is available.
CHANGES TO Infoblox API and RESTful API (WAPI)
This section lists changes made to the Infoblox API and RESTful API in NIOS releases. For detailed information
about the supported methods and objects, refer to the latest versions of the Infoblox API Documentation and
the Infoblox WAPI Documentation, available through the NIOS products and on the Infoblox Support web site.
The latest available WAPI version is 2.5.
This NIOS release supports the following WAPI versions: 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.4, 1.4.1, 1.4.2, 1.5, 1.6,
1.6.1, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 2.0, 2.1, 2.1.1, 2.2, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.4, and 2.5.
NOTE: In NIOS versions 6.12.14 to 6.12.17, the alias to the current WAPI version was incorrectly specified as
2.1 instead of 1.7.5. This caused the documentation to also display v2.1 as the latest version and requests sent
as 2.1 to behave as if they were sent against 1.7.5. This issue was rectified in NIOS 6.12.18 and later 6.12.x
releases. Any WAPI scripts using v2.1 in the URI written to run against NIOS versions 6.12.x should be changed
to v1.7.5 immediately after upgrading from an affected release to NIOS 6.12.18 or later.
400-0679-005 Rev. B 7/3/2018
WAPI Deprecation and Backward Compatibility Policy
This policy covers the interfaces exposed by the Infoblox WAPI and the protocol used to communicate with it.
Unless explicitly stated in the release notes, previously available WAPI versions are intended to remain
accessible and operative with later versions.
The planned deprecation of a given version of the WAPI will normally be announced in the release notes at
least one year in advance. Upon deprecation, the announced WAPI version and all prior versions will no longer
be supported in subsequent releases. For example, if the current WAPI release is v3.4 and the release notes
contain an announcement of the v1.5 deprecation, v1.4 and v1.5 API requests would continue to work with
later releases for one year from the announcement date. After that, some or all requests for these deprecated
versions may not work with versions later than v1.5. API requests adherent to versions later than v1.5 (v2.0 for
example) would continue to work with subsequent releases. Infoblox seeks to avoid any deprecation that has
not been announced in advance, however product modifications and enhancements may affect specific API
requests without a prior announcement; Infoblox does not warrant that all API requests will be unaffected by
future releases. This policy applies to both major and minor versions of the WAPI. Infoblox reserves the right
to change this policy.
NIOS 8.0.x Release
This NIOS release includes the following API changes:
• Admin permission All OCSP Services was renamed to All Certificate Auth Services.
Object Infoblox::OCSP::AuthService has been deprecated; use new object
Infoblox::Grid::Admin::CertificateAuthService.
• Object Infoblox::DTC::Server ‘translation’ and ‘override_translation’ were
deprecated. These functions were implemented using object Infoblox::DTC::Record::A, AAAA,
CNAME, NAPTR records
New Object Name Old Object Name

Infoblox::Grid::Admin::CertificateAuthService Infoblox::OCSP::AuthService
Infoblox::DTC::Record::A, AAAA, CNAME, Infoblox::DTC::Server
NAPTR records
This release also adds the following new objects for PAPI and WAPI:
PAPI new objects:

 Infoblox::Grid::ObjectsChangesTrackingSetting
 Infoblox::Grid::DNS::AllNsgroups
 Infoblox::Grid::DNS::Nsgroup::ForwardStubServer
 Infoblox::Grid::DNS::Nsgroup::StubMember
 Infoblox::Grid::DNS::Nsgroup::ForwardingMember
 Infoblox::Grid::BFD::Template
 Infoblox::Notification::REST::Endpoint
 Infoblox::Notification::REST::Template
 Infoblox::Notification::REST::TemplateParameter
 Infoblox::Notification::REST::TemplateInstance
 Infoblox::DTC::Record::A
 Infoblox::DTC::Record::AAAA
 Infoblox::DTC::Record::CNAME
 Infoblox::Grid::Member::QueryFQDNParameter
400-0679-005 Rev. B 7/3/2018
 Infoblox::Grid::Member::QueryFQDNResponse
 Infoblox::DNS::Record::DHCID
 Infoblox::Grid::DBSnapshot
 Infoblox::DNS::Record::TLSA
 Infoblox::Grid::LicenseSubPool
 Infoblox::Grid::LicenseGridWide
 Infoblox::Grid::Member::License
 Infoblox::Grid::ServiceRestart::Request::ChangedObject
WAPI new objects:

 ad_auth_service
 db_objects
 deleted_objects
 allnsgroup
 nsgroup:forwardstubserver
 nsgroup:stubmember
 nsgroup:forwardingmember
 nsgroup:delegation
 bfdtemplate
 notification:rest:endpoint
 notification:rest:template
 notification:rest:templateparameter
 notification:rest:templateinstance
 dtc:record:a
 dtc:record:aaaa
 dtc:record:cname
 dtc:monitorhttp
 record:dhcid
 upgradestatus
 filterrelayagent
 fixedaddresstemplate
 rangetemplate
 dhcpoptionspace
 dhcpoptiondefinition
 dhcp:statistics
 orderedranges
 record:ns
 discovery:gridproperties
 discovery:memberproperties
 bulkhostnametemplate
 capacityreport
 localuser:authservice
 dbsnapshot
 record:tlsa
 license:gridwide
 grid:servicerestart:request:changedobject
 certificate:authservice
 mgm:grid (available in MGM only)
 mgm:networkview (available in MGM only)
 mgm:network (available in MGM only)
 mgm:member (available in MGM only)
 mgm:monitorentry (available in MGM only)
 mgm:monitordata (available in MGM only)
 mgm:usermapping (available in MGM only)
400-0679-005 Rev. B 7/3/2018
WAPI new structs:

 objectschangestrackingsetting
 exclusionrangetemplate
 option60matchrule
 zonenameserver
 discovery:seedrouter
 discovery:scaninterface
 discovery:port
 discovery:advancedpollsetting
 capacityreport:objectcount
 thresholdtrap
 trapnotification
 grid:licensesubpool
 ocsp_responder
 ad_auth_server
Supported Perl and Dependency Versions for the Infoblox API

Perl Crypt::SSLeay LWP::UserAgent XML::Parser Net::INET6Glue
OS
Version Version Version Version Version
5.22.0
Microsoft Windows 8.1® 0.72 6.13 2.44 0.603
5.12.3
Microsoft Windows 8® 5.22.0 0.72 6.13 2.44 0.603
5.22.0
Microsoft Windows 7® 0.72 6.13 2.44 0.603
5.20.2
Red Hat® Enterprise Linux®
5.16.3 0.72 6.13 2.44 0.603
7.1
Fedora core 2.6.25.6-
5.12.3 0.72 6.13 2.44 0.603
45.fc14.i686
Ubuntu x86_64 GNU/Linux 5.18.2 0.72 6.13 2.44 0.603
Apple® Mac OS X 10.10.3 5.18.2 0.72 6.13 2.44 0.603

