NIOS 8.2.7 ReleaseNotes Rev.D

NIOS 8.2.
7 Release Notes
INTRODUCTION ...................................................................................................................... 3
SUPPORTED PLATFORMS .......................................................................................................... 3
NEW FEATURES...................................................................................................................... 8
NIOS 8.2.5 ........................................................................................................................ 8
NIOS 8.2.4 ........................................................................................................................ 8
NIOS 8.2.2 ........................................................................................................................ 8
NIOS 8.2.0 ........................................................................................................................ 8
NIOS 8.1.0 ...................................................................................................................... 11
NIOS 8.0.0 ...................................................................................................................... 13
CHANGES TO DEFAULT BEHAVIOR ............................................................................................ 18

NIOS 8.2.x ...................................................................................................................... 18
NIOS 8.0.0 ...................................................................................................................... 18
CHANGES TO Infoblox API and RESTful API (WAPI) ........................................................................ 19

WAPI Deprecation and Backward Compatibility Policy ............................................................... 19
NIOS 8.2.x ...................................................................................................................... 20
NIOS 8.1.x ...................................................................................................................... 21
NIOS 8.0.0 ...................................................................................................................... 23
UPGRADE GUIDELINES ........................................................................................................... 25

Upgrading to NIOS 8.2.x ..................................................................................................... 25
BEFORE YOU INSTALL ............................................................................................................ 26
ACCESSING GRID MANAGER ..................................................................................................... 28
ADDRESSED VULNERABILITIES .................................................................................................. 28
RESOLVED ISSUES ................................................................................................................. 33

Fixed in NIOS 8.2.7 ........................................................................................................... 33
Fixed in NIOS 8.2.6 ........................................................................................................... 34
Fixed in NIOS 8.2.5 ........................................................................................................... 36
Fixed in NIOS 8.2.4 ........................................................................................................... 37
Fixed in NIOS 8.2.3 ........................................................................................................... 38
Fixed in NIOS 8.2.2 ........................................................................................................... 39
© 2018 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 1 of 70
400-0704-207 Rev. D 10/3/2018
NIOS 8.2.7 Release Notes
Fixed in NIOS 8.2.1 ........................................................................................................... 41

Fixed in NIOS 8.2.0 ........................................................................................................... 41
Fixed in NIOS 8.1.4 ........................................................................................................... 46
Fixed in NIOS 8.1.3 ........................................................................................................... 47
Fixed in NIOS 8.1.2 ........................................................................................................... 47
Fixed in NIOS 8.1.1 ........................................................................................................... 48
Fixed in NIOS 8.1.0 ........................................................................................................... 48
Fixed in NIOS 8.0.5 ........................................................................................................... 54
Fixed in NIOS 8.0.4 ........................................................................................................... 54
Fixed in NIOS 8.0.3 ........................................................................................................... 56
Fixed in NIOS 8.0.2 ........................................................................................................... 56
Fixed in NIOS 8.0.1 ........................................................................................................... 57
Fixed in NIOS 8.0.0 ........................................................................................................... 57
KNOWN GENERAL ISSUES ........................................................................................................ 68
400-0704-207 Rev. D 10/3/2018
INTRODUCTION
Infoblox NIOS 8.2.x software, coupled with Infoblox appliance platforms, enables customers to deploy large,
robust, manageable and cost-effective Infoblox Grids. This next-generation solution enables distributed
delivery of core network services—including DNS, DHCP, IPAM, TFTP, and FTP—with the nonstop availability and
real-time service management required for today’s 24x7 advanced IP networks and applications.
Please note the following:
• NIOS 8.2.x is not supported on the following appliances: IB-250, IB-250-A, IB-500, IB-550, IB-550-A,
IB-1000, IB-1050, IB-1050-A, IB-1550, IB-1550-A, IB-1552, IB-1552-A, IB-1852-A, IB-2000, IB-2000-A,
IB-VM-250, IB-VM-550, IB-VM-1050, IB-VM-1550, IB-VM-1850, IB-VM-2000, and Trinzic Reporting TR-2000
and TR-2000-A series appliances. You cannot upgrade to NIOS 8.2.x on these appliances. See Upgrade
Guidelines in this document for additional upgrade information.
• DNS Traffic Control: There are some significant changes in the functionality and user interface for
Infoblox DNS Traffic Control (DTC). Infoblox recommends that you take some time to explore and
navigate through the user interface to get familiar with the new features and changes. For detailed
information, see New Features and Changes to Default Behavior in this document.
SUPPORTED PLATFORMS
Infoblox NIOS 8.2.x is supported on the following platforms:
NIOS Appliances
- Infoblox Advanced Appliances: PT-1400, PT-1405, PT-2200, PT-2205, PT-2205-10GE, PT-4000, and
PT-4000-10GE
- Network Insight Appliances: ND-800, ND-805, ND-1400, ND-1405, ND-2200, ND-2205, and ND-4005
- Trinzic Appliances: TE-100, TE-810, TE-815, TE-820, TE-825, TE-1410, TE-1415, TE-1420, TE-1425,
TE-2210, TE-2215, TE-2220, TE-2225, IB-4010, IB-4015, IB-4025, and IB-FLEX virtual platform
NOTES: Infoblox does not recommend using the TE-820 appliance as a Grid Master in a Grid that
contains more than five (5) Grid members. In addition, running protocol services is not supported
on a TE-820 Grid Master.
- Cloud Network Automation: CP-V800, CP-V1400, and CP-V2200
- Trinzic Reporting: TR-800, TR-805, TR-1400, TR-1405, TR-2200, TR-2205, TR-4000, and IB-4005
- DNS Cache Acceleration Appliances: IB-4030 and IB-4030-10GE
- Infoblox Virtual NIOS Appliances for AWS and Microsoft Azure: TE-V820, TE-V825, TE-V1420, TE-V1425,
TE-V2220, TE-V2225, CP-V800, CP-V1400, and CP-V2200.
NOTE: TE appliances are also known as the IB appliances.
Virtual vNIOS Appliances

Infoblox supports the following vNIOS virtual appliances. Note that Infoblox does not support running vNIOS
in any nested VMs or VM-inside-VM configuration.
• vNIOS for VMware on ESX/ESXi Servers

The Infoblox vNIOS on VMware software can run on ESX or ESXi servers that have DAS (Direct Attached
Storage), or iSCSI (Internet Small Computer System Interface) or FC (Fibre Channel) SAN (Storage Area
Network) attached. You can install the vNIOS software package on a host with VMware ESX or ESXi 6.5.x,
6.0.x, 5.5.x, 5.1.x, or 5.0.x installed, and then configure it as a virtual appliance.
400-0704-207 Rev. D 10/3/2018
vSphere vMotion is also supported. You can migrate vNIOS virtual appliances from one ESX or ESXi server to
another without any service outages. The migration preserves the hardware IDs and licenses of the vNIOS
virtual appliances. VMware Tools is automatically installed for each vNIOS virtual appliance. Infoblox
supports the control functions in VMware Tools. For example, through the vSphere client, you can shut
down the virtual appliance.
You can deploy certain vNIOS virtual appliances with different hard disk capacity. Some vNIOS appliances
are not supported as Grid Masters or Grid Master Candidates. Note that the IB-VM-800 and IB-VM-1400
virtual appliances are designed for reporting purposes. For more information about vNIOS on VMware, refer
to the Infoblox Installation Guide for vNIOS Software on VMware.
• vNIOS for Microsoft Server 2012, 2012 R2, and 2016 Hyper-V
The Infoblox vNIOS virtual appliance is now available for Windows Server 2012, 2012 R2, and 2016 Hyper-V
that have DAS (Direct Attached Storage). Administrators can install vNIOS virtual appliance on Microsoft
Windows® servers using either Hyper-V Manager or SCVMM. A Microsoft Powerscript is available for ease of
installation and configuration of the virtual appliance. Note that for optimal performance, vNIOS for Hyper-
V is not recommended as a Grid Master or Grid Master Candidate. With this release, you can deploy certain
vNIOS appliances with a 50 GB, 55 GB, or 160 GB hard disk. You can also deploy the IB-VM-800 and IB-VM-
1400 virtual appliances as reporting servers. For more information about vNIOS for Hyper-V, refer to the
Infoblox Installation Guide for vNIOS on Microsoft Hyper-V.
Note: All virtual appliances for reporting purposes are supported only for Windows Server 2012 R2.
• vNIOS for Xen Hypervisor

The Infoblox vNIOS for Xen is a virtual appliance designed for Citrix XenServer 6.5 running Xen hypervisor
and for Linux machines running Xenproject.org 4.3 hypervisor. You can deploy vNIOS for Xen virtual
appliances as the Grid Master, Grid members, or reporting servers depending on the supported models.
Note that the IB-VM-800 virtual appliances are designed for reporting purposes only. For more information
about vNIOS for Xen, refer to the Infoblox Installation Guide for vNIOS for Xen Hypervisor. For information
about vNIOS virtual appliances for reporting, refer to the Infoblox Installation Guide for vNIOS Reporting
Virtual Appliances.
• vNIOS for KVM Hypervisor

The Infoblox vNIOS for KVM is a virtual appliance designed for KVM (Kernel-based Virtual Machine)
hypervisor and KVM-based OpenStack deployments. The Infoblox vNIOS for KVM functions as a hardware
virtual machine guest on the Linux system. It provides core network services and a framework for
integrating all components of the modular Infoblox solution. You can configure some of the supported
vNIOS for KVM appliances as independent or HA (high availability) Grid Masters, Grid Master Candidates,
and Grid members. For information about vNIOS for KVM hypervisor, refer to the Infoblox Installation
Guide for vNIOS for KVM Hypervisor and KVM-based OpenStack.
• vNIOS for AWS (Amazon Web Services)

The Infoblox vNIOS for AWS is a virtual Infoblox appliance designed for operation as an AMI (Amazon
Machine Instance) in Amazon VPCs (Virtual Private Clouds). You can deploy large, robust, manageable and
cost effective Infoblox Grids in your AWS cloud, or extend your existing private Infoblox NIOS Grid to your
virtual private cloud resources in AWS. You can use vNIOS for AWS virtual appliances to provide enterprise-
grade DNS and IPAM services across your AWS VPCs. Instead of manually provisioning IP addresses and DNS
name spaces for network devices and interfaces, an Infoblox vNIOS for AWS instance can act as a
standalone Grid appliance to provide DNS services in your Amazon VPC, as a virtual cloud Grid member tied
to an on-premises (non-Cloud) NIOS Grid, or as a Grid Master synchronizing with other AWS-hosted vNIOS
Grid members in your Amazon VPC; and across VPCs or Availability Zones in different Amazon Regions. For
more information about vNIOS for AWS, refer to the Infoblox Installation Guide for vNIOS for AWS.
400-0704-207 Rev. D 10/3/2018
• vNIOS for Azure

Infoblox vNIOS for Azure is an Infoblox virtual appliance designed for deployments through Microsoft Azure,
a collection of integrated cloud services in the Microsoft Cloud. The vNIOS for Azure enables you to deploy
robust, manageable, and cost effective Infoblox appliances in the Microsoft Cloud. Infoblox NIOS provides
core network services and a framework for integrating all the components of the modular Infoblox solution.
It provides integrated, secure, and easy-to-manage DNS (Domain Name System) and IPAM (IP address
management) services. You can deploy one or more Infoblox vNIOS for Azure instances through the
Microsoft Azure Marketplace and provision them to join the on-premises NIOS Grid. You can then use the
vNIOS for Azure instance as the primary DNS server to provide enterprise-grade DNS and IPAM services in
the Microsoft Cloud. You can also utilize Infoblox Cloud Network Automation with your vNIOS for Azure
instances to streamline with IPAM, improve visibility of your cloud networks, and increase the flexibility of
your cloud environment. For more information about vNIOS for AWS, refer to the Infoblox Installation
Guide for vNIOS for Microsoft Azure.
NOTE: Infoblox NIOS virtual appliances support any hardware that provides the required Hypervisor version,
memory, CPU, and disk resources. To maintain high performance on your NIOS virtual appliances and to avoid
not having enough resources to service all the NIOS virtual appliances, DO NOT oversubscribe physical resources
on the virtualization host. Required memory, CPU, and disk resources must be adequately allocated for each
virtual appliance that is running on the virtualization host. For information about the required specification for
each NIOS virtual appliance model, see the following table.
The following table lists the required memory, CPU, and disk allocation for each supported Infoblox virtual
appliance model:
NIOS Virtual Primary # of Memory Recommended NIOS for NIOS NIOS NIOS NIOS Supported
Appliances Disk (GB) CPU Alloca- CPU Core Clock VMware for MS for for for as Grid
Cores tion Rate Hyper Xen KVM AWS & Master and
(GB) -V * Azure Grid
Master
IB-VM-100 55 1 1 1300 MHz      No
IB-VM-800 300 2 Range: 3000 MHZ 3   1  No

(Reporting (Primary & 2–8
only; 1 GB Reporting) Default:
daily limit) 8
IB-VM-800 300 2 Range: 3000 MHZ 3     No

(Reporting (Primary & 4–8
only; 2 GB Reporting) Default:
daily limit) 8
IB-V805 ** 250 (+ user 2 32 2800 MHz    4  No

(Reporting defined
only) reporting
storage)
IB-VM-810 55 2 2 2000 MHz      No
IB-VM-810 160 2 2 2000 MHz      No
400-0704-207 Rev. D 10/3/2018
IB-V815 ** 250 2 16 1100 MHz    4  Yes
IB-VM-820 55 2 4 3000 MHz      Yes2
IB-VM-820 160 2 4 3000 MHz      Yes2
IB-V825 ** 250 2 16 1600 MHz    4  Yes2
IB-VM-1400 555 4 Default: 8000 MHz 3     No

(Reporting (Primary & 8
only; 5 GB Reporting)
daily limit)
IB-V1405 ** 250 (+ user 4 32 3600 MHz    4  No

(Reporting defined
only) reporting
storage)
IB-VM-1410 55 4 8 GB 6000 MHz      No
IB-VM-1410 160 4 8 6000 MHz      Yes2
IB-V1415 ** 250 4 32 1200 MHz    4  Yes
IB-VM-1420 160 4 8 8000 MHz      Yes2
IB-V1425 ** 250 4 32 1800 MHz    4  Yes
IB-V2205 ** 250 (+ user 8 64 2100 MHz    4  No

(Reporting defined
only) reporting
storage)
IB-VM-2210 160 4 12 1200 MHz      Yes2
IB-V2215 ** 250 8 64 2100 MHz    4  Yes
IB-VM-2220 160 4 12 1200 MHz      Yes2
IB-V2225 ** 250 8 64 2100 MHz    4  Yes
IB-V4005 250 8 24 2400 MHz      No

(Reporting (+ 1500 GB
only) reporting
storage)
IB-V4015 ** 250 14 128 N/A    4  Yes
IB-V4025 ** 250 14 128 N/A    4  Yes
400-0704-207 Rev. D 10/3/2018
IB-V5005 ** User User User N/A      No

defined defined defined
reporting
storage
Network Overall # of CPU Memory Recommended NIOS for NIOS NIOS NIOS NIOS Supported
Insight Virtual Disk (GB) Cores Alloca- CPU Core Clock VMware for MS for for for as Grid
Appliances tion Rate Hyper Xen KVM AWS & Master and
(GB) -V * Azure Grid
Master
Candidate
ND-V800 160 2 8 3000 MHz 3     No
ND-V805 ** 250 2 32 2800 MHz    4  No
ND-V1400 160 4 16 8000 MHz 3     No
ND-V1405 ** 250 4 32 3600 MHz    4  No
ND-V2200 160 8 24 24000 MHz 3     No
ND-V2205 ** 250 8 32 2100 MHz    4  No
ND-V4005 ** 250 14 128 N/A    4  No
Cloud Overall # of Memory Recommended NIOS for NIOS for NIOS NIOS NIOS Supported
Platform Disk (GB) CPU Alloca- CPU Core Clock VMware MS for for for as Grid
Virtual Cores tion Rate Hyper-V * Xen KVM AWS & Master and
Appliances (GB) Azure Grid
Master
Candidate
CP-V800 160 2 2 2000 MHz      No
CP-V1400 160 4 8 6000 MHz      No
CP-V2200 160 4 12 1200 MHz      No
NOTES:
* When running NIOS in MS Hyper-V with dynamic memory allocation enabled, your system might experience
high memory usage. To avoid this issue, Infoblox recommends that you disable dynamic memory allocation.
** To achieve best performance on your virtual appliances, follow the recommended specifications and allocate
your resources within the limits of the licenses being installed on the appliances.
1
For KVM hypervisor only. Not supported for KVM-based OpenStack. Does not support Elastic Scaling.
2
NIOS virtual appliance for Hyper-V is not recommended as a Grid Master or Grid Master Candidate. IB-VM-820
with 55 GB disk is not supported as the Grid Master or Grid Master Candidate for the vNIOS for KVM. The
400-0704-207 Rev. D 10/3/2018
Identity Mapping feature is supported on the IB-VM-810 and IB-VM-820 appliances only if they are configured as
Grid members, not as the Grid Master.
3
Does not support Elastic Scaling.
4
NIOS for KVM is supported in the following environments: OpenStack, RHEL, SuSE Enterprise and Cloud, and
CentOS. Note that only IB-V1405 as a Reporting server has been qualified for OpenStack.
NEW FEATURES
This section lists new features in the 8.x releases.
NIOS 8.2.5
VLAN Tagging for IB-FLEX

This release supports VLAN tagging on IB-FLEX virtual platforms. You can configure VLAN tags through the GUI
or CLI. For information about VLAN tagging, refer to the Infoblox NIOS Administrator Guide.
NIOS 8.2.4
Cloud Certificates Management (RFE-8048)

You can now manage the CA certificate in NIOS for the public clouds AWS and Azure. You can upload valid CA
certificates from the Grid Manager if the root CA expires.
NIOS 8.2.2
Support for Mixed-Mode Interface Type for IB-FLEX (RFE-8007)

This release adds support for mixed-mode interface type (SR-IOV and Virtio) on IB-FLEX in the OpenStack
environment. You can now spin up instances using mixed-mode interface type in OpenStack. Please note that
this release does not include the support for NIC bonding through cloud-init on IB-FLEX.
NIOS 8.2.0
Software-based DNS Cache Acceleration (vDCA) with Capacity Licensing (FLEX)

You can configure the IB-FLEX virtual platform as a high-performance high-speed and very low latency caching-
only name server by enabling virtual DNS cache acceleration on it.
Licensing for IB-FLEX

This release adds the following licenses to the IB-FLEX virtual platform: DCA and Unbound. Contact your
Infoblox representative for more information about IB-FLEX licenses.
Threat Insight
This feature performs analytics to detect malicious activities based on DDI data from your on-premises Grid
when the Grid is running NIOS 7.3 or later. (Note: You need the Infoblox Data Connector to transport the data
from your on-premises Grid to the Cloud.) If your Grid is running NIOS 8.2.x, you can also configure the on-
premises Grid to pull detected malicious domains from Threat insight in the Cloud so you can block applicable
traffic using the on-premises DNS firewall configuration.
RPZs for Blacklisted Domains (RFE-7158)

You can now add any Response Policy Zones (RPZs) from different DNS and network views to the RPZ list that
you use to block malicious domains detected by Threat Insight in the Cloud (on-premises or in the Cloud).
400-0704-207 Rev. D 10/3/2018
DNSMessenger Module Support for Threat Insight

Threat Insight can now detect DNS tunneling activities instigated by the DNSMessenger malware. DNSMessenger
is a Remote Access Trojan (RAT) that attackers use to conduct malicious Powershell commands on
compromised devices. DNSMessenger uses DNS record queries and responses to create a bidirectional C&C
channel that allows the submission of Powershell commands to infected devices and the return of responses
back to the attackers.
McAfee Data Exchange Layer (DXL) Support for Outbound Notifications

In addition to REST (REpresentational State Transfer) enabled endpoints, NIOS also supports sending outbound
notifications to DXL (Data Exchange Layer) endpoints.
Network Insight Enhancements

This release adds the following enhancements to Network Insight:
• Cisco ACI Configuration: Integrating Cisco Application Policy Infrastructure Controller (APIC) on NIOS
provides visibility into your Cisco APIC infrastructure, which allows you to view and manage discovered
IP addresses through the Cisco ACI cluster. Once the Cisco ACI is integrated, Threat Insight can discover
the SDN Controller and Elements (Spine, Leaf, and End Points). You can also view devices that are
discovered by a discovery member.
• Cisco ISE Integration for NetMRI (RFE-6984)
After you successfully register a NetMRI appliance with NIOS, you can use the Cisco ISE integration
feature without having to install the Discovery license. This feature enables you to enhance identity
management across devices and applications that are connected to your network routers and switches.
You can monitor domain users, the IP addresses they log on to, the login status, and the time duration
of the current status in the IPAM tab of Grid Manager.
• Discovery Diagnostic Tool Improvements (REF-6303)
This release adds the following improvements to the Discovery Diagnostics dialog:
 View all existing discovery diagnostic tasks that have been executed in the last 12 hours.
 Enable or disable SNMP debugging for the device.
• Device Support Data for Discovered Devices (RFE-5452)
Network Insight now provides advanced visibility into device support data, such as the timestamp of
the most recent data collection, data function and whether it is supported for the device, as well as
the values collected for the device vendor, device model, and device version.
• Discovered Wi-Fi Data: Network Insight now saves the discovered data for Wi-Fi access points and
displays it in the IPAM tab -> Discovered Data tab of Grid Manager as well as the End Host History
dashboard.
• DNS Resolution for End Hosts (RFE-6541)
You can now specify whether you want to perform DNS lookups for discovered network devices and end
hosts. You can also adjust the throttle for the lookup to control the number of requests sent to the DNS
server.
• VLAN Smart Folder Improvements
When using smart folders, you can now find VLANs and group objects such as networks, interfaces, and
unmanaged IP addresses by discovered VLANs.
Cisco ISE 2.2 Support

This release adds support for Cisco ISE version 2.2. You can integrate Cisco ISE with NIOS to exchange valuable
network, user, device, and security-event information.
Cloud Network Automation Enhancement

This release adds the following enhancement for Cloud Network Automation:
• High Performance Virtual Appliances Support for AWS and Azure: This NIOS release supports the
following virtual appliances in AWS and Azure: IB-V825, IB-V1425, and IB-V2225. For detailed appliance
specifications, see the table on page 4.
400-0704-207 Rev. D 10/3/2018
vDiscovery Enhancements
This release adds the following enhancements for vDiscovery:
• Support for Multiple DNS Views (RFE-6828): When you configure vDiscovery jobs, you can enable NIOS
to automatically create DNS records for discovered IP addresses of VM instances that are served by the
appliance. You can now configure NIOS to add DNS records to a specific DNS view so NIOS can handle
the auto-creation of DNS records associated with multiple views that manage the same DNS zones.
• Capturing Tags from AWS and Azure: The metadata in the form of tags in AWS and Azure for NIOS can
now be captured through a vDiscovery process and saved as extensible attributes.
• Support of Keystone v3 for OpenStack (RFE-7622): NIOS now supports the Keystone server identity
service version v2 and v3 when you configure OpenStack as the endpoint server for a vDiscovery job.
Microsoft Management Enhancements

• Microsoft 2016 Support: This release adds support for Microsoft Windows Server 2016.
• SMB Versions 2 and 3 Upgrade (RFE-7216): Infoblox now supports the following versions of SMB
(Server Message Block) protocol for Microsoft Windows servers: SMB version 1 (SMBv1), SMB version 2.x
(SMBv2.x), and SMB version 3.x (SMBv3.x).
• Synchronizing Microsoft DNS Reporting Data (RFE-5140): You can now configure NIOS to synchronize
DNS reporting data with Microsoft servers so you can view both Microsoft and NIOS data in the same
NIOS DNS, DHCP and IPAM reports. You can also configure the synchronization interval using a newly
added CLI command.
DTC Enhancements
This release adds the following enhancements to the DNS Traffic Control feature:
• DTC Health Check (RFE-7044): If you have a multi-tier network architecture and want to monitor the
availability of separate components for the DTC server, you can now add a health monitor for each
individual IP address or domain configured for the DTC server. The DTC heath check will consider the
health monitors configured under DTC servers and their corresponding DTC pools before declaring the
running state for the pools.
• Dynamic Load Balancing Methods (RFE-6407): This release adds a new load balancing method called
“Ratio:Dynamic,” which includes the Round Trip Delay (RTD) and SNMP methods. The dynamic methods
allow you to load balance the DTC servers based on their latency. The existing “Ratio” method is
changed to “Ratio:Fixed.”
DNS Scavenging Modifiable Timestamp for DDNS Records (RFE-7114)