5.22.0
Apple® Mac OS X 10.9.5 0.72 6.13 2.44 0.603
5.16.2
UPGRADE GUIDELINES
Upgrading to NIOS 8.0.x
• If you set up your Grid to use Infoblox Threat Insight but have not enabled automatic updates for
Threat Analytics module sets, you must manually upload the latest module set to your Grid or enable
automatic updates before upgrading. Otherwise, your upgrade will fail.
• If you are upgrading from 7.3.200 or 7.3.201 to NIOS 8.0.x and have reporting clustering configured,
you must download and upgrade to IBRA 1.2.0 (for the Splunk app) after the NIOS upgrade.
400-0679-005 Rev. B 7/3/2018
• In NIOS versions 6.12.14 to 6.12.17, the alias to the current WAPI version was incorrectly specified as
2.1 instead of 1.7.5. This caused the documentation to also display v2.1 as the latest version and
requests sent as 2.1 to behave as if they were sent against 1.7.5. This issue was rectified in NIOS
6.12.18 and later 6.12.x releases. Any WAPI scripts using v2.1 in the URI written to run against NIOS
versions 6.12.x should be changed to v1.7.5 immediately after upgrading from an affected release to
NIOS 6.12.18 or later.
• There are special restrictions for configuration changes when upgrading to NIOS 8.0.0 and later
releases. For detailed information about the restrictions, refer to Chapter 10, Managing NIOS Software
and Configuration Files of the Infoblox NIOS Administrator Guide.
BEFORE YOU INSTALL
To ensure that new features and enhancements operate properly and smoothly, Infoblox recommends that you
evaluate the capacity on your Grid and review the upgrade guidelines before you upgrade from a previous NIOS
release.
Infoblox recommends that administrators planning to perform an upgrade from a previous release create and
archive a backup of the Infoblox appliance configuration and data before upgrading. You can run an upgrade
test before performing the actual upgrade. Infoblox recommends that you run the upgrade test, so you can
resolve any potential data migration issues before the upgrade.
Following is a list of upgrade and revert paths. You can also schedule a full upgrade from these releases.
8.0.4 and earlier 8.0.x releases

7.3.201 and 7.3.200 releases
7.3.100
7.2.202-LD and earlier 7.2.2xx releases
Technical Support
Infoblox technical support contact information:
Telephone: 1-888-463-6259 (toll-free, U.S. and Canada); +1-408-625-4200, ext. 1
E-mail: [email protected]
Web: https://support.infoblox.com
GUI Requirements
Grid Manager supports the following operating systems and browsers. You must install and enable Javascript for
Grid Manager to function properly. Grid Manager supports only SSL version 3 and TLS version 1 connections.
Infoblox recommends that you use a computer that has a 2 GHz CPU and at least 1 GB of RAM.
400-0679-005 Rev. B 7/3/2018
Infoblox supports the following browsers for Grid Manager:
OS Browser
Microsoft Windows 10® Microsoft Internet Explorer® 11.x*, 10.x
Mozilla Firefox 39.x, 37.x, 32.x, 31.x, 25.x, 21.x, 16.x, and 10.x
Google Chrome 43, 42, 41, 40, 37.x, 36.x, 30.x, 27.x, 22.x, and 16.x
Microsoft Windows 8.1 and 8.0® Microsoft Internet Explorer® 11.x*, 10.x*
Mozilla Firefox 37.x, 32.x, 31.x, 25.x, 21.x, 16.x, and 10.x
Google Chrome 41, 40, 37.x, 36.x, 30.x, 27.x, 22.x, and 16.x
Microsoft Windows 7® Microsoft Internet Explorer® 11.x*, 10.x, 9.x
Mozilla Firefox 32.x, 31.x, 25.x, 21.x, 16.x, and 10.x
Google Chrome 37.x, 36.x, 30.x, 27.x, 22.x, and 16.x
Microsoft Windows XP® (SP2+) Microsoft Internet Explorer® 11.x*, 10.x, 9.x
Red Hat® Enterprise Linux® 7.x Mozilla Firefox 32.x, 31.x, 25.x, 21.x, 16.x, and 10.x
Apple® Mac OS X 10.11.x Safari 8.x, 7.x
Apple® Mac OS X 10.10.x Safari 8.x, 7.x
Apple® Mac OS X 10.9.x Safari 7.x
When viewing Grid Manager, set the screen resolution of your monitor as follows:
Minimum resolution: 1280 x 768
Recommended resolution: 1280 x 1024 or better
Documentation
You can download the Infoblox NIOS Administrator Guide from the appliance. From Grid Manager, expand the
Help panel, and then click Documentation -> Admin Guide.
Training
Training information is available at http://inter.viewcentral.com/events/uploads/infoblox/login.html.
400-0679-005 Rev. B 7/3/2018
ACCESSING GRID MANAGER
Before you log in to Grid Manager, ensure that you have installed your NIOS appliance, as described in the
installation guide or user guide that shipped with your product, and configured it accordingly.
To log in to Grid Manager:
1. Open an Internet browser window and enter https://<IPv4 address or hostname of your NIOS
appliance> or https://[IPv6 address] of your NIOS appliance. The Grid Manager login page appears.
2. Enter your user name and password, and then click Login or press Enter. The default user name is
admin and password is infoblox.
3. Read the Infoblox End-User License Agreement and click I Accept to proceed. Grid Manager displays
the Dashboard, your home page in Grid Manager.
ADDRESSED VULNERABILITIES
This section lists security vulnerabilities that were addressed in the past 12 months. For vulnerabilities that are
not listed in this section, refer to Infoblox KB #2899. For additional information about these vulnerabilities,
including their severities, please refer to the National Vulnerability Database (NVD) at http://nvd.nist.gov/.
The Infoblox Support website at https://support.infoblox.com also provides more information, including
vulnerabilities that do not affect Infoblox appliances.
CERT VULNERABILITY NOTE CVE-2017-3135

Under some conditions when using both DNS64 and RPZ to rewrite query responses, the querying process could
resume in an inconsistent state, resulting in either an INSIST assertion failure or an attempt to read through a
NULL pointer.

An unusually-formed answer containing a DS resource record could trigger an assertion failure and cause the
DNS service to stop, resulting in a denial of service to clients.

An error handling a query response containing inconsistent DNSSEC information could trigger an assertion
failure and cause the DNS service to stop, resulting in a denial of service to clients.

A malformed response to an ANY query can trigger an assertion failure during recursion and cause the DNS
service to stop, resulting in a denial of service to clients.

While processing a recursive response that contained a DNAME record in the answer section, “named” could
stop execution after encountering an assertion error in resolver.c.

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause
a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a
allowed remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request
extensions.
400-0679-005 Rev. B 7/3/2018

The net/ipv4/tcp_input.c in the Linux kernel before 4.7 did not properly determine the rate of challenge ACK
segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window
attack.

A defect in the control channel input handling could cause the DNS service to fail due to an assertion failure in
sexpr.c or alist.c when a malformed packet was sent to the control channel.

An attacker who controlled a server to make a deliberately chosen query to generate a response that contained
RRSIGs for DNAME records could cause the DNS service to fail due to an assertion failure in resolver .c or db.c,
resulting in a denial of service to clients.

In some versions of BIND, an error could occur when data that had been received in a resource record was
formatted to text during debug logging. Depending on the BIND version in which this occurred, the error could
cause either a REQUIRE assertion failure in buffer.c or an unpredictable crash (e.g. segmentation fault or other
termination). This issue could affect both authoritative and recursive servers if they were performing debug
logging. Note that NIOS 7.1.0 through 7.1.8 and NIOS 7.2.0 through 7.2.4 were affected by this vulnerability.

A DNS server could exit due to an INSIST failure in apl_42.c when performing certain string formatting
operations. Examples included but might not be limited to the following:
 Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer
from their masters.
 Masters using text-format db files could be vulnerable if they accepted a malformed record in a DDNS
update message.
 Recursive resolvers were potentially vulnerable when logging, if they were fed a deliberately
malformed record by a malicious server.
 A server which had cached a specially constructed record could encounter this condition while
performing 'rndc dumpdb'.

A badly formed packet with an invalid IPv4 UDP length field could cause a DHCP server, client, or relay
program to terminate abnormally, causing a denial of service.

If responses from upstream servers contained an invalid class parameter for certain record types, DNS service
might terminate with an assertion failure.

The glibc DNS client side resolver was vulnerable to a stack-based buffer overflow when the getaddrinfo()
library function was used. Software using this function might be exploited with attacker-controlled domain
names, attacker-controlled DNS servers, or through a man-in-the-middle attack.

Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the
pre-authentication process for remote code execution

Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise
the pre-authentication process for remote code execution and who had valid credentials on the host could
impersonate other users
400-0679-005 Rev. B 7/3/2018

An incorrect boundary check could cause DNS service to terminate due to a REQUIRE assertion failure. An
attacker could deliberately exploit this by providing a maliciously constructed DNS response to a query.

Parsing a malformed DNSSEC key could cause a validating resolver to exit due to a failed assertion. A remote
attacker could deliberately trigger this condition by using a query that required a response from a zone
containing a deliberately malformed key.

A remotely exploitable denial-of-service vulnerability that exists in all versions of BIND 9 currently supported.
It was introduced in the changes between BIND 9.0.0 and BIND 9.0.1.
CERT VULNERABILITY NOTE CVE-2015-6364 and CVE-2015-5366

A flaw was found in the way the Linux kernel networking implementation handled UDP packets with incorrect
checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel,
resulting in a denial of service on the system, or causing a denial of service in applications using the edge
triggered epoll functionality.

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1
before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds
read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against
a server that supported client authentication with a custom verification callback.

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s,
1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner
EncryptedContent data.

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1
before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via
vectors that triggered a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for
a hash function.

A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed
the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any
of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute
arbitrary code with the permissions of the user running the application.

A recursive resolver configured to perform DNSSEC validation, with a root trust anchor defined, could be
deliberately crashed by an attacker who could cause a query to be performed against a maliciously constructed
zone.

Addressed an internal issue in C library (GNU C Library gethostbyname*). Although it was not possible to exploit
this as a security issue in NIOS, it could cause some incorrect error conditions and messages while administering
the product.
400-0679-005 Rev. B 7/3/2018

An attacker could bypass source IP restrictions and send malicious control and configuration packets by
spoofing ::1 addresses because NTP's access control was based on a source IP address.

Failure to place limits on delegation chaining could allow an attacker to crash named or cause memory
exhaustion by causing the name server to issue unlimited queries in an attempt to follow the delegation.

The OpenVPN community issued a patch to address a vulnerability in which remote authenticated users could
cause a critical denial of service on Open VPN servers through a small control channel packet.

SSL3 is vulnerable to man-in-the-middle-attacks. SSL3 is disabled in NIOS, and connections must use TLSv1
(which is already used by all supported browsers).

A denial of service vulnerability that is related to session tickets memory leaks.

Off-by-one error in the read_token_word function in parse.y in GNU BASH through v. 4.3 allowed remote
attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly an
unspecified impact through deeply nested for loops (also known as the "word_lineno" issue).

The redirection implementation in parse.y in GNU BASH through v. 4.3 allowed remote attackers to cause a
denial of service (out-of-bounds array access and application crash) or possibly an unspecified impact through
the "redir_stack" issue.
CERT VULNERABILITY NOTE CVE-2014-6271, CVE-3014-6277, CVE-2014-6278, AND CVE-2014-7169

GNU Bash through v. 4.3 processed trailing strings after function definitions in the values of environment
variables, which allowed remote attackers to execute arbitrary code via a crafted environment (also known as
the "ShellShock" vulnerability)."

Enabling anonymous ECDH cipher suites on TLS clients could cause a denial of service.

A specially crafted handshake packet could force the use of weak keying material in the SSL/TLS clients,
allowing a man-in-the-middle (MITM) attack to decrypt and modify traffic between a client and a server.

Remote attackers could utilize DTLS hello message in an invalid DTLS handshake to cause a denial of service.

Enabling SSL_MODE_RELEASE_BUFFERS failed to manage buffer pointer during certain recursive calls that
could cause a denial of service.

Remote attackers could trigger buffer overrun attack through invalid DTLS fragments to an OpenSSL DTLS
client or server, resulting in a denial of service.
400-0679-005 Rev. B 7/3/2018

A crafted query against an NSEC3-signed zone could cause the named process to terminate.
RESOLVED ISSUES
The following issues were reported in previous NIOS releases and resolved in this release. The resolved issues
are listed by severity. For descriptions of the severity levels, refer to Severity Levels on page 35.
Fixed in 8.0.5
ID Severity Summary
NIOS-63041 Major When certain threat protection response rules were enabled, the IB-4030-10GE could
engage in the power cycle recovery loop during a reboot.
NIOS-62931 Major The IB-4030 might not accelerate DNS queries that had DSCP values configured for a
certain value. It passed these queries to the standard DNS process. A high volume of
such queries might overload the DNS process, causing high CPU usage.
Fixed in 8.0.4
ID Severity Summary
NIOS-62372 Critical Under certain circumstances, the PT-1400 appliance was unable to join the Grid after
the threat protection service was enabled in monitoring mode.
NIOS-62295 Critical In an anycast configuration with port redundancy enabled, the IPv6 OSPF neighbor
unexpectedly went offline after a NIC failover.
NIOS-62269 Critical On rare occasions, the appliance experienced intermittent service outage due to
issues related to zone reloading.
NIOS-61968 Critical Reverse zones failed to load due to overlapping IPs from bulk hosts, resulting in
incorrect FQDN being returned.
ID Severity Summary
NIOS-62603 Major Under certain circumstances, an RPZ CIDR tree insertion error could corrupt the tree
data structure that contained overlapping networks, causing the DNS service to
restart.
NIOS-62545 Major Addressed the following vulnerability:
CVE-2017-3135: Under some conditions when using both DNS64 and RPZ to rewrite
query responses, the querying process could resume in an inconsistent state, resulting
in either an INSIST assertion failure or an attempt to read through a NULL pointer.
NIOS-62342 Major A records for name servers in the “external" DNS view were deleted after a zone that
had the specific record as a name server was deleted.
NIOS-62317 Major Under specific circumstances, upgrade test might fail.
NIOS-62237 Major When installing temporary Reporting licenses on certain high-performance Trinzic
appliances, the license expiration did not align with that of the Grid license.
400-0679-005 Rev. B 7/3/2018
NIOS-62234 Major A gradual increase in swap space usage was experienced in the following appliances
that support IPMI (Intelligent Platform Management Interface): IB-810, IB-820, IB-800,
IB-1410, IB-1420, PT-1400, IB-1400, IB-2200, PT-2200, IB-2210, IB-2220, IB-4000, IB-
4010, IB-4020, IB-4030, IB-4030-10GE, PT-4000, ND-800, ND-1400, ND-2200, and ND-
4000.
NIOS-62216 Major Creating a CNAME record using the backslash (\) character in the name could cause a
DNS service outage.
NIOS-62190 Major Creating a sub zone that started with a wildcard character caused a zone failure.
NIOS-62176 Major The threat protection service did not automatically restart after a valid RPZ license
was installed after an upgrade.
NIOS-62165 Major Under certain circumstances, Grid Manager was very slow and it reverted to the
product restart page.
NIOS-62096 Major Network Insight: The network view value in a VRF mapping rule was mapped to 0
(zero), which was an invalid number and caused an error in NIOS.
NIOS-61478 Major Microsoft Management: Authentication for all user accounts outside the Users OU
(organizational unit) failed when the nested group query was enabled.
NIOS-61341 Major Reporting: The Top NXDOMAIN NOERROR report did not return data for some Grid
members.
NIOS-62229 Minor This release enhances the Infoblox PAPI and WAPI performance to meet certain
requirements.
NIOS-62123 Minor Updated the Infoblox NIOS Administrator Guide to reflect the correct port usage for
specific appliance roles.
NIOS-57752 Minor The appliance logged messages related to purging scavenging tasks even after DNS
scavenging was disabled at the Grid level.
Fixed in 8.0.3
ID Severity Summary
CVE-2016-9444: An unusually-formed answer containing a DS resource record could