On occasions where you want to avoid the removal of valid DDNS records that contain outdated timestamps
through DNS scavenging, you can configure the record creation timestamp to be writable while keeping the
record data intact during DDNS updates. You can now select a check box to update the creation timestamp for
dynamic records during DDNS updates even when there are no changes to the resource record data.
Fault Tolerant DNS Caching (RFE-7343)

When an authoritative DNS server experiences an outage, all websites served by the DNS server become
inaccessible. Enabling the DNS fault tolerant caching option allows you to access the websites served by the
DNS server despite the DNS outage. When you enable this feature, DNS records are retained in the recursive
cache even after they expire. Whenever recursive query times out or returns a SERVFAIL response, the
appliance returns the cached response to the client instead of the SERVFAIL response.
NOTE: Infoblox recommends that you enable this feature right after you upgrade to NIOS 8.2. Enabling this
during production requires a DNS service restart, which will clear the current cache. For more information, see
Upgrade Guidelines on page 25.
400-0704-207 Rev. D 10/3/2018
NIOS 8.1.0
Licensing for Appliance IB-FLEX

Infoblox introduces a new virtual platform called IB-FLEX, a scalable service-provider grade platform with
flexible resource allocation for the virtual machine. To configure IB-FLEX, you first install the Flex Grid
Activation license on the Grid Master and then enable the following features as a bundle on the IB-FLEX
member: Grid (enterprise), DNS, DNS Traffic Control, Software ADP, Threat Protection Update, DNS Firewall,
NXDOMAIN Redirect, FireEye, and Cybersecurity Ecosystem. Contact your Infoblox representative for more
information about IB-FLEX and the Flex Grid Activation license.
Infoblox Advanced DNS Protection Enhancements

This release adds the following enhancements to the Advanced DNS Protection feature:
• Software ADP: In addition to the hardware-based Advanced Appliances (PT and IB-4030 appliances),
you can now install software-based subscription licenses on supported appliances (physical and virtual)
when deploying the Advanced DNS Protection solution.
• Threat Protection Profiles: When you configure Grid or Member security properties, you now have an
option to select an active ruleset or a threat protection profile. A threat protection profile defines
specific security settings and a ruleset that you can apply to a specific member or a group of members
that share a similar kind of traffic. You can also clone an existing profile and modify the settings to
create a new one.
• Grid VPN on LAN1 (RFE-6543): You can now configure Grid VPN on LAN1 interface for any members
(with Threat Protection enabled) in a Grid that supports Advanced DNS Protection.
• MGMT Port for Cloud API Calls: Infoblox supports elastic scaling for software ADP members. You can
now join such members using cloud API calls through the MGMT port.
• New Threat Protection Rules for Recursive Resolution: The updated ruleset now includes rules that
are specifically designed for recursive caching servers.
• Custom rules via WAPI (RFE-5924): You can now push custom rules to the Grid using WAPI calls. In
addition, this release adds new objects and structs for threat protection functions. For detailed
information, refer to the WAPI Documentation.
API Outbound Notifications Enhancements

This release adds the following significant enhancements to the API Outbound Notification feature:
• New configuration and template capabilities: Additional configuration is now possible in areas such as
rate limiting and login and logout templates. A few new variables and constructs are also added to
the event templates. For detailed information about the new additions, refer to the Infoblox NIOS
Administrator Guide.
• WAPI Integration: This release supports WAPI integration for API outbound notifications. You can send
requests to the local WAPI while processing endpoint events, making it easy to include synchronization
information via extensible attributes. You can add WAPI integration username and password as well as
server certificate validation when you configure endpoints.
• More advanced XML parsing: You can now select XMLA as the parsing option for endpoint responses to
support XML documents with tag attributes. XMLA quoting has also been added with additional
capabilities compared to XML quoting, allowing for simple serialization of complex structures.
• Event Deduplication for RPZ Hits: While configuring notification rules, you can decide whether you
want to reduce the amount of redundant RPZ hit events or not. Oftentimes, RPZ hits come from the
same client IPs, query FQDNs, or networks. To avoid receiving excessive RPZ events at the endpoint,
you can configure the appliance to remove or deduplicate subsequent RPZ events (after sending the
first event) within a certain time period based on Source IP, Query Name, RPZ Policy, and other related
fields. Depending on your configuration, the appliance sends the first RPZ event and deduplicates
subsequent events that match your filtering criteria within the configured lookback interval.
400-0704-207 Rev. D 10/3/2018

This release adds the following enhancements to the Network Insight feature:
• New Reports: This release adds the IP Address Inventory and Network Inventory reports. Each report
provides an inventory of discovered IP addresses and subnets, and includes information such as VLANs
on subnets, managed status, and timestamps when they were last discovered or became inactive.
• Improvements for the VRF Mapping Window (RFE-7035): When you have a lot of VRFs displayed in
the VRF Mapping window, you can filter the data by VRF Name, Device Name, Device/IP Address, or
Network View. You can also sort the data by ascending or descending order.
• The Last Discovered Field for Subnets (RFE-6357): Grid Manager now displays the Last Discovered
data for networks (or subnets) that are discovered by NetMRI or during an IPAM sync.
• Discovery Diagnostics Downloads in Text Format (RFE-5551): This functionality allows you to
download discovery diagnostics in text format from Network Insight members in the click of a button. If
you have a large amount of data to download, this feature significantly reduces the download time.
• IPAM Sync Improvements (RFE-3071): When you use the “IPAM Sync” feature to synchronize data
discovered by NetMRI, only the data related to discovered hosts appears in NIOS. Data related to hosts
that are no longer discovered by NetMRI will be removed. This feature provides consistency in how
NIOS handles discovered data through vDiscovery.
• Inclusion of sysLocation and sysContact during IPAM Sync (RFE-7430): Additional information
discovered by NetMRI, such as sysLocation and sysContact, is added to NIOS during an IPAM sync. This
release also adds a few new fields to be displayed in Grid Manager.
• UI Consistency for Network Insight: To maintain consistency in field names across products, Grid
Manager now displays VLAN name and ID as “VLAN Name” and “VLAN ID” (instead of “Discovered VLAN
Name” and “Discovered VLAN ID”) in the IPAM and Devices tabs.
DNS Traffic Control Enhancements

This release adds the following enhancements to the DNS Traffic Control (DTC) feature:
• CNAME Support for LBDN Records (RFE-7110): You can now use DTC to respond directly to CNAME
queries.
• Server Name Indication (SNI) Support (RFE-7531): DTC now supports SNI for HTTPS health checks.
This feature allows you to monitor different HTTPS sites on a single server.
Cloud Network Automation Enhancements (RFE-7192)

When configured, NIOS vDiscovery now automatically synchronizes VM information associated with existing DNS
records or fixed addresses when the corresponding discovered IP address is attached to, detached from, or re-
attached to a VM.
Support for EDNS Client Subnet (RFE-3315)

This release adds support for the EDNS Client Subnet (ECS) option for recursive DNS. When using this option,
the recursive DNS resolver provides the client subnet to the authoritative DNS server so it can build an
optimized reply.
Specifying Source Port Settings (RFE-5026)

You can now configure BIND query-source at the DNS view level, which defines the IP address and port used as
the source for outgoing queries.
TLS 1.2 Support for OpenVPN (RFE-7068)

This release uses TLS 1.2 for the key exchange for Grid communication.
Support for Unrestricted Reporting Virtual Appliances (RFE-4159 and 3601)

This release supports subscription-based reporting on virtual appliances that do not have capacity restrictions
for reporting.
400-0704-207 Rev. D 10/3/2018
DHCP Lease Management Enhancements (RFE-7104)

This release adds more options to how you can manage DHCP leases. In addition to one-lease-per-client per
member support, you can now configure the appliance to release leases that have a client ID when the client
moves from one network to another. You can also have the appliance retain all leases until they expire.
Support for IPv6 NXDOMAIN Redirection (RFE-7451)

NIOS now supports IPv6 NXDOMAIN redirection. You can create rules that specify how a DNS member responds
to queries for A and AAAA records for certain domain names and non-existent domain names.
Thales HSM Client Upgrade (RFE-7460)

NIOS supports version 3.21.3 of Thales.
Support for SafeNet Network HSM Upgrades

This NIOS release supports SafeNet Network HSM upgrades (formerly Luna SA).
WAPI Enhancements
This release includes the following PAPI and WAPI enhancements. For details, refer to the WAPI Documentation
and the WAPI Deprecation and Backward Compatibility Policy section in this document.
• To create a dtc:topology:rule object, you can modify the “rules” field of the parent object
dtc:topology. (RFE-7148)
• New objects for network resize. (RFE-4818, 7106, 7107, and 7138)
• Export and import data for backup and restore. (RFE-7142)
• Other additional WAPI objects and changes.
NIOS 8.0.0
DNS Traffic Control Enhancements

This release adds the following significant enhancements to the DNS Traffic Control (DTC) feature:
• A topology ruleset now supports extensible attribute rules that can be used for topology load
balancing. You can perform load balancing based on whether a client IP address belongs to a network
with extensible attribute values that match the topology rules. This is particularly useful for load
balancing Intranet applications, since GeoIP does not work for internal networks.
• The HTTP/HTTPS health monitor can now check the content of the returned page to determine the
health of a server. For example, you can search the page to make sure that “Under Maintenance” is not
on the returned page. You can specify regular expressions for extracting and checking part of the
response content. In addition, the HTTP Health Monitor editor has added a Test dialog so you can test
the HTTP health monitor configuration.
• A new graphical user interface for configuration, which shows the relationship between Load Balanced
Domain Names, Pools and Servers. You can edit, create, or delete DTC objects directly from this
graphical interface.
• DTC now supports DNSSEC. You may assign DTC LBDNs to signed zones, provided that they do not use
the "All Available" load balancing method and do not have in-zone wildcards.
• DTC servers now allow multiple records and record types to be configured for a single server.
• DTC now supports CSV import for GeoIP databases. You can customize the database by editing the CSV
file prior to an import.
• The SNMP health monitor now supports SNMPv3.
• A “Priority” setting has been added for LBDNs. In the case of overlapping LBDNs (configured with
similar Patterns and associated Zones), the Priority field is used to determine which LBDN is selected
when processing a DNS response.
• Geography topology rules may now use "City" in geographic conditions.
• You can now apply most changes to DTC configuration without interrupting the DNS service.
400-0704-207 Rev. D 10/3/2018
Infoblox High Performance Physical and Virtual Appliances

This NIOS release supports the following high performance NIOS physical appliances:
• Trinzic Appliances: TE-815, TE-825, TE-1415, TE-1425, TE-2215, and TE-2225 (also knowns as IB
appliances)
• Advanced Appliances: PT-1405, PT-2205, and PT-2205-10GE
• Network Insight Appliances: ND-805, ND-1405, and ND-2205
• Reporting Appliances: TR-805, TR-1405, and TR-2205
For more information about each physical appliance, refer to the installation guides, available on the Technical
Support web site at https://support.infoblox.com.
You can also deploy the following high performance virtual appliances: IB-V805, IB-V815, IB-V825, IB-V1405,
IB-V1415, IB-V1425, IB-V2205, IB-V2215, IB-V2225, ND-V805, ND-V1405, and ND-V2205. For required memory,
CPU, and disk allocation, see the table on page 4 of this document.
Support for Grid-wide Licenses

This NIOS release introduces the following Grid-wide licenses: Security Ecosystem, Reporting Subscription,
RPZ, FireEye, and IB_FLEX. Once installed, Grid-wide licenses are valid across the entire Grid, provided that
other conditions and factors are met for the respective features. For example, a member must have the
correct appliance model to run the Reporting feature even if a Reporting Subscription Grid-wide license is
already installed for the Grid.
Enhancements to Infoblox Cloud Offerings

This release adds the following enhancements to the Infoblox Cloud offerings:
• vNIOS for Azure in the Marketplace: You can now easily download and deploy vNIOS for Azure virtual
appliances directly from the Azure Marketplace. The vNIOS for Azure virtual appliance is pre-configured
for Microsoft Azure so you only need to take a few easy steps to complete the deployment.
• vNIOS for AWS:
o Amazon Route 53 Aliases are now mapped to CNAME records in NIOS, except for zone apex
CNAME records.
o Consolidation of Route 53 zones and records into a single DNS view: You can now serve all those
zones in a consolidated way from NIOS by querying a single Grid member.
o You can select either the Instance Profile or IAM credential to authenticate AWS API calls for
Route 53 and vDiscovery jobs.
o For vDiscovery, you can choose to use an unsecured HTTPS connection if your discovered
endpoints are OpenStack or VMware. When you select this option, the appliance bypasses
remote SSL certificate validation.
External Database Synchronization

If you have external applications that use information in the NIOS database, you can use the Object Change
Tracking and Synchronization feature to track changes made to common NIOS objects, and then periodically
synchronize IPAM, DNS, and DHCP data through the Infoblox API or RESTful API. You can choose between a full
and partial synchronization depending on your requirements. This feature enables timely and accurate
integration with your external systems.
Support for Outbound Notifications using RESTful API

Through Grid Manager, you can now configure the appliance to send outbound RESTful API notifications to REST
endpoints so you can prioritize your security needs or perform network management tasks. The appliance uses
RESTful API templates that you create to convert NIOS events into REST API messages in which you define
specific actions for those events.
400-0704-207 Rev. D 10/3/2018
Infoblox Reporting Enhancements

This release adds the following enhancements to the Reporting feature:
• Reporting License Usage report: This new internal report provides reporting license usage over a given
time frame and license usage warning count if there is any license usage violation. The default
dashboard displays bar chart that shows license usage in megabytes over a given time frame.
• Reporting Clustering Dashboard: This dashboard provides detailed information about the status of the
entire indexer cluster. You can get information about the status of each peer node, search head, and
indexes. You can also view the number of peers (reporting members), searchable copies, and number
of copies (buckets).
• Best practices for capacity planning, volume and storage consumption monitoring, deployment and
service monitoring, and customizing searches are now thoroughly described in the Infoblox NIOS
Administrator Guide.
• For reporting clustering, the Infoblox NIOS Administrator Guide now includes suggested network
communication and ports for the different clustering types.
Enhancements for Multi-Grid Configuration

This release adds the following enhancements for a Mutli-Grid configuration:
• You can now restrict synchronization of snapshots, selected network views, network containers,
networks, and extensible attributes by using the Disable Sync to MGM option on the Grid Masters of
managed Grids. You use this option to restrict certain networks and networking information by not
sharing it with the Multi-Grid Master. In addition, you can prevent the Multi-Grid Master from having
access to the snapshots of the managed Grids. When you disable synchronization, all synchronized data
is deleted and future synchronization is disabled.
• Support for CSV import and export.
Enhancements for Service Restarts (RFE-642)

You can now review pending activities that will take effect before you restart services on the appliance. You
can also enable or disable the appliance to display the Restart Banner and to track the admin users who
perform service restarts.

This release adds the following enhancements to the Network Insight feature:
• When converting unmanaged entities to managed objects in NIOS, you can choose to convert them one
at a time or as a group. To convert a single entity, just select a specific entity and perform the
conversion. To convert multiple entities to the same IPAM object type, you can select the entities you
want to manage and then perform a bulk conversion.
• You can also perform an automatic conversion for unmanaged entities in a network view by configuring
conversion rules for the Grid.
Security Visibility
Grid Manager now provides the following security dashboard widgets to increase visibility of your Infoblox
security infrastructure:
• Dig Request: This widget enables you to perform a DNS lookup on the Grid Master or on a specified Grid
member and displays the output of the dig command.
• Threat Analytics Status for Grid: This widget displays the statistical information about the DNS
tunneling events. You view different information using the following tabs: Detections Over Time, Top
10 Grid Members, and Detections.
• Threat Analytics Status for Member: This widget displays statistics about the DNS tunneling events for a
specific Grid member.
400-0704-207 Rev. D 10/3/2018
Infoblox Security Infrastructure Enhancements (RFEs: 4422, 4424, 5283, 5726, 5824, 6158, 6284, 6554,
6693, 6694, 6695, 6733, 6877)
This release adds a few enhancements to the Infoblox Security Infrastructure features, as follows:
• DNS RPZ Hits Report: You can select to review detailed RPZ hits or aggregated RPZ hits; this report now
includes IPAM data.
• Support for all known RR types for both TCP and UDP packets in Threat Protection rules.
• New templates for blocking DNS packets by record type and matching text string, and for rate limiting
DNS query with specific record type.
• “Last Seen” timestamp in RPZ threat details.
• Fixed inconsistencies in DNS Firewall reports.
• DNS RPZ Hits Trend by Mitigation Action Report: Provides trends for the total number of RPZ hits for
each mitigation action along with the total client hits in a given time frame.
• Rule description details added to the rule category.
DDNS Update Method (DHCP 4.3 Upgrade)

You can now select either the Interim or Standard DDNS update method. For dual-stack clients that acquire
both IPv4 and IPv6 leases and use the same DNS name for both types, you can configure IPv4 and IPv6 to use
different DDNS update methods (Infoblox recommends using Interim for IPv4 and Standard for IPv6).
Support for Bidirectional Forwarding Detection (BFD)

The BFD protocol is designed to provide faster failure detection using millisecond timer intervals. It can be
enabled with routing protocols to achieve fast network re-convergence.
NS Groups for Stub and Forward Zones (RFE-585)

NIOS now supports NS (Name Server) groups for stub and forward zones. A forwarding member NS group is a
collection of one or more name servers, and a stub member NS group is a collection of one or more Grid
members. When you configure a forward or stub zone, you can specify a forward/stub NS group instead of
assigning name servers or Grid members individually.
Ability to Select Core Files for Support Bundle (RFE-6449)

You can now select core files to be included in the Infoblox support bundle when you download it.
Enabling DHCP Transaction ID Logging by Default (RFE-6446)

In this release, the logging of DHCP transaction ID is enabled by default. You can use the set log_txn_id CLI
command to turn this feature on and off.
PIV Card Support for Two-Factor Authentication (RFE-6279)

This release adds support for Personal Identity Verification (PIV) card users to the two-factor authentication
method. You can configure the certificate authentication service to manually or automatically validate client
certificates. The Infoblox certificate authentication service uses OCSP to validate certificate status for X.509
digital certificates.
Enabling and Disabling SSL/TLS Support for Security (RFE-5301 and 4170)
Through the Infoblox CLI, you can now use the set ssl_tls_protocols command to enable and disable
different versions of the SSL/TLS protocol, and use the set ssl_tls_ciphers command to enable or disable
a specific cipher suite or all cipher suites. For more information about the CLI commands, refer to the Infoblox
CLI Guide.
400-0704-207 Rev. D 10/3/2018
DHCP Lease Affinity (RFE-3043)

Infoblox provides a DHCPv6 lease affinity feature that allows you to reuse expired IPv6 leases for DHCP clients.
When you enable this feature, the DHCPv6 server automatically renews the expired leases. A DHCP client can
retrieve the same lease and retain the same IP address from the DHCPv6 server. This feature helps reduce the
amount of IPv6 leases in the database as the DHCP server can issue the same lease multiple times for the same
client.
Opening Technical Support Requests through Grid Manager (RFE-5147)

When you encounter product issues or require assistance, you can send a request to Infoblox Technical Support
by opening a support case through Grid Manager. When you submit a support request, Infoblox Technical
Support automatically authenticates and authorizes the contact email address that you use. It sends a
confirmation email to the contact email address if the email address is registered on the Infoblox Technical
Support server. If the authentication fails, you will receive an email.
Support for Database Snapshots (RFE-6562)

This release adds support for database snapshots. Infoblox recommends that you create a database snapshot
prior to making significant changes. This will help you mitigate the impact of user errors in the NIOS
configuration. Whenever there is an error in the NIOS configuration, you can roll back the NIOS database to the
snapshot that you have created earlier. This is potentially faster and minimizes the impact on network services
than restoring the database using the backup file.
Specifying the Data Generation Intervals for Reports (RFE-4993)

You can now specify the time interval when NIOS generates data for the DNS Statistics per View and DNS
Statistics per Zone reports. The default value for the data generation interval for these report is one day
(86400 seconds).
TLSA Resource Records for DANE (RFE-3207)

You can now define whether a certificate or a public key must be associated with a domain name when you
define a TLSA (Transport Layer Security) resource record through Grid Manager. When you define your own
TLSA record, you do not have to depend on an external Certificate Authority to issue a digitally signed TLS
certificate for your domain name.
Adding Extensible Attribute Values Hosts (RFE-6274)

When configuring Host records, you can now select to associate extensible attributes with all the host records
you have defined or associate extensible attributes with only a selected host.
Ability to Forward WIN packets from NIOS to Microsoft Servers (RFE-7081)

This release provides CLI commands that you use to enable the forwarding of WINS packets from NIOS to
Microsoft DNS and DHCP servers. You can use this feature to forward WINS packets to dedicated Windows DNS
and DHCP servers. For detailed information about these commands, refer to the Infoblox CLI Guide.
IPv6 Enhancements (RFE-4040)

The appliance now supports using IPv6 anycast addresses for NS records to override the auto-generated IP
addresses.
Support for Query Response Screening (RFE-6515)