trigger an assertion failure and cause the DNS service to stop, resulting in a denial of
service to clients.
CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC

information could trigger an assertion failure and cause the DNS service to stop,
resulting in a denial of service to clients.
CVE-2016-9131: A malformed response to an ANY query can trigger an assertion failure

during recursion and cause the DNS service to stop, resulting in a denial of service to
clients.
400-0679-005 Rev. B 7/3/2018
Fixed in 8.0.2
ID Severity Summary
NIOS-62118 Critical Under certain circumstances, the appliance experienced high CPU usage.
NIOS-61774 Critical On some occasions, the DHCP range did not inherit the logic filer list from its parent
network.
NIOS-61460 Critical In certain configuration, the Grid experienced high disk usage on multiple members.
NIOS-60748 Critical It took longer than expected for limited-access users to access Grid Manager.
ID Severity Summary
NIOS-62207 Major Downloads of the capture files failed during a scheduled upgrade.
NIOS-62180 Major In some cases, the DNS cache on the IB-4030 appliance can become degraded over
time, affecting DNS responsiveness. This issue affects only the IB-4030 appliance.
NIOS-62086 Major In a Multi-Grid configuration, credential validation on the sub Grid did not function
properly.
NIOS-62036 Major Grid Manager might not display certain records when users sort them by principal in a
particular zone.
NIOS-62017 Major CHAOS query was not supported when Advanced DNS Protection was enabled.
NIOS-61987 Major Under certain circumstances, Grid Manager displayed an error when users opened a
specific DNS zone.
NIOS-61145 Major It took longer than expected to perform DNS zone transfers using DIW.
NIOS-60348 Major Auto-generated A records appeared for Grid members that were not running DNS in
the respective view.
NIOS-60275 Major The TTL Value for a NS record was incorrectly inherited from the external primary
server, when the zone was assigned to a name server group containing the Grid Master
as Grid primary and an external secondary server.
NIOS-60230 Major The import zone data feature did not function properly when the “Create Hosts and
Bulk Hosts during Import” option was selected only for a forward-mapping zone.
NIOS-61469 Minor It took longer than expected to navigate through Grid Manager.
NIOS-61674 Enhance This release added an option for enabling “DDNS protected' in the Add Host Record
wizard.
400-0679-005 Rev. B 7/3/2018
Fixed in 8.0.1
ID Severity Summary
NIOS-61839 Critical Addressed the following vulnerability:
CVE-2016-8864: While processing a recursive response that contained a DNAME record

in the answer section, “named” could stop execution after encountering an assertion
error in resolver.c.
ID Severity Summary
NIOS-61924 Major VMware Tools was displayed as “Not running” on the IB-V825 and IB-V1425 appliances.
NIOS-61868 Major The diagnostic code for BFD has been changed for DNS service stop.
NIOS-61801 Major DNS Traffic Control: The menu actions “Add Existing Server” for a DTC pool and “Add
Existing Pool” for an LBDN might fail with an invalid error message. The message
indicates that a duplicate object is being added to the Pool or LBDN when the
selected object is not a duplicate.
Fixed in 8.0.0
ID Severity Summary
NIOS-60748 Critical Under certain circumstances, Grid Manager experienced latency when loading the DNS
tab.
NIOS-60700 Critical Unable to restart Grid services after an upgrade.
NIOS-60518 Critical The appliance returned an error by automatically generating the FireEye URL in lower
case irrespective of the Network/DNS view, causing mismatch with the actual network
and DNS view.
NIOS-60509 Critical Global search returned swap space error and GUI performance was slower than usual.
NIOS-60045 Critical The NIC Usage tab in the System Activity Monitor dashboard on the IB-4030 appliance
displayed the same line graph for both LAN1 and LAN2 ports.
NIOS-59953 Critical In a specific configuration, modifying NS groups using CSV import might cause the
appliance to reboot.
NIOS-59875 Critical This release adds the Prefer LAN1 when available option when port redundancy is
enabled in configuration that uses the LAN1 as the primary source.
NIOS-59828 Critical After adding an external DNS view, zone transfers did not function properly.
NIOS-59827 Critical DNS scavenging might fail when users logged in remotely and executed DNS scavenging
manually.
NIOS-59796 Critical Query logging for Network Insight caused some performance issues.
NIOS-59676 Critical The Reporting Search tab did not populate data under the “What to Search” and
“Data Summary” sections.
400-0679-005 Rev. B 7/3/2018
NIOS-59333 Critical login_denied messages were displayed instead of login_allowed messages for the
SPLUNK-REPORTING-ADMIN group after an upgrade.
NIOS-59153 Critical During an upgrade, DHCP ranges did not inherit properties from the network.
NIOS-59013 Critical RFC1918 and 127.0.0.0/8 were removed from the base.rpz.infoblox.local feed and
moved to the bogon.rpz.infoblox.local zone.
NIOS-58960 Critical Under certain circumstances, some networks might experience behavioral changes due
to DDNS issues.
NIOS-58925 Critical In a situation to address timing issue for a DHCP failover association, DHCP clients
were unable to get leases even when the secondary peer was in the partner-down
state.
NIOS-58885 Critical Under certain circumstances, DHCP service was affected due to DHCP failover issues
during service restarts.
NIOS-58120 Critical The match-recursive-only option was reset to the default value when DNS service was
restarted.
NIOS-57809 Critical AD authentication did not work properly when users tried to log in to the appliance
using SSH.
NIOS-56196 Critical Under specific circumstances, the NTP service was not synchronized correctly, causing
service outage.
ID Severity Summary
NIOS-61703 Major Under certain circumstances, the reporting cluster and Network Insight appliances
failed to come online until manually rebooted.
NIOS-61677 Major The swap usage on a reporting server exceeded the threshold value after an upgrade.
NIOS-61575 Major Under specific circumstances, the IB-4030 appliance unexpectedly went offline.
NIOS-61518 Major The appliance logged a “bulk host” failure error even when bulk hosts were resolved
successfully.
NIOS-61506 Major Upgrade test unexpectedly failed after distribution was completed successfully.
NIOS-61461 Major Addressed the following OpenSSL vulnerabilities:
CVE-2016-6306: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before
1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read)
via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVE-2016-6304: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2

before 1.0.2i, and 1.1.0 before 1.1.0a allowed remote attackers to cause a denial of
service (memory consumption) via large OCSP Status Request extensions.
NIOS-61383 Major Under certain circumstances, a vNIOS virtual member was disconnected from the Grid.
NIOS-61350 Major The syslog recorded excessive messages related to an error about applying Infoblox
reporting application configuration files to all peers.
400-0679-005 Rev. B 7/3/2018
NIOS-61263 Major When the database is big and the system was busy, it took longer than expected for
the passive node of an HA pair to synchronize data with the active node when the
appliance became a Grid Master Candidate.
NIOS-61260 Major Under specific circumstances, DNS timeouts might occur after an upgrade.
NIOS-61256 Major The Microsoft managing member experienced high database utilization due to pending
synchronization jobs.
NIOS-61243 Major The appliance denied a DHCP lease to the checkpoint firewall MAC address and sent a
NIOS-61188 DHCPDISCOVER message indicating that the lease was issued to the secondary peer.
NIOS-61167 Major The DNS service failed to start due to an unexpected syntax error in the named.conf
file.
NIOS-61145 Major The appliance experienced slow performance when migrating DNS data using DIW
(Data Import Wizard) and AXFR.
NIOS-61047 Major Network Insight: The appliance returned an error when users tried to drill down to the
Interfaces tab of a discovered device.
NIOS-61041 Major Under special circumstances, DNSSEC validation might fail.
NIOS-60920 Major The RPZ Recent Hits tab did not display any data.
NIOS-60906 Major The Smart folder filter was unable to filter data based on a custom filter name.
NIOS-60891 Major vDiscovery stopped working for OpenStack.
NIOS-60880 Major CSV Import: The appliance returned an error while overriding the existing host address
and modifying the new host address.
NIOS-60828 Major The appliance logged the LDAP server failure traps even though the user
authentication was successful.
NIOS-60724 Major AD authentication did not work properly when users tried to log in to the appliance
using SSH.
CVE-2016-5696: The net/ipv4/tcp_input.c in the Linux kernel before 4.7 did not
properly determine the rate of challenge ACK segments, which made it easier for
man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.
NIOS-60661 Major Reporting: The reporting service encountered some lookup issues and did not function
properly.
NIOS-60599 Major Under certain circumstances, the Grid member displayed the “DNS acceleration usage
high” status.
NIOS-60533 Major On rare occasions, the appliance experienced DHCP failure after establishing GSS-TSIG
security context.
NIOS-60515 Major Unable to modify false records associated with the IP address in the External View.
NIOS-60458 Major Unable to restore database if the CNAME record and the LBDN record shared the same
FQDN.
NIOS-60437 Major Under certain circumstances, Grid Master experienced an unexpected HA failover.
400-0679-005 Rev. B 7/3/2018
NIOS-60429 Major This release disables all ArcFour ciphers used by the SSH service in NIOS.
NIOS-60383 Major Under certain circumstances, the DHCP Lease History report did not show the status
for fixed address.
NIOS-60367 Major Under certain circumstances, Discovery diagnostics did not work on a Network Insight
member.
NIOS-60366 Major Grid Manager might not respond or experience a delay while loading the Action icon in
the IPAM tab.
NIOS-60353 Major Unable to configure DHCP expert mode in NIOS 7.2.0 and NIOS 7.3. 0.
NIOS-60327 Major When Infoblox DDI for AWS was integrated with AWS Route 53 DNS service, task errors
were not logged to the syslog.
NIOS-60287 Major The "EARLY DROP TCP query multiple questions" rule dropped DNS packets from the
specific TCP port when there were multiple questions being queried at same time.
NIOS-60280 Major The number of RPZ zones per DNS view in a Grid should have been limited to 32.
NIOS-60216 Major A CSV import triggered high CPU utilization, causing DNS service interruption.
NIOS-60213 Major WAPI: Fingerprint was missing in lease objects.
NIOS-60199 Major For IB-4030-10GE appliances, IPv6 OSPFv3 router priority should have been set to 0.
NIOS-60183 Major Under certain upgrade scenarios, the bloxTools member might experience high
memory utilization.
NIOS-60178 Major Unable to convert an unmanaged device that was discovered through vDiscovery to A
or PTR record.
NIOS-60162 Major Upgraded the NTP version to address a few NTP vulnerabilities.
NIOS-57974
NIOS-60159 Major Unable to parse option 82 (remote ID and circuit ID) values through option filters.
NIOS-60126 Major AD authentication did not work properly when users tried to log in to the appliance
using SSH.
NIOS-60060 Major When an endpoint was un-quarantined from the Cisco ISE portal, Cisco ISE sent a
session notification that contained a "\" in the username, causing an error on the Grid
Master.
NIOS-60048 Major WAPI: The RESTART_IF_NEEDED option restarted all services on all Grid members.
NIOS-60023 Major A Grid Manager session did not timeout when the traffic capture window was active.
NIOS-59997 Major Network Insight: Discovered HSRP addresses were not displayed in Grid Manager.
NIOS-59970 Major Under certain circumstances, the dhcpd process caused high swap memory utilization.
NIOS-59968 Major Under certain circumstances, HA members experience DNS outage after an upgrade.
NIOS-59953 Major During a scheduled upgrade, some Grid members were upgraded before their
scheduled upgrade time.
NIOS-59952 Major Grid Manager displayed an error while saving a DHCP range template.
400-0679-005 Rev. B 7/3/2018
NIOS-59945 Major The appliance returned an error when users tried to access a Grid member through
the remote console using SSH.
NIOS-59935 Major Unable to upgrade from a pre-released NIOS version.
NIOS-59489 Major Device discovery failed and displayed that SNMP polling was disabled on the group
settings, even though it was enabled globally and polling was disabled at the Grid
level, but enabled at the network level.
NIOS-59913 Major After adding a bulk host, the primary server restarted the DNS service automatically,
but the secondary server was not affected.
NIOS-59902 Major Underscore zones inherited the SOA MNAME settings from the Grid member, instead of
the parent zone.
NIOS-59885 Major Under certain circumstances, the Grid Master failed over and the Grid members were
offline after an upgrade.
NIOS-59839 Major Reporting: A scheduled weekly task for exporting search results started a day after
the scheduled time.
NIOS-59830 Major Certain audit log data that was logged in the aduit.log file was not displayed in Grid
Manager.
NIOS-59820 Major When “Ignore client identifier” was selected, DHCP considered lease requests from
the same MAC, either with or without client identifier and different client identifiers
as identical requests.
NIOS-59810 Major The TE-1410 appliance rebooted due to high swap usage.
NIOS-59760 Major DNS integrity check ran on any member when the member's database had zones with
DNS integrity check enabled.
NIOS-59759 Major In certain NIOS releases, DHCP clients were unable to renew a lease when the Client
UID changed even though “Ignore client identifier” was enabled.
NIOS-59750 Major HTTP file distribution was not getting replicated in Grid members when users were
uploading files from the Grid Master.
NIOS-59688 Major Customer experienced discrepancies in Grid Manager after an unexpected HA Grid
Master failover.
NIOS-59680 Major This release allows users to disable SSLv3 usage during reporting (splunk) data
transmission.
NIOS-59667 Major Expired/free leases were showing as “Active” state. In this release, these leases are
displayed as “Free” and DHCP expire messages are logged in the syslog.
NIOS-59558 Major Grid Manager was enforcing “named” to listen for DNS traffic on the interface that
was used to send upstream queries.
NIOS-59548 Major Each time any Grid object was deleted, the “version_deleted_object” was
incremented but these objects were not purged.
NIOS-59543 Major Under specific circumstances, the OSPF service restarted before the DNS service,
causing DNS query failures.
NIOS-59538 Major Remote (RADIUS) users with assigned local groups were able to log in to the appliance
via Grid Manager, but were unable to login via SSH.
400-0679-005 Rev. B 7/3/2018
NIOS-59449 Major After the first DHCP renewal, two different lease times were acknowledged by
different DHCP failover peers.
NIOS-59445 Major Under certain circumstances, an IPv6 lease scavenging was not working as expected.
NIOS-59444
NIOS-59427 Major Users suspected multiple open SSL vulnerabilities, but NIOS is not vulnerable to any of
those vulnerabilities.
NIOS-59421 Major Under certain circumstances, some scheduled searches did not return any data even
though the same report generated chart data.
NIOS-59406 Major The “set recursion_cache_size” command on an IB-1410 appliance allowed increasing
the cache size to only 512 MB, even though the physical memory was set to 8 GB.
NIOS-59403 Major Under certain circumstances, a PT-1400 appliance got in to a reboot recovery loop
during its first start up.
NIOS-59373 Major The TXID messages increased in the customer's external monitoring tool after an
upgrade.
NIOS-59357 Major DNS service took 3-5 seconds to function on an IB/VM 1400 appliance because named
required 3-5 seconds to restart on an appliance with factory default settings.
NIOS-59349 Major Some of the interface information was missing with Cisco ASR VRF-aware routers.
NIOS-59330 Major PAPI: Infoblox::DHCP::Range->network() returned only “/” when there were two
scopes in the same network.
NIOS-59300 Major On rare occasions, one of the Grid members was losing connectivity from the Grid
Master from time to time.
NIOS-59296 Major An IB-4030 appliance stopped working and rebooted automatically after a DNS
acceleration cache alarm was triggered.
NIOS-59276 Major OSPF was advertised through the LAN Interface even though VIP VLAN interface was
NIOS-59268 configured as the OSPF advertising interface.
NIOS-59270 Major Users observed high CPU utilization on one of the Grid Members synchronizing with the
Microsoft server.
NIOS-59177 Major The appliance experienced increased SWAP usage and high CPU resource loads