Infoblox now provides a CLI command that you use to enable the DNS query response screening feature. When
this feature is enabled and there is a “disjoint” between the parent and child NS RRsets, the appliance tests
the resolution of the child NS RRset. If the resolution fails for all name servers, the appliance will use the
parent NS RRset.
400-0704-207 Rev. D 10/3/2018
CHANGES TO DEFAULT BEHAVIOR
This section lists changes to default behavior in NIOS 8.x releases.
NIOS 8.2.x
• Basic search functionality, that is the search available on the Basic tab of the Search dialog box, is now
case insensitive.
• In NIOS 8.2.x, the appliance adds IP addresses of the external secondary servers to the “also-notify”
statement for all master zones. You will see this change when you install or upgrade to NIOS 8.2.x.
• In previous releases when a DHCPv6 client moved from network A to network B, the appliance did not
fully release the associated IPv6 lease on network A, causing the lease to stay in the “Active” state.
Thus, when the client rejoins network A, the appliance was unable to assign the same lease to the
client. As the client moved among networks, it might receive multiple leases on the same network. In
this release, if a client moves from network A to network B, the appliance will properly release the
pre-existing IPv6 lease on network A. When the client rejoins network A, the appliance may assign the
same IPv6 lease to the client, avoiding multiple leases for the same client on the same network. Note
that you must provide a unique IAID if a client needs IPv6 leases on multiple networks.
NIOS 8.0.0
• The Infoblox DNS Traffic Control solution delivers an enhanced user interface through Grid Manager.
Starting with this release, you will experience the following changes:
 The DTC Server wizard has been integrated with IPAM and DNS. DNS records can be selected
under DNS or IPAM, and you can launch the DTC Server wizard. The wizard will then use
information from the selected record to create a DTC server. Also, when the DTC server wizard
is launched from the Traffic Control tab, you can select a DNS record to provide information
for creating a DTC Server.
 Management of Health Monitors and Topology Rulesets have been moved to dialogs that are
launched from the Traffic Control tab.
 The Traffic Control Visualization can now be viewed in two panels: A panel that is displayed
next to the Traffic Control list view or in an expanded full size panel.
 The visualization panel has many improvements for visualizing and managing traffic control
structures, including tooltip menus for directly editing Traffic Control objects.
 New menu actions have been added to the Action menu (the gear icon) and the visualization
tooltip. You can use these actions to quickly add servers to pools and pools to LBDNs.
• Starting with this release, the IB-4030 and IB-4030-10GE appliances use the cache pre-fetch option to
replace the old cache refresh. Cache pre-fetch detects cached records that are about to expire and
fetch another copy before the actual expiration. When a query asks for data that has been cached, in
addition to returning the data, the appliance fetches a fresh copy from the authoritative server if the
pre-fetch condition (Eligible and Trigger settings) is met. This option helps minimize the time window
in which no answer is available in the cache.
400-0704-207 Rev. D 10/3/2018
• When configuring DNSSEC, you can select the resource record type (NSEC or NSEC3) you want to use
for handling non-existent names in DNS for the Resource Record Type for Nonexistent Proof option.
The default is now NSEC3 versus NSEC in previous releases.
• In previous releases, bloxTools is not supported on NIOS virtual appliances. bloxTools is now supported
on NIOS virtual appliances.
• In previous release, when port redundancy was configured and if LAN1 was not available, the Infoblox
appliance failed over to LAN2. Once the LAN1 connection was available, the appliance reverted to
LAN1 automatically. Starting with this release, this behavior has changed. After a failover, the
appliance no longer reverts automatically back from LAN2 to LAN1. You can select the Prefer LAN1
when available option when you enable port redundancy to always use LAN1 when it is available. If
this option is not selected, the appliance does not automatically revert from LAN2 to LAN1 even when
the LAN1 interface is available.
CHANGES TO Infoblox API and RESTful API (WAPI)
This section lists changes made to the Infoblox API and RESTful API in NIOS releases. For detailed information
about the supported methods and objects, refer to the latest versions of the Infoblox API Documentation and
the Infoblox WAPI Documentation, available through the NIOS products and on the Infoblox Support web site.
The latest available WAPI version is 2.7.
This NIOS release supports the following WAPI versions: 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.4, 1.4.1, 1.4.2, 1.5, 1.6,
1.6.1, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 2.0, 2.1, 2.1.1, 2.2, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.4, 2.5, 2.6, 2.7.
NOTE: In NIOS versions 6.12.14 to 6.12.17, the alias to the current WAPI version was incorrectly specified as
2.1 instead of 1.7.5. This caused the documentation to also display v2.1 as the latest version and requests sent
as 2.1 to behave as if they were sent against 1.7.5. This issue was rectified in NIOS 6.12.18 and later 6.12.x
releases. Any WAPI scripts using v2.1 in the URI written to run against NIOS versions 6.12.x should be changed
to v1.7.5 immediately after upgrading from an affected release to NIOS 6.12.18 or later.
WAPI Deprecation and Backward Compatibility Policy
This policy covers the interfaces exposed by the Infoblox WAPI and the protocol used to communicate with it.
Unless explicitly stated in the release notes, previously available WAPI versions are intended to remain
accessible and operative with later versions.
The planned deprecation of a given version of the WAPI will normally be announced in the release notes at
least one year in advance. Upon deprecation, the announced WAPI version and all prior versions will no longer
be supported in subsequent releases. For example, if the current WAPI release is v3.4 and the release notes
contain an announcement of the v1.5 deprecation, v1.4 and v1.5 API requests would continue to work with
later releases for one year from the announcement date. After that, some or all requests for these deprecated
versions may not work with versions later than v1.5. API requests adherent to versions later than v1.5 (v2.0 for
example) would continue to work with subsequent releases. Infoblox seeks to avoid any deprecation that has
not been announced in advance, however product modifications and enhancements may affect specific API
requests without a prior announcement; Infoblox does not warrant that all API requests will be unaffected by
future releases. This policy applies to both major and minor versions of the WAPI. Infoblox reserves the right
to change this policy.
400-0704-207 Rev. D 10/3/2018
NIOS 8.2.x
NIOS 8.2.0 includes the following PAPI changes:
New Structures:
 Infoblox::DXL::Endpoint::Broker
 Infoblox::Grid::DNS::IP
 Infoblox::DTC::Pool::DynamicRatioSetting
 Infoblox::DTC::Server::Monitor
 Infoblox::Grid::Discovery::DeviceSupportInfo
 Infoblox::Grid::Discovery::DeviceDataCollectionStatus
 Infoblox::Grid::Discovery::DeviceSupportInfoResponse
 Infoblox::Grid::Member::Discovery::CiscoAPICConfig
New Objects:
 Infoblox::DXL::Endpoint
 Infoblox::Grid::ThreatInsight::CloudClient
NIOS 8.2.0 includes the following WAPI changes:
New Structures:
 vtftpdirmember
 remoteddnszone
 networkview:assocmember
 upgradegroup:schedule
 upgradegroup:member
 smartfolder:groupby
 smartfolder:groupbyvalue
 smartfolder:queryitem
 smartfolder:queryitemvalue
 radius:server
 upgradestep
 hotfix
 tacacsplus:server
 zonerolloverinfo
 discoverytaskport
 hsm:safenet
 hsm:thales
 dxl:endpoint:broker
 member:dnsip
 setting:dynamicratio
 dtc:server:monitor
 discovery:devicesupportinfo
 discovery:devicedatacollectionstatus
 discovery:ciscoapicconfiguration
New Objects:
 approvalworkflow
 authpolicy
 discovery:devicesupportbundle
 distributionschedule
 dns64group
 ftpuser
400-0704-207 Rev. D 10/3/2018
 grid:filedistribution
 grid:threatanalytics
 ipv6dhcpoptiondefinition
 ipv6dhcpoptionspace
 ipv6fixedaddresstemplate
 ipv6rangetemplate
 mastergrid
 member:filedistribution
 member:threatanalytics
 mssuperscope
 natgroup
 radius:authservice
 record:dname
 record:dnskey
 record:ds
 record:nsec
 record:nsec3
 record:nsec3param
 record:rrsig
 smartfolder:children
 smartfolder:global
 smartfolder:personal
 tacacsplus:authservice
 tftpfiledir
 threatanalytics:moduleset
 threatanalytics:whitelist
 upgradegroup
 upgradeschedule
 hsm:safenetgroup
 hsm:thalesgroup
 hsm:allgroups
 dxl:endpoint
 threatinsight:cloudclient
NIOS 8.1.x
NIOS 8.1.0 includes the following PAPI changes:
New Structures:
 Infoblox::Grid::Member::DNS::ViewAddressSetting
New Objects:
 Infoblox::Grid::ThreatProtection::Profile
 Infoblox::Grid::ThreatProtection::Profile::Rule
Deprecation:
 The settings for enable_one_lease_per_client and it's override field
override_enable_one_lease_per_client are deprecated for the following objects:
Infoblox::Grid::DHCP, Infoblox::Grid::Member::DHCP.
New fields lease_per_client_settings and override_lease_per_client_settings should
be used.
The relations between new and deprecated fields are as follows:
400-0704-207 Rev. D 10/3/2018
o 'ONE_LEASE_PER_CLIENT' in lease_per_client_settings corresponds to the True

value of enable_one_lease_per_client
o 'RELEASE_MATCHING_ID' in lease_per_client_settings corresponds to the False
o 'NEVER_RELEASE' has no corresponding value in enable_one_lease_per_client
o use_lease_per_client_settings is equivalent to
use_enable_one_lease_per_client
 Infoblox::Grid::Admin::User no longer supports regexp search by ca_certificate_issuer
(only exact search is allowed from now on).
NIOS 8.1.0 includes the following WAPI changes:
New Structures:
 setting:viewaddress
 threatprotection:natport
 threatprotection:natrule
 threatprotection:statinfo
 threatprotection:ruleconfig
 threatprotection:ruleparam
 ldap_server
 ldap_eamapping
 ntpac
 ntpaccess
 ntpserver
 ntpkey
 grid:ntp
 member:ntp
 lomuser
 grid:consentbannersetting
 grid:informationalbannersetting
 scheduledbackup
 member:dnsgluerecordaddr
New Objects:
 threatprotection:profile
 threatprotection:profile:rule
 grid:threatprotection
 threatprotection:ruleset
 threatprotection:statistics
 threatprotection:rulecategory
 threatprotection:ruletemplate
 threatprotection:grid:rule
 ldap_auth_service
 rir
 rir:organization
 kerberoskey
 hostnamerewritepolicy
 recordnamepolicy
400-0704-207 Rev. D 10/3/2018
Deprecation:
 The settings for enable_one_lease_per_client and it's use field
use_enable_one_lease_per_client are deprecated for the following objects:
grid:dhcpproperties and member:dhcpproperties. The new field
lease_per_client_settings (use-flag is use_lease_per_client_settings) should be used.
The relations between new and deprecated fields are as follows:
o 'ONE_LEASE_PER_CLIENT' in lease_per_client_settings corresponds to the True
o 'RELEASE_MATCHING_ID' in lease_per_client_settings corresponds to the False
o 'NEVER_RELEASE' has no corresponding value in enable_one_lease_per_client
o use_lease_per_client_settings is equivalent to
use_enable_one_lease_per_client
NIOS 8.0.0
This NIOS release includes the following API changes:
• Admin permission All OCSP Services was renamed to All Certificate Auth Services.
Object Infoblox::OCSP::AuthService has been deprecated; use new object
Infoblox::Grid::Admin::CertificateAuthService.
• Object Infoblox::DTC::Server ‘translation’ and ‘override_translation’ were
deprecated. These functions were implemented using object Infoblox::DTC::Record::A, AAAA,
CNAME, NAPTR records
New Object Name Old Object Name

Infoblox::Grid::Admin::CertificateAuthService Infoblox::OCSP::AuthService
Infoblox::DTC::Record::A, AAAA, CNAME, Infoblox::DTC::Server
NAPTR records
This release also adds the following new objects for PAPI and WAPI:
PAPI new objects:

 Infoblox::Grid::ObjectsChangesTrackingSetting
 Infoblox::Grid::DNS::AllNsgroups
 Infoblox::Grid::DNS::Nsgroup::ForwardStubServer
 Infoblox::Grid::DNS::Nsgroup::StubMember
 Infoblox::Grid::DNS::Nsgroup::ForwardingMember
 Infoblox::Grid::BFD::Template
 Infoblox::Notification::REST::Endpoint
 Infoblox::Notification::REST::Template
 Infoblox::Notification::REST::TemplateParameter
 Infoblox::Notification::REST::TemplateInstance
 Infoblox::DTC::Record::A
 Infoblox::DTC::Record::AAAA
 Infoblox::DTC::Record::CNAME
 Infoblox::Grid::Member::QueryFQDNParameter
 Infoblox::Grid::Member::QueryFQDNResponse
 Infoblox::DNS::Record::DHCID
 Infoblox::Grid::DBSnapshot
 Infoblox::DNS::Record::TLSA
400-0704-207 Rev. D 10/3/2018
 Infoblox::Grid::LicenseSubPool
 Infoblox::Grid::LicenseGridWide
 Infoblox::Grid::Member::License
 Infoblox::Grid::ServiceRestart::Request::ChangedObject
WAPI new objects:

 ad_auth_service
 db_objects
 deleted_objects
 allnsgroup
 nsgroup:forwardstubserver
 nsgroup:stubmember
 nsgroup:forwardingmember
 nsgroup:delegation
 bfdtemplate
 notification:rest:endpoint
 notification:rest:template
 notification:rest:templateparameter
 notification:rest:templateinstance
 dtc:record:a
 dtc:record:aaaa
 dtc:record:cname
 dtc:monitorhttp
 record:dhcid
 upgradestatus
 filterrelayagent
 fixedaddresstemplate
 rangetemplate
 dhcpoptionspace
 dhcpoptiondefinition
 dhcp:statistics
 orderedranges
 record:ns
 discovery:gridproperties
 discovery:memberproperties
 bulkhostnametemplate
 capacityreport
 localuser:authservice
 dbsnapshot
 record:tlsa
 license:gridwide
 grid:servicerestart:request:changedobject
 certificate:authservice
 mgm:grid (available in MGM only)
 mgm:networkview (available in MGM only)
 mgm:network (available in MGM only)
 mgm:member (available in MGM only)
 mgm:monitorentry (available in MGM only)
 mgm:monitordata (available in MGM only)
 mgm:usermapping (available in MGM only)
400-0704-207 Rev. D 10/3/2018
WAPI new structs:

 objectschangestrackingsetting
 exclusionrangetemplate
 option60matchrule
 zonenameserver
 discovery:seedrouter
 discovery:scaninterface
 discovery:port
 discovery:advancedpollsetting
 capacityreport:objectcount
 thresholdtrap
 trapnotification
 grid:licensesubpool
 ocsp_responder
 ad_auth_server
Supported Perl and Dependency Versions for the Infoblox API

Perl Crypt::SSLeay LWP::UserAgent XML::Parser Net::INET6Glue
OS
Version Version Version Version Version
5.22.0
Microsoft Windows 8.1® 0.72 6.13 2.44 0.603
5.12.3
Microsoft Windows 8® 5.22.0 0.72 6.13 2.44 0.603
5.22.0
Microsoft Windows 7® 0.72 6.13 2.44 0.603
5.20.2
Red Hat® Enterprise Linux®
5.16.3 0.72 6.13 2.44 0.603
7.1
Fedora core 2.6.25.6-
5.12.3 0.72 6.13 2.44 0.603
45.fc14.i686
Ubuntu x86_64 GNU/Linux 5.18.2 0.72 6.13 2.44 0.603
Apple® Mac OS X 10.10.3 5.18.2 0.72 6.13 2.44 0.603