triggered by the http daemon.
NIOS-59171 Major In an IPv6-only Grid, LAN1, LAN2, MGMT, ANY and queries were not going through the
corresponding sources.
NIOS-59122 Major The Audit History tab was not available for some IP addresses in IPAM and the
“TypeError: 'NoneType' object is not iterable” error message was displayed.
NIOS-59082 Major When CSV Import was performed with type=Delete, import was completed successfully
and the host address was removed completely. When the search was performed for
the DNS name, it returned the old host record. Delete operation was restricted to
read-only objects such as host addresses.
NIOS-59077 Major When a zone was set to pre-publish, it was signed with two keys during the 15-day
grace period after the ZSK rollover.
NIOS-59029 Major Unable to deploy Infoblox instances (GUI and API access) in OpenStack/KVM networks
with DHCP enabled in the OpenStack network.
400-0679-005 Rev. B 7/3/2018
NIOS-59014 Major Under certain circumstances, MS Synchronization with the Grid failed.
NIOS-59011 Major Grid Master restarted automatically each time the user performed a CSV Import with
action “REPLACE”.
NIOS-58984 Major IPAM utilization threshold trigger value set at the Grid level was not showing the right
color for network utilization.
NIOS-58979 Major Unable to remove a name server from a name server group under certain
circumstances.
NIOS-58974 Major When performing a network discovery using an incorrect network view, excessive
database transactions might occur.
NIOS-58964 Major The passive node of an HA Grid Master looped in the synchronizing state.
NIOS-58934 Major Unable to filter unmanaged devices using filters in the Data Management -> Devices
tab.
NIOS-58913 Major In specific circumstances, users were unable to manage Microsoft synchronized zones
from the Microsoft servers.
NIOS-58900 Major Unable to synchronize Microsoft servers with the appliance on some occasions.
NIOS-58899 Major The BGPD service was terminated whenever the DNS service restarted or was
NIOS-58397 terminated, causing routing flaps.
NIOS-58892 Major Idle timeout did not take effect in Grid Manager, causing some active UI users to stay
in this state for a few days.
NIOS-58878 Major When using the CLI command for delete dhcp_ddns_updates to remove DDNS
updates, the SSH session or the serial console was unexpectedly logged out.
NIOS-58876 Major The IPv6 address for the I.root-servers.net service has been changed from
2001:500:3:42 to 2001:500:9f:42.
NIOS-58858 Major In a specific configuration, the appliance experienced some DNS query issues after a
number of client rebooted at the same time.
NIOS-58856 Major DHCP option inheritance from parent network containers did not function
consistently.
NIOS-58831 Major The DNS configuration file was empty after an upgrade due to a buffer issue.
NIOS-58781 Major The counts for DDNS updates in the timeout statistics were inconsistent
NIOS-58643 Major Under certain circumstances, Grid Manager might experience slow performance due to
heavy database operations.
NIOS-58596 Major On rare occasions, some DNS records were missing from the Microsoft managed DNS
zones.
NIOS-58578 Major Unable to import host addresses through a CSV import if more than one host was
returned.
NIOS-58577 Major Users might experience inheritance issues when using DHCP custom option spaces.
NIOS-58567 Major Under certain circumstances, changing the interface IP address could cause a DNS
failure.
400-0679-005 Rev. B 7/3/2018
NIOS-58566 Major An authenticated AD user might encounter an error when trying to change the TTL of
a DNS A record.
NIOS-58554 Major The password for the RPC connection to domain controller was logged in clear text in
the audit log.
NIOS-58549 Major The appliance inadvertently returned some internal errors.
NIOS-58545 Major The appliance accepted community strings that might cause handling issues.
NIOS-58525 Major Network Insight: Unable to add a seed device that had the same name as an existing
seed device in a different network view, which should be allowed.
NIOS-58501 Major Users experienced some inconsistent extensible attributes inheritance issues.
NIOS-58462 Major In the Net Map view for a network container, Grid Manager logged out when users
tried to navigate to other places in the view.
NIOS-58354 Major It took longer than expected to load and display sub zone properties in Grid Manager.
NIOS-58326 Major Under certain circumstances, DDNS updates using a TSIG key were denied.
NIOS-58312 Major In certain configurations, users were unable to add resource records to the associated
networks or zones.
NIOS-58244 Major Unable to sort by the “Status” column in the Network Users -> User History tab.
NIOS-58224 Major Unable to change the scheduled upgrade time for an upgrade group if the original
upgrade time has passed.
NIOS-58196 Major Received “SERVFAIL” responses while querying PTR records in a zone that contained
stale delegated NS records.
NIOS-58137 Major Unable to navigate to the Reporting tab on an IB-VM-820 Grid Master.
NIOS-58126 Major Unable to join networks from different network views.
NIOS-58112 Major Unable to delete a TXT record on a signed zone where the data in the TXT record
contains two consecutive backslash (\\).
NIOS-58027 Major It took longer than expected and a high CPU usage to remove a Microsoft
synchronization definition.
NIOS-58025 Major Unable to create custom extensible attributes on Cloud Platform members.
NIOS-58007 Major The zone integrity check did not occur according to the configured frequency.
NIOS-57991 Major Extensible attributes were not visible in Grid Manger after a CSV import using
“ptrrecord.”
NIOS-57977 Major Unable to join an appliance that was pre-configured as an HA Grid Master using VLAN
tagging.
NIOS-57934 Major When changing the inheritance in the “allow queries from” and “allow recursion”
settings under “queries” at the member level, DNS views appeared in the 'selected'
section instead of the 'available' section.
NIOS-57879 Major Unable to remove the glue A record from the DNS zone served by a name server that
belonged to a NS group.
400-0679-005 Rev. B 7/3/2018
NIOS-57744 Major Reporting: In the Grid Reporting Properties editor, the percentage for unused
categories was listed as 100%, which could skew the calculation for the total used
percentage.
NIOS-57736 Major The Grid Master used the LAN1 interface instead of the VIP address to communicate
with the HSM appliance.
NIOS-57688 Major Under certain circumstances, the IB-4010 Grid Master experienced an unexpected HA
failover.
NIOS-57462 Major In a specific Microsoft Management configuration, removing all synchronized
unmanaged networks also removed other networks created in NIOS for the network
container.
NIOS-57124 Major PAPI: It took longer than expected to get an authentication policy using the
Infoblox::Grid::Admin::AuthPolicy object when there was a large number of
groups involved.
NOS-56931 Major When a stealth external name server was added to the name server group, the serial
number increments happened only on the secondary servers.
NIOS-56366 Major This release adds CLI commands for SSL/TLS settings to support TLS 1.2
NIOS-53291
NIOS-52666 Major The appliance did not return the expected value when filtering using IPv4 options that
contained the “Option 82 Exists” rule.
NIOS-52004 Major When uploading DNS query and response capture files to an SCP server and the
connection between the Grid and the SCP server was not stable or if the server was
not functional, the appliance might experience a disk full issue.
NIOS-51365 Major When a reporting indexer was offline and then rejoined the Grid, it lost its indexer
role and ran as a forwarder, causing reporting issues.
NIOS-12775 Major The appliance experienced memory issues when DHCP was running through the OMAPI
channel.
NIOS-61715 Minor A “failed LCD” warning was sent to the ND-800 appliance that did not have a LCD.
NIOS-61546 Minor The DHCPv4 Usage Statistics report displayed DHCPv4 utilization that was less than
the actual utilization.
NIOS-61502 Minor A custom report for top devices identified did not work properly after an upgrade.
NIOS-61299 Minor There was a typo in the vDiscovery Job wizard tooltip.
NIOS-61292 Minor WAPI: the MAC field in the fixedaddresss object did not support case-sensitive search.
NIOS-60983 Minor Updated the filter attributes for the DHCP MAC Address objects in the Infoblox API
Documentation.
NIOS-60693 Minor The appliance failed to do DNS scavenging for underscore zones.
NIOS-60675 Minor The appliance failed to display some of the time zone correctly.
NIOS-60630 Minor After executing the show dns cache and show dns cache_size CLI Commands,
the IB-4030 appliance returned an error.
NIOS-60551 Minor The appliance displayed the “Loading” message when navigating to the next page of
the RPZ entries.
400-0679-005 Rev. B 7/3/2018
NIOS-60524 Minor Under certain circumstances, the Toggle flat view option displayed all the subnets
from all network views.
NIOS-60423 Minor Unable to add Grid members to the Grid using Elastic Scaling, if the Grid Master has a
NAT IP address.
NIOS-60277 Minor After upgrading from NIOS 6.10.201 to NIOS 7.2.10, there was a delay while loading
certain zones which have large number of records.
NIOS-60181 Minor Grid Manager displayed an error when user re-enabled DNS by selecting “Enable in
DNS" check box in the Host editor, while converting lease to host in the IPAM list
viewer.
NIOS-60096 Minor Inconsistency in the IPv6 network name When user created and modified an IPv6
network through the PAPI.
NIOS-59943 Minor Unable to add a bulk host if the bulk host name conflicted with an existing host alias.
NIOS-59928 Minor This release changes a warning message about DNS scavenging to clarify the message.
NIOS-59892 Minor In certain configurations, an external management system rejected incoming SNMPv3
traps sent by the Infoblox Grid.
NIOS-59732 Minor A new error message has been added to indicate that DNS Scavenging cannot be
performed for underscore zones.
NIOS-59679 Minor In NIOS 7.3.4 and prior versions, the traffic.cap file was not stored in the root of
tcpdumpLog.tar.gz, but saved under \storage\tmp when it was extracted.
NIOS-59675 Minor The named_cache file when collected in the support bundle was being truncated if
the recursive cache was full.
NIOS-59662 Minor DNS Scavenging reclaimable objects were not displayed in Smart Folders.
NIOS-59567 Minor When the “$” character was used to search the “network” fields for objects such as
network, networkcontainer, ipv6network, ipv6networkcontainer, fixedaddress,
ipv6fixedaddress and range objects, the regex did not work and returned error or
incorrect results.
NIOS-59513 Minor Login was denied when the user was authenticated against Active Directory and
belonged to a group that contained multiple instances of double backslashes.
NIOS-58945 Minor In the syslog, certain messages related to reporting events were not clear.
NIOS-58377 Minor A newly added bookmark did not appear in the Bookmarks tab and users were unable
to re-add the bookmark.
NIOS-58362 Minor Unable to synchronize bloxTools data in a specific bloxTools environment, causing a
manual backup failure.
NIOS-58133 Minor The summary index for DNS tunneling contains all Advanced DNS Protection events,
instead of only events related to DNS tunneling.
NIOS-58104 Minor The Infoblox NIOS Administrator Guide did not cover the file name convention for
reporting backups.
NIOS-57995 Minor When configuring an external primary or secondary DNS server in either a zone or
name server group, users could enter invalid characters when using a TSIG key,
causing a DNS configuration syntax error.
400-0679-005 Rev. B 7/3/2018
NIOS-57722 Minor Changed the “None” option to “Any” for the "Allow queries from" option in the
Grid/Member DNS Query ACL section to improve usability.
NIOS-57637 Minor Updated the Infoblox NIOS Administrator Guide to clarify the password history
information.
NIOS-57582 Minor The appliance sent SNMP traps to clear OSPF and OSPFv6 issues, but did not send
SNMP traps for the issues themselves.
NIOS-56936 Minor Grid Manager now does not display the Infoblox Community dashboard.
NIOS-56329 Minor This release removes irrelevant logging in the audit log.
NIOS-52207 Minor The installation guide did not include the heat output or input current for the Infoblox
800 Series appliances.
NIOS-61098 Enhance Users can now use a CLI command to disable the feature that allows them to send
requests to Infoblox Technical Support.
NIOS-59435 Enhance Syslog messages were missing for a dual-stack Pool of DTC health monitors.
NIOS-58083 Enhance This release adds a check box to the Data Collector VM editor for enabling registration
requests.
NIOS-56267 Enhance This release improves usability so users do not disable remote access permanently by
mistake.
Severity Levels
Severity Description
Critical Core network services are significantly impacted.
Major Network services are impacted, but there is an available workaround.
.Moderate Some loss of secondary services or configuration abilities.
Minor Minor functional or UI issue.
Enhance An enhancement to the product.
KNOWN GENERAL ISSUES
ID Summary
NIOS-62159 Reporting: When you perform a scheduled full upgrade from a NIOS release earlier than 7.3.0 to
NIOS 8.0.0 and later, reporting data from Grid members that have not been upgraded is not
forwarded to the Reporting server that has already been upgraded due to security changes in SSL
related to CVE-2014-3566 (POODLE).
Workaround: Upgrade all Grid members to NIOS 7.3.0 or later before upgrading them to NIOS
8.0.0 and later.
NIOS-62096 Network Insight: Under certain circumstances, the appliance might return an invalid network
view ID when automatic VRF mapping is enabled, causing memory issues on the Grid Master.
400-0679-005 Rev. B 7/3/2018
NIOS-61798 RESTful API Outbound Notifications: The filename downloaded for a RESTful API template might
have an unrecognizable template name if you do any of the following:
• Use UTF-8 characters to name the template.
• Download the template from NIOS.
• Use Firefox 47 or any browsers that do not support UTF-8 filename download.
NIOS-61781 In cases where NAT is disabled but NAT groups still have a value, NIOS reporting forwarders may
try to talk to indexers using an incorrect address. To prevent this, ensure that NAT group settings
are cleared or empty when NAT is disabled.
NIOS-61756 Advanced DNS Protection: It might take longer than expected to download ruleset updates, but
there is no functional impact. You will get a message indicating that the appliance continues to
process changes that you make in the background while downloading the ruleset updates.
NIOS-61603 Currently, the Infoblox appliances ship with auto-provisioning enabled by default. During initial
setup, the default IP address of 192.168.1.2 as documented in the Infoblox NIOS Administrator
Guide and Installation Guides will not be assigned.
Workaround: Manually set the IP address through the serial console using the set network CLI
command to re-configure the default IP address to 192.168.1.2 (or any valid IP address) and
netmask to 255.255.255.0.
NIOS-61721 REST API Outbound Notifications: If you configure the Grid Master Candidate as the outbound
member, ensure that you review its capacity before promoting it to the Grid Master because
after the promotion, the newly promoted Grid Master continues to handle all outbound related
activities, including those being handled by the old Grid Master.
NIOS-61714 Temporary licenses: When you have temporary licenses for Security, Threat Analytics, Threat
Protection and RPZ installed on your appliance and the Security license expires, all other
security related functionality stops working. However, Grid Manager might still display an “OK”
status for these services in their corresponding dashboards.
Workaround: Obtain permanent licenses to continue using these features.
NIOS-61681 If you set up your Grid to use Infoblox Threat Insight but have not enabled automatic updates for
Threat Analytics module sets, your upgrade will fail.
Workaround: Manually upload the latest module set to your Grid or enable automatic updates
before upgrading.
NIOS-61651 vNIOS for AWS and Azure: If you configure the LAN1 and MGMT interfaces using IPv6 parameters,
you might not be able to re-join the vNIOS member to the Grid when it reboots.
Workaround: Avoid using IPv6 parameters when configuring the LAN1 and MGMT interfaces for
the vNIOS member.
NIOS-61565 Object Change Tracking: In situations that involve a large database, performing a full
synchronization from the Grid Master Candidate while the previous file is still being synchronized
to the Grid Master might cause the deletion of the original synchronization file.
Workaround: Do not perform a full synchronization from the Grid Master Candidate until the file
from the previous synchronization is fully synchronized to the Grid Master.
NIOS-61563 Reporting and Analytics: In a Reporting Clustering configuration, the status of the cluster master
might return a service failure error after an upgrade.
Workaround: Restart the cluster master.
NIOS-61562 Reporting and Analytics: The Destination Path is an optional field in a single-site cluster,
which might cause a second reporting indexer to go offline and not being upgraded.
Workaround: Ensure that you enter a value for the Destination Path field.
NIOS-60959 No outbound events are recorded when you remove a parent object using an outbound template.
400-0679-005 Rev. B 7/3/2018
NIOS-54840 Some of the cloud related features might still be functional even after you have removed a
temporary Cloud license from your Grid, regardless of whether the license is valid or has expired.
For example, you might not be able to remove cloud extensible attributes because they remain
as Read-only attributes.
Workaround: Install a permanent Cloud license on the Grid, wait at least five minutes, and then
delete the permanent license from the appliance. Wait another five minutes and verify that all
cloud extensible attributes are no long Read-only.
N/A Infoblox has upgraded the software for our user community (community.infoblox.com), which
will offer users enhanced features and a more robust experience. This new community software
however, is not compatible with our community dashboard widget. As a result, the functionality
of the Community Dashboard widget is inconsistent. The Community Dashboard widget will
subsequently be removed in the next NIOS maintenance release.
NIOS-58190 Reporting and Analytics: The reporting service does not support non-ASCII characters in the
names of admin groups and admin users.
NIOS-57930 Reporting and Analytics: Object permissions for certain system searches are not migrated after
an upgrade.
Workaround: Superusers can fix these permissions for limited-access users when necessary.
NIOS-57850 Reporting and Analytics: Custom logos in report PDFs might not appear properly if the logo is in
JPEG format.
Workaround: Use logos that are in PNG format.
NIOS-56982 Reporting and Analytics: Unable to copy or bookmark a page using the “Link to Job” option in
the Job Settings dialog in the Splunk -> Reports page.
NIOS-55312 An RPZ rule that was deleted and then added to an RPZ feed again might not take effect
immediately. This delay is mandated by the effective DNS cache setting and might cause some
traffic to go through before the RPZ rule takes effect.
Workaround: To ensure that the RPZ rule takes effect immediately, clear the DNS cache before
adding the rule.
BEAU-443 Cloud Network Automation: In a scenario when you define extensible attributes that have the
exact same name (such as Tenant ID) as the mandatory cloud extensible attribute before you
install a cloud license in the Grid, the mandatory cloud extensible attribute creation will fail
when you install the cloud license.
Workaround:
1. Uninstalled the cloud license.
2. Delete the extensible attributes that have the same name as the mandatory cloud
extensible attributes.
3. Install the cloud license again.
ISE-249 Cisco ISE: Unable to create a network active user if the user is configured with Cisco ISE server
using the standby server address.
NETMRI- Network Insight: When adding seed routers through PAPI scripts, ensure that you specify the
26525 network view with which the seed router associates. Otherwise, the seed router object will be
created without a network view association.
400-0679-005 Rev. B 7/3/2018