5.22.0
Apple® Mac OS X 10.9.5 0.72 6.13 2.44 0.603
5.16.2
UPGRADE GUIDELINES
Upgrading to NIOS 8.2.x
• Infoblox recommends that you enable DNS Fault Tolerant Caching right after you upgrade to NIOS 8.2
and keep this feature enabled to handle unreachable authoritative servers. Note that enabling this
feature requires a DNS service restart, which will clear the current cache. Therefore, if you enable this
when you are trying to mitigate an ongoing attack on an authoritative server that is outside of your
control, it will clear the DNS cache, which will magnify the issues that your system is experiencing.
400-0704-207 Rev. D 10/3/2018
• During a scheduled full upgrade to NIOS 8.1.0 and later versions, you can use only IPv4 addresses for
NXDOMAIN redirection. You cannot use IPv6 addresses for NXDOMAIN redirection while the upgrade is in
progress.
• If you set up your Grid to use Infoblox Threat Insight but have not enabled automatic updates for
Threat Analytics module sets, you must manually upload the latest module set to your Grid or enable
automatic updates before upgrading. Otherwise, your upgrade will fail.
• If you are upgrading from 7.3.200 or 7.3.201 to NIOS 8.0.x and have reporting clustering configured,
you must download and upgrade to IBRA 1.2.0 (for the Splunk app) after the NIOS upgrade.
• In NIOS versions 6.12.14 to 6.12.17, the alias to the current WAPI version was incorrectly specified as
2.1 instead of 1.7.5. This caused the documentation to also display v2.1 as the latest version and
requests sent as 2.1 to behave as if they were sent against 1.7.5. This issue was rectified in NIOS
6.12.18 and later 6.12.x releases. Any WAPI scripts using v2.1 in the URI written to run against NIOS
versions 6.12.x should be changed to v1.7.5 immediately after upgrading from an affected release to
NIOS 6.12.18 or later.
• There are special restrictions for configuration changes when upgrading to NIOS 8.0.0 and later
releases. For detailed information about the restrictions, refer to Chapter 10, Managing NIOS Software
and Configuration Files of the Infoblox NIOS Administrator Guide.
BEFORE YOU INSTALL
To ensure that new features and enhancements operate properly and smoothly, Infoblox recommends that you
evaluate the capacity on your Grid and review the upgrade guidelines before you upgrade from a previous NIOS
release.
Infoblox recommends that administrators planning to perform an upgrade from a previous release create and
archive a backup of the Infoblox appliance configuration and data before upgrading. You can run an upgrade
test before performing the actual upgrade. Infoblox recommends that you run the upgrade test, so you can
resolve any potential data migration issues before the upgrade.
The following is a list of upgrade and revert paths. You can also schedule a full upgrade from these releases.
8.2.6 and earlier 8.2.x releases

7.3.201 and 7.3.200 releases
7.3.100
7.2.202-LD and earlier 7.2.2xx releases
400-0704-207 Rev. D 10/3/2018
Technical Support
Infoblox technical support contact information:
Telephone: 1-888-463-6259 (toll-free, U.S. and Canada); +1-408-625-4200, ext. 1
E-mail: support@infoblox.com
Web: https://support.infoblox.com
GUI Requirements
Grid Manager supports the following operating systems and browsers. You must install and enable Javascript for
Grid Manager to function properly. Grid Manager supports only SSL version 3 and TLS version 1 connections.
Infoblox recommends that you use a computer that has a 2 GHz CPU and at least 1 GB of RAM.
Infoblox supports the following browsers for Grid Manager:
OS Browser
Microsoft Windows 10® Microsoft Internet Explorer® 11.x*, 10.x
Mozilla Firefox 39.x, 37.x, 32.x, 31.x, 25.x, 21.x, 16.x, and 10.x
Google Chrome 43, 42, 41, 40, 37.x, 36.x, 30.x, 27.x, 22.x, and 16.x
Microsoft Windows 8.1 and 8.0® Microsoft Internet Explorer® 11.x*, 10.x*
Mozilla Firefox 37.x, 32.x, 31.x, 25.x, 21.x, 16.x, and 10.x
Google Chrome 41, 40, 37.x, 36.x, 30.x, 27.x, 22.x, and 16.x
Microsoft Windows 7® Microsoft Internet Explorer® 11.x*, 10.x, 9.x
Mozilla Firefox 32.x, 31.x, 25.x, 21.x, 16.x, and 10.x
Google Chrome 37.x, 36.x, 30.x, 27.x, 22.x, and 16.x
Microsoft Windows XP® (SP2+) Microsoft Internet Explorer® 11.x*, 10.x, 9.x
Red Hat® Enterprise Linux® 7.x Mozilla Firefox 32.x, 31.x, 25.x, 21.x, 16.x, and 10.x
Apple® Mac OS X 10.11.x Safari 8.x, 7.x
Apple® Mac OS X 10.10.x Safari 8.x, 7.x
Apple® Mac OS X 10.9.x Safari 7.x
400-0704-207 Rev. D 10/3/2018
When viewing Grid Manager, set the screen resolution of your monitor as follows:
Minimum resolution: 1280 x 768
Recommended resolution: 1280 x 1024 or better
Documentation
You can download the Infoblox NIOS Administrator Guide from the appliance. From Grid Manager, expand the
Help panel, and then click Documentation -> Admin Guide.
Training
Training information is available at http://inter.viewcentral.com/events/uploads/infoblox/login.html.
ACCESSING GRID MANAGER
Before you log in to Grid Manager, ensure that you have installed your NIOS appliance, as described in the
installation guide or user guide that shipped with your product, and configured it accordingly.
To log in to Grid Manager:
1. Open an Internet browser window and enter https://<IPv4 address or hostname of your NIOS
appliance> or https://[IPv6 address] of your NIOS appliance. The Grid Manager login page appears.
2. Enter your user name and password, and then click Login or press Enter. The default user name is
admin and password is infoblox.
3. Read the Infoblox End-User License Agreement and click I Accept to proceed. Grid Manager displays
the Dashboard, your home page in Grid Manager.
ADDRESSED VULNERABILITIES
This section lists security vulnerabilities that were addressed in the past 12 months. For vulnerabilities that are
not listed in this section, refer to Infoblox KB #2899. For additional information about these vulnerabilities,
including their severities, please refer to the National Vulnerability Database (NVD) at http://nvd.nist.gov/.
The Infoblox Support website at https://support.infoblox.com also provides more information, including
vulnerabilities that do not affect Infoblox appliances.
CERT VULNERABILITY NOTE CVE-2018-5732

A specially constructed response from a malicious server could cause a buffer overflow in the DHCP client.

A malicious client that was allowed to send very large amounts of traffic (billions of packets) to a DHCP server
could eventually overflow a 32-bit reference counter, potentially causing the DHCP daemon to crash.

A code path in DNSSEC validation was introduced in the fix for CVE-2017-3137. Trying to validate answers with
certain unusual attributes could lead to using freed memory, resulting in a race condition in which two possible
outcomes might occur. The usual path did not result in a crash, but could lead to log messages that contained
the text “<unknown address, family 57054>,” while the less usual path could result in a crash when the freed
memory was accessed.

If an X.509 certificate had a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer
overread, resulting in an erroneous display of the certificate in text format.
400-0704-207 Rev. D 10/3/2018

udp.c in the Linux kernel before 4.5 allowed remote attackers to execute arbitrary code via UDP traffic
that triggered an unsafe second checksum calculation during execution of a recv system call with the
MSG_PEEK flag.

An attacker who was able to send and receive messages to an authoritative DNS server and who had knowledge
of a valid TSIG key name for the zone and service being targeted might be able to manipulate NIOS into
accepting a dynamic update.

An attacker who was able to send and receive messages to an authoritative DNS server might be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed request packet.

RPZ policy handling could affect servers using RPZ policies that included NSIP or NSDNAME triggers, resulting in
additional recursions that consumed DNS resources indefinitely and caused performance issues or DNS outage.
CERT VULNERABILITIES for NTPD

Upgraded NTPD to ntp-4.2.8p10 to address the following medium to low severity vulnerabilities:
CVE-2017-6464, CVE02017-6463, CVE-2017-6462, CVE-2017-6460, CVE-2017-6459, CVE-2017-6458,
CVE-2017-6455, CVE-2017-6452, CVE-2017-6451, CVE-2016-9042, CVE-2016-7434.

Processing a response containing CNAME or DNAME records in an unusual order could cause a DNS resolver to
terminate.

Using DNS64 with 'break-dnssec yes' could cause the DNS service to exit with an assertion failure.

Under some conditions when using both DNS64 and RPZ to rewrite query responses, the querying process could
resume in an inconsistent state, resulting in either an INSIST assertion failure or an attempt to read through a
NULL pointer.

An unusually-formed answer containing a DS resource record could trigger an assertion failure and cause the
DNS service to stop, resulting in a denial of service to clients.

An error handling a query response containing inconsistent DNSSEC information could trigger an assertion
failure and cause the DNS service to stop, resulting in a denial of service to clients.

A malformed response to an ANY query can trigger an assertion failure during recursion and cause the DNS
service to stop, resulting in a denial of service to clients.

While processing a recursive response that contained a DNAME record in the answer section, “named” could
stop execution after encountering an assertion error in resolver.c.

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause
a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
400-0704-207 Rev. D 10/3/2018

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a
allowed remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request
extensions.

The net/ipv4/tcp_input.c in the Linux kernel before 4.7 did not properly determine the rate of challenge ACK
segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window
attack.

A defect in the control channel input handling could cause the DNS service to fail due to an assertion failure in
sexpr.c or alist.c when a malformed packet was sent to the control channel.

An attacker who controlled a server to make a deliberately chosen query to generate a response that contained
RRSIGs for DNAME records could cause the DNS service to fail due to an assertion failure in resolver .c or db.c,
resulting in a denial of service to clients.

In some versions of BIND, an error could occur when data that had been received in a resource record was
formatted to text during debug logging. Depending on the BIND version in which this occurred, the error could
cause either a REQUIRE assertion failure in buffer.c or an unpredictable crash (e.g. segmentation fault or other
termination). This issue could affect both authoritative and recursive servers if they were performing debug
logging. Note that NIOS 7.1.0 through 7.1.8 and NIOS 7.2.0 through 7.2.4 were affected by this vulnerability.

A DNS server could exit due to an INSIST failure in apl_42.c when performing certain string formatting
operations. Examples included but might not be limited to the following:
 Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer
from their masters.
 Masters using text-format db files could be vulnerable if they accepted a malformed record in a DDNS
update message.
 Recursive resolvers were potentially vulnerable when logging, if they were fed a deliberately
malformed record by a malicious server.
 A server which had cached a specially constructed record could encounter this condition while
performing 'rndc dumpdb'.

A badly formed packet with an invalid IPv4 UDP length field could cause a DHCP server, client, or relay
program to terminate abnormally, causing a denial of service.

If responses from upstream servers contained an invalid class parameter for certain record types, DNS service
might terminate with an assertion failure.

The glibc DNS client side resolver was vulnerable to a stack-based buffer overflow when the getaddrinfo()
library function was used. Software using this function might be exploited with attacker-controlled domain
names, attacker-controlled DNS servers, or through a man-in-the-middle attack.
400-0704-207 Rev. D 10/3/2018

Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the
pre-authentication process for remote code execution

Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise
the pre-authentication process for remote code execution and who had valid credentials on the host could
impersonate other users

An incorrect boundary check could cause DNS service to terminate due to a REQUIRE assertion failure. An
attacker could deliberately exploit this by providing a maliciously constructed DNS response to a query.

Parsing a malformed DNSSEC key could cause a validating resolver to exit due to a failed assertion. A remote
attacker could deliberately trigger this condition by using a query that required a response from a zone
containing a deliberately malformed key.

A remotely exploitable denial-of-service vulnerability that exists in all versions of BIND 9 currently supported.
It was introduced in the changes between BIND 9.0.0 and BIND 9.0.1.
CERT VULNERABILITY NOTE CVE-2015-6364 and CVE-2015-5366

A flaw was found in the way the Linux kernel networking implementation handled UDP packets with incorrect
checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel,
resulting in a denial of service on the system, or causing a denial of service in applications using the edge
triggered epoll functionality.

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1
before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds
read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against
a server that supported client authentication with a custom verification callback.

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s,
1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner
EncryptedContent data.

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1
before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via
vectors that triggered a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for
a hash function.

A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed
the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any
of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute
arbitrary code with the permissions of the user running the application.
400-0704-207 Rev. D 10/3/2018

A recursive resolver configured to perform DNSSEC validation, with a root trust anchor defined, could be
deliberately crashed by an attacker who could cause a query to be performed against a maliciously constructed
zone.

Addressed an internal issue in C library (GNU C Library gethostbyname*). Although it was not possible to exploit
this as a security issue in NIOS, it could cause some incorrect error conditions and messages while administering
the product.

An attacker could bypass source IP restrictions and send malicious control and configuration packets by
spoofing ::1 addresses because NTP's access control was based on a source IP address.

Failure to place limits on delegation chaining could allow an attacker to crash named or cause memory
exhaustion by causing the name server to issue unlimited queries in an attempt to follow the delegation.

The OpenVPN community issued a patch to address a vulnerability in which remote authenticated users could
cause a critical denial of service on Open VPN servers through a small control channel packet.

SSL3 is vulnerable to man-in-the-middle-attacks. SSL3 is disabled in NIOS, and connections must use TLSv1
(which is already used by all supported browsers). Note that SSL3 is still used for transmission of reporting
data; but you can disable SSL3 on your reporting server to protect it from the vulnerability.

A denial of service vulnerability that is related to session tickets memory leaks.

Off-by-one error in the read_token_word function in parse.y in GNU BASH through v. 4.3 allowed remote
attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly an
unspecified impact through deeply nested for loops (also known as the "word_lineno" issue).

The redirection implementation in parse.y in GNU BASH through v. 4.3 allowed remote attackers to cause a
denial of service (out-of-bounds array access and application crash) or possibly an unspecified impact through
the "redir_stack" issue.
CERT VULNERABILITY NOTE CVE-2014-6271, CVE-3014-6277, CVE-2014-6278, AND CVE-2014-7169

GNU Bash through v. 4.3 processed trailing strings after function definitions in the values of environment
variables, which allowed remote attackers to execute arbitrary code via a crafted environment (also known as
the "ShellShock" vulnerability)."

Enabling anonymous ECDH cipher suites on TLS clients could cause a denial of service.

A specially crafted handshake packet could force the use of weak keying material in the SSL/TLS clients,
allowing a man-in-the-middle (MITM) attack to decrypt and modify traffic between a client and a server.
400-0704-207 Rev. D 10/3/2018

Remote attackers could utilize DTLS hello message in an invalid DTLS handshake to cause a denial of service.

Enabling SSL_MODE_RELEASE_BUFFERS failed to manage buffer pointer during certain recursive calls that
could cause a denial of service.

Remote attackers could trigger buffer overrun attack through invalid DTLS fragments to an OpenSSL DTLS
client or server, resulting in a denial of service.

A crafted query against an NSEC3-signed zone could cause the named process to terminate.
RESOLVED ISSUES
The following issues were reported in previous NIOS releases and resolved in this release. The resolved issues
are listed by severity. For descriptions of the severity levels, refer to Severity Levels on page 65.
Fixed in NIOS 8.2.7
ID Severity Summary
NIOS-67040 Critical A hotfix to resolve the preferred time calculation issue functioned only in IPv6
allocation, but not in prefix delegation.
NIOS-66829 Critical After upgrading to NIOS version 8.2.4 from version 7.3.10, a difference in the
preferred lifetime was observed.
NIOS-66548 Critical Unable to use Subscriber Services when DCA was enabled.
NIOS-66384 Critical Even though the preferred lifetime and valid lifetime were configured, the
lifetime values were always displayed as zero (0) for renew requests.
NIOS-66326 Critical A mismatch was observed between the data in the recursion log file and the
data in the SNIC QPS log file.
NIOS-66213 Critical Unable to sign the zone with DTC LBDN.
NIOS-66135 Critical The Used % column in the Grid Reporting Properties screen did not display an
incremented value.
ID Severity Summary
NIOS-67119 Major Enabling the capture DNS queries feature caused an increase in the disk space
usage.
NIOS-67105 Major In NIOS instances that were integrated with AWS Route 53, a subzone deleted
from AWS Route 53 was not deleted in NIOS and when the subzones were
recreated in AWS Route 53, they were created in NIOS but in a newly created
DNS view.
NIOS-66986 Major Unable to open a custom RPZ zone with approximately 250000 to 300000
entries.
NIOS-66942 Major The API connection limit needed to be increased.
400-0704-207 Rev. D 10/3/2018
NIOS-66879 Major OpenSSH had to be upgraded from version 6.4 to 7.7.
NIOS-66844 Major Requesting an API key for Infoblox Threat Insight displayed an error message.
NIOS-66799 Major DTC objects took a long time to load and in certain circumstances, Grid Manager
did not respond.
NIOS-66793 Major The Grid Manager -> Members tab did not display data.
NIOS-66746 Major DHCP DISCOVER did not respond when there was a mismatch in the prefix
lengths of subnets.
NIOS-66726 Major HTTP trace was enabled in Infoblox appliances that had Captive Portal enabled.
HTTP trace was vulnerable to CVE-2004-2320 and CVE-2007-3008.
NIOS-66547 Major DHCP DISCOVER returned an inappropriate prefix to a DHCPv6 client when the
client moved from one subnet to another.
NIOS-66480 Major Multiple issues were observed in the Grid when the hardware appliances were
swapped and the host systems were renamed.
NIOS-66200 Major The Device Interface Inventory report displayed incorrect VLAN data.
NIOS-66119 Major If a CNAME record has been changed, and the TTL of an A record for which fault
tolerant cache has been enabled has expired, the record remains in the fault
tolerant cache until the fault tolerant period expires.
NIOS-66060 Major Adding multiple zone associations in a single WAPI call displayed an error
message.
NIOS-65777 Major The email warning message for DHCP thresholds for network containers
displayed incorrect threshold values.
NIOS-65590 Major Using the Import Zone feature overwrote the values of the DNS zone associations
defined for a network.
NIOS-65352 Major An SCP that was scheduled for syslogs failed.
NIOS-64924 Major vNIOS for Azure did not start because of a lack of response from the hypervisor.
ID Severity Summary
NIOS-66864 Minor The NIOS UI did not respond and the swap area used was very high.
NIOS-66674 Minor DTC pools configured using the All Available method did not return results in a
sequential order.
NIOS-66532 Minor The NIOS documentation did not contain information about the NIOS lockout
policy.
NIOS-66388 Minor The View Pending Changes tab did not display modifications made on network
objects.
NIOS-66102 Minor Audit logs were not visible in the reporting server.
NIOS-65934 Minor Unable to create alerts using the Infoblox Reporting and Analytics solution.
Fixed in NIOS 8.2.6
400-0704-207 Rev. D 10/3/2018
ID Severity Summary
NIOS-66360 Critical When the LAN1/LAN2 bonding was disabled, the LAN2 interface did not go down
on the passive node when the system was restarted.
NIOS-66066 Critical The “SNMP MIB Hierarchy” topic in the NIOS Administrator Guide referenced a
broken URL.
NIOS-66062 Critical Documentation about reverting a member in an upgrade group in the “Upgrading
NIOS Software” section was unclear.
NIOS-66080 Critical Unable to route VPN traffic through the MGMT port on an AWS member.
NIOS-65926 Critical After NIOS was upgraded to version 8.2.3, the interface IP address changed to
the NAT IP address, thus causing zone transfers to fail.
NIOS-65888 Critical When multiple unmanaged networks were converted into managed networks,
the NIOS UI displayed an error message.
NIOS-65881 Critical Under certain circumstances, a Grid member was unexpectedly disconnected
from the Grid.
ID Severity Summary
NIOS-67056 Major The CVE-2018-5732 and CVE-2018-5733 vulnerabilities were fixed.
NIOS-66574 Major Unable to add Certificate Authority (CA) certificates that have the same issuer
into a single CAS group.
NIOS-66453 Major A large replication queue on Grid members caused DNS discrepancies.
NIOS-66375 Major LBDN responded with an SOA record even when the health monitors displayed a
green status.
NIOS-66346 Major Reboot of an AWS member changed its hardware ID.
NIOS-66342 Major On Thales HSM, zones could not be signed using keys that were greater than
1024 bits.
NIOS-66265 Major Microsoft Active Directory sites were unexpectedly deleted.
NIOS-66250 Major Extensible attributes for network containers were not visible and an error
message was displayed in the Grid Manager.
NIOS-66240, Major After NIOS was upgraded to version 8.0.4, the performance of the NIOS UI
NIOS-66239 slowed down considerably.
NIOS-66237 Major After NIOS was upgraded to version 8.0.4, Grid Manager took a long time to
perform certain actions such as adding name server groups, adding members,
and failover associations.
NIOS-66208 Major The Traffic Capture tool did not work as expected and CPU utilization had
increased.
400-0704-207 Rev. D 10/3/2018
NIOS-66202 Major The captive portal did not start when a key of size 4096 bytes was used for the
SSL.
NIOS-66165 Major Dynamically updated records were not replicated to Grid Master even after 8
hours and the replication queue increased.
NIOS-66141 Major Under certain circumstances, name server records were missing in the primary
authoritative zone.
NIOS-66072 Major The Infoblox Administrator Guide did not contain clear information about
selecting MGMT to use the management port for grid communication.
NIOS-66070 Major The Infoblox DNS Cache Acceleration Administrator Guide did not contain
information about the set dns transfer, set monitor dns, and show
monitor dns commands being disabled on certain appliances that have an
active DNS Cache Acceleration license.
NIOS-66052 Major A dot (.) could not be added to the Strict Hostname Checking policy after
upgrading to NIOS 8.2.2.
NIOS-65994 Major AD authenticated scheduled reports did not run successfully.
NIOS-65963 Major When a name server group was modified, some zones using the name server
group did not increment their SOA serial number.
NIOS-65949 Major The DHCP range did not receive DHCP options from the range template if the
template was assigned to a Microsoft failover association.
NIOS-65938 Major SNMP traps did not work because of a mismatch in the engine IDs.
NIOS-65933 Major The infoblox.log file had numerous print_vector and check_duplicate
messages.
NIOS-65914 Major Unable to connect to the bloxTools environment after upgrading to NIOS 8.0.10.
NIOS-65912 Major When a new data collection VM was registered, the NIOS UI displayed an error
message.
NIOS-65044 Major The DHCP configuration file did not contain information about the IP address of
the primary DNS server when the domain name was entered in upper case
letters when enabling DDNS.
Fixed in NIOS 8.2.5
ID Severity Summary
NIOS-66015 Major Limited-access users who had Read/Write permission were unable to run
scheduled reports.
400-0704-207 Rev. D 10/3/2018
Fixed in NIOS 8.2.4
ID Severity Summary
NIOS-64771 Critical DTC objects were taking a long time to load.
NIOS-64982 Critical Grid Master experienced an unexpected HA failover after the

set_dns_autogen command was executed.
NIOS-65192 Critical Applying the Reporting Reset license displayed an error message.
NIOS-65347 Critical DNS service issues were observed on Infoblox-4030 appliances.
NIOS-65559 Critical LEDs on the PT-1400 series of appliances were switched on even though the Turn
Off button was clicked in the Hardware Identify panel.
NIOS-65768 Critical NXDOMAIN queries were not sent to an upstream server until the timeout period
expired, but other queries such as NOERROR were sent as soon as the TTL value
expired.
NIOS-65854 Critical Multiple unmanaged networks were not being converted to managed networks.
ID Severity Summary
NIOS-62631 Major The Infoblox appliance rebooted unexpectedly with "Re-generated 11 signatures"
messages.
NIOS-64537 Major Pending changes were listed when a Restart Services operation was attempted.
NIOS-65442
NIOS-64648 Major The DHCP service restarted unexpectedly causing HA failovers.
NIOS-64653 Major After an upgrade from NIOS 7.3.4 to 8.1.1, scheduled discovery did not
complete and manual discovery also failed.
NIOS-64874 Major False positives were reported in Threat Analytics.
NIOS-64964 Major DSBs installed with MIBs took a long time to synchronize.
NIOS-65105 Major Files of the type ".key" were included in support bundles where alternate
partition data was collected.
NIOS-65126 Major DCA did not restart after the DNS service stopped and restarted.
NIOS-65157 Major Under certain circumstances, upgrading NIOS from version 6.6.8 to 6.12.28
might result in DNS service restarts.
NIOS-65195 Major The NSEC3 record for the delegated subzone was not removed thus causing
SERVFAIL responses instead of the expected NXDOMAIN response.
NIOS-65212 Minor Ruby gems and JSON gems were not updated to the latest version.
NIOS-65220 Major An error message was displayed on the Grid Master that had CNA enabled.
NIOS-65230 Major Grid Master was restarting every 2 to 3 minutes when Microsoft synchronization
was enabled with the default minimum synchronization interval of 2 minutes.
400-0704-207 Rev. D 10/3/2018
NIOS-65259 Major A temporary Reporting license on the IB-V5005 appliance was not allowed.
NIOS-65269 Major The IB-820 appliance restarted automatically.
NIOS-65277 Major RabbitMQ packets were targeted at the VPN IP address.
NIOS-65302 Major A value of 0 was being returned for SNMPv3 traps.
NIOS-65335 Major A DHCP outage occurred after a network container was deleted.
NIOS-65338 Major TTL of a host record in the reverse mapping zone was not working as expected.
NIOS-65382 Major The named service was impacted because of a suspected database upgrade
through DDNS updates.
NIOS-65499 Major A DHCP client system did not get the same IPv6 lease when it rejoined the
subnet.
NIOS-65628 Major During an HA failover, the nodes were taking a long time to synchronize.
NIOS-65629
NIOS-65648
NIOS-65631 Major DNS members were not responding to the queries that caused an outage.
NIOS-65719 Major In an HA environment, logging into the Grid Manager displayed an error
message.
NIOS-65212 Minor Ruby gems and JSON gems were not updated to the latest version.
NIOS-65255 Minor The node upgrade status displayed “Reverted” instead of “Upgraded” when a
successful upgrade followed a failed upgrade.
NIOS-65527 Minor On Microsoft Windows 7 and Windows 10 operating systems, the Grid Master was
not displayed in Internet Explorer 11.x if the compatibility view was enabled.
NIOS-6781 Minor In an HA environment, a problem occurred during database replication between
nodes and database violations occurred in the transmission queue on the grid.
Fixed in NIOS 8.2.3
ID Severity Summary
NIOS-65635 Major Addressed the following vulnerability:
CVE-2017-3145: A code path in DNSSEC validation was introduced in the fix for CVE-
2017-3137. Trying to validate answers with certain unusual attributes could lead to
using freed memory, resulting in a race condition in which two possible outcomes
might occur. The usual path did not result in a crash, but could lead to log messages
that contained the text “<unknown address, family 57054>,” while the less usual path
could result in a crash when the freed memory was accessed.
400-0704-207 Rev. D 10/3/2018
Fixed in NIOS 8.2.2
ID Severity Summary
NIOS-65101 Critical Microsoft AD synchronization might go into a warning state when a Microsoft site is
deleted, resulting in an unassociated subnet.
NIOS-65095 Critical Unable to assign a managing member to the Microsoft server in some specific
configurations.
NIOS-65037 Critical Under certain circumstances, DNS service entered a restart loop.
NIOS-64834 Critical When handling TCP output packets that resulted in a large number of socket buffer
fragments, an appliance with a SNIC could return PCIe bus errors and trigger a SNIC
reset or system reboot, causing DNS service outage.
NIOS-64533 Critical Under specific circumstances, PIV card support for two-factor authentication might
not function properly.
NIOS-64571 Critical Running vDiscovery tasks for AWS endpoints might affect the Grid Manager
performance.
NIOS-64462 Critical An HA member experienced a disk full alert due to file rotation issues for reporting
data.
NIOS-64410 Critical Under certain circumstances, the BGP unexpectedly restarted when restarting the DNS
service.
ID Severity Summary
NIOS-65205 Major Under certain circumstances, upgrading from 6.12.24 to 8.1.6 might fail.
NIOS-64623 Major WAPI: When using the WAPI to update a fixed address/Microsoft reservation that
included custom DHCP options 66 and 67, the changes were not updated on the
Microsoft servers because synchronization with the Windows servers did not occur.
NIOS-65048 Major A newly created zone contained auto-generated A records from Grid members that
were not part of the NS group to which the zone was assigned.
NIOS-65103 Major Under specific circumstances, DNS service for certain members was interrupted due to
issues related to IP header offset.
NIOS-64923 Major The passive node of an HA Grid Master encountered multiple segmentation faults
when Cisco ISE was enabled.
NIOS-64875 Major Unable to add a host record with a name that contained a dot and a hyphen under the
strict hostname policy violation.
NIOS-65079 Major NIOS went into a restart loop due to two OMAPI socket descriptor issues that were
later fixed in an ISC patch.
NIOS-65051 Major An upgrade could fail due to a database initialization issue.
NIOS-65036 Major Under specific configuration, DNS service restarted with assertion failure.
NIOS-65024 Major RPZ did not function properly after replacing the temporary RPZ license with a
permanent one.
400-0704-207 Rev. D 10/3/2018
NIOS-64992 Major A newly added IPv6 static route through Grid Manager was not reflected in the output
of the show routes CLI command.
NIOS-64869 Major This release reverted the changes made to the “None” setting for zone transfers.
NIOS-64674 Major On certain occasions, NTP lost connection due to DNS service outage.
NIOS-64952 Major Unable to view IPAM data in the IPAM tab of Grid Manager.
NIOS-63080 Major In a specific configuration, a Microsoft failover association encountered data loss after
Microsoft servers were added to the database in RW mode.
NIOS-64832 Major On some occasions, when deleting a selected exclusion range, NIOS might delete other
exclusion ranges that were not selected for deletion.
CVE-2017-3735: If an X.509 certificate had a malformed IPAddressFamily extension,

OpenSSL could do a one-byte buffer overread, resulting in an erroneous display of the
certificate in text format.
NIOS-64899 Major The administrator password was displayed in text format in the audit log files when
defining or creating a new AD connection.
NIOS-64773 Major When using an IPV4/IPv6 LAN and MGMT address, NIOS experienced an LDAP
authentication issue when using AAA records to reach the LDAP servers.
NIOS-62245 Major Certain IB-VM-820 appliances that did not have the serial console or pass the
emergency prompt failed the boot-up process during an upgrade.
NIOS-64562 Major The Grid Master was inaccessible due to a disk full issue.
NIOS-64769 Major Under certain circumstances, vDiscovery did not function properly in AWS.
NIOS-64394 Major It took a long time to import a lot of bulk host records through CSV import.
NIOS-64635 Major After adding a shared record group with an empty shared A record, associating a zone
with the shared record group caused the appliances associated with the zone to go
offline.
NIOS-64736 Major Unable to perform vDiscovery in an OpenStack environment that used public
endpoints.
NIOS-63875 Major Under specific circumstances, reverting a standalone Grid member failed.
NIOS-64680 Major The show hardware status CLI command did not show the second power supply
that was installed.
NIOS-64602 Major The DNS names appeared in reverse order when searching in a smart folder.
NIOS-64513 Major The Threat Protection and RPZ dashboards both displayed the same statistics on a
Grid member.
NIOS-64666 Major PAPI: It took longer than expected to execute a PAPI script in a specific NIOS version.
NIOS-64665
NIOS-62611 Major NIOS tracked and limited TCP DNS queries, which could affect TCP connections.
400-0704-207 Rev. D 10/3/2018
NIOS-64540 Major The appliance would still perform zone transfers when you overrode the zone transfer
setting to “None” at the zone level if your Grid or member setting allowed zone
transfers.
NIOS-64450 Major SSH sessions were terminated automatically when running traffic capture in
maintenance mode.
NIOS-63866 Major On rare occasions, unable to access the reporting server due to some licensing issues.
NIOS-63940 Major Under certain circumstances, the Grid Master Candidate could reach a high database
usage with a lot of “version_deleted_object” stored in the database.
NIOS-63947 Major No NS records from the default NS group were assigned to the automatically created
reverse zones.
NIOS-63847 Major This release supports the SAN (Subject Alternate Name) over the commonName used
in the self-signed certificates due to a change in the Google Chrome browser.
NIOS-65187 Minor The IPv4 address for the B-ROOT server has been changed.
NIOS-64897 Minor Unable to apply a permanent Discovery license through Grid Manager on an ND-805
appliance.
NIOS-64743 Minor WAPI: The limitation of the size of a WAPI multiple object request was not
documented.
NIOS-64429 Minor Upgrading a reporting license on a Grid in which the Grid license was already installed
caused a conflict.
NIOS-63762 Minor The NIOS Administrator Guide did not have comprehensive documentation about
configuring prefix delegation.
Fixed in NIOS 8.2.1
ID Severity Summary
NIOS-64632 Major Certain upgrade sequences in the NIOS 8.1 release followed by the 8.2.0 upgrade
NIOS-64621 could cause issues on the Grid members.
Fixed in NIOS 8.2.0
ID Severity Summary
NIOS-64060 Critical Under certain circumstances, a few Grid members in an Internet-facing Grid
experienced DNS service restarts.
NIOS-63829 Critical The NIOS Administrator Guide omitted a few supported appliances for Threat Insight.
NIOS-63631 Critical Unable to filter by extensible attribute in a smart folder.
NIOS-63579 Critical A DHCP Grid member incorrectly inherited some DHCP options, passing on PXE lease
time to certain printers.
NIOS-63570 Critical NTP clients were unable to synchronize using NTP access keys there were longer than
20 bytes.
NIOS-63414 Critical When copying audit log to syslog, the appliance did not use the assigned facility.
400-0704-207 Rev. D 10/3/2018
NIOS-63411 Critical Under certain cirucumstances, unable to modify networks that were associated with a
specific extensible attribute.
NIOS-63354 Critical Grid Manager returned an error when users tried to view or remove a scheduled task
in the Administration -> Workflow -> Task Manager tab.
NIOS-63336 Critical Added a note to the NIOS Administrator Guide recommending users to keep at least
one member in the default upgrade group to ensure that a scheduled upgrade was
successful.
NIOS-63243 Critical For new installations, the appliance used a fixed password (instead of generating
random passwords) for Cloud API users.
NIOS-63134 Critical The appliance asked for read/write permission for DNS scavenging when limited-
access users tried to update Active Directory configuration for a DNS zone.
NIOS-63106 Critical Auto-created PTR records associated with a specific hostname were deleted after a
NIOS-63105 parent zone was imported through Grid Manager. This issue was resolved after
creation_timestamp was set for all RRs that were imported through Import Zone.
ID Severity Summary
NIOS-64370 Major Discovered data by Network Insight was not populated in the expected fields in NIOS.
NIOS-64047 Major Unable to add an authoritative root zone under certain circumstances.
NIOS-64039 Major Threat Insight: Limited-access users were unable to add whitelisted domains.
NIOS-63998 Major When DDNS updates was enabled and a zone was authoritative, the DHCP
configuration file did not reflect the IP addresses of the primary servers in the zone
configuration if the domain name for the zone was in upper case letter.
NIOS-63964 Major Unable to upload pool licenses under certain circumstances.
NIOS-63932 Major Navigating to the Cloud -> VMs tab in Grid Manger took longer than expected.
NIOS-63721
NIOS-63908 Major In certain configurations, reporting data might consume more disk space than
expected on the Grid member.
NIOS-63879 Major The appliance did not respond with all the expected records in a zone after an old ZSK
was removed.
NIOS-63858 Major On June 1st UTC, the IPv6 address for B-ROOT server (b.root-servers.net) has been
changed.
NIOS-63843 Major An unexpected reboot causing the Grid Master to fail over during the restoration of an
authoritative zone from the Recycle Bin.
NIOS-63831 Major This release removed the support for IPv6 stub and not-so-stubby area types.
NIOS-63786 Major The extensible attribute functionality did not perform properly due to an incorrect
entry in the extensible attribute definition.
NIOS-63785 Major Active Directory authentication failed if the appliance could not resolve the FQDN for
the first server.
NIOS-63776 Major A DNS scheduled restart group was not executed at the configured time.
400-0704-207 Rev. D 10/3/2018
NIOS-63771 Major In certain configurations, the BFD process failed intermittently.
NIOS-63766 Major WAPI: The ‘:=’ operator used for FQDN search was case sensitive, returning
unexpected results.
NIOS-63764 Major Unable to reclaim records that had the “Not Queried Since…” property in the “Last
Queried” column.
NIOS-63756 Major Under certain circumstances, activating duel stack mode caused a Grid Master failure.
NIOS-63747 Major NIOS did not support the UPN attribute in the certificate, causing an issue in the
authentication service.
NIOS-63739 Major When HA members performed an HA failover, the WINS forward on the members
failed.
NIOS-63704 Major A user group with read-only permissions experienced issues that resulted in users’
inability to view certain information in Grid Manager.
NIOS-63666 Major Under certain circumstances, the parent cache for ZRQ sub transaction was initialized
incorrectly.
NIOS-63657 Major An IB-4030 appliance experienced an error while transferring traffic to another IB-
4030 appliance.
NIOS-63648 Major The appliance was unable to generate a new DHCP configuration file.
NIOS-63624 Major Under certain circumstances that involved extremely high volumes of DDNS updates,
the database could leak memory.
NIOS-63617 Major On some occasions, DNS responses were sent through the anycast loopback interface
instead of the LAN/VIP interface in a multiple primary configuration.
NIOS-63610 Major DDNS updates did not automatically update reverse-mapping zones.
NIOS-63606 Major User Identity Mapping was not supported on TE-825 Grid Master.
NIOS-63603 Major In a specific configuration, the primary