NIOS 8.0.5 ReleaseNotes

Uploaded by

Copyright:

Available Formats

NIOS 8.0.5 ReleaseNotes

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NIOS 8.0.5 ReleaseNotes

Uploaded by

Copyright:

Available Formats

NIOS 8.0.

CHANGES TO DEFAULT BEHAVIOR ............................................................................................ 11

CHANGES TO Infoblox API and RESTful API (WAPI) ........................................................................ 12

UPGRADE GUIDELINES ........................................................................................................... 15

BEFORE YOU INSTALL ............................................................................................................ 16

ACCESSING GRID MANAGER ..................................................................................................... 18

ADDRESSED VULNERABILITIES .................................................................................................. 18

RESOLVED ISSUES ................................................................................................................. 22

KNOWN GENERAL ISSUES ........................................................................................................ 35

Please note the following:

Infoblox NIOS 8.0.x is supported on the following platforms:

• vNIOS for VMware on ESX/ESXi Servers

• vNIOS for Xen Hypervisor

• vNIOS for KVM Hypervisor

• vNIOS for AWS (Amazon Web Services)

IB-VM-100 55 1 1 1300 MHz      No

IB-VM-800 300 2 Range: 2 – 8 3000 MHZ 3   1  No

IB-VM-800 300 2 Range: 4 – 8 3000 MHZ 3     No

IB-V805 * 250 (+ user 2 32 2800 MHz    4  No

IB-VM-810 55 2 2 2000 MHz      No

IB-VM-810 160 2 2 2000 MHz      No

IB-V815 * 250 2 16 1100 MHz    4  Yes

IB-VM-820 55 2 4 3000 MHz      Yes2

IB-VM-820 160 2 4 3000 MHz      Yes2

IB-V825 * 250 2 16 1600 MHz    4  Yes

IB-VM-1400 555 4 Default: 8 8000 MHz 3     No

IB-V1405 * 250 (+ user 4 32 3600 MHz    4  No

IB-VM-1410 55 4 8 GB 6000 MHz      No

IB-VM-1410 160 4 8 6000 MHz      Yes2

IB-V1415 * 250 4 32 1200 MHz    4  Yes

IB-VM-1420 160 4 8 8000 MHz      Yes2

IB-V1425 * 250 4 32 1800 MHz    4  Yes

IB-V2205 * 250 (+ user 8 64 2100 MHz    4  No

IB-VM-2210 160 4 12 12000 MHz      Yes2

IB-V2215 * 250 8 64 2100 MHz    4  Yes

IB-VM-2220 160 4 12 12000 MHz      Yes2

IB-V2225 * 250 8 64 2100 MHz    4  Yes

IB-V4000 250 8 24 2400 MHz      No

ND-V800 160 2 8 3000 MHz 3     No

ND-V805 *5 250 2 32 2800 MHz    4  No

ND-V1400 160 4 16 8000 MHz 3     No

ND-V1405 *5 250 4 32 3600 MHz    4  No

ND-V2200 160 8 24 24000 MHz 3     No

ND-V2205 *5 250 8 32 2100 MHz    4  No

CP-V800 160 2 2 2000 MHz      No

CP-V1400 160 4 8 6000 MHz      No

CP-V2200 160 4 12 12000 MHz      No

This section lists new features in the 8.0.x releases.

DNS Traffic Control Enhancements

Infoblox High Performance Physical and Virtual Appliances

Support for Grid-wide Licenses

Enhancements to Infoblox Cloud Offerings

External Database Synchronization

Support for Outbound Notifications using RESTful API

Infoblox Reporting Enhancements

Enhancements for Multi-Grid Configuration

Enhancements for Service Restarts (RFE-642)

Network Insight Enhancements

DDNS Update Method (DHCP 4.3 Upgrade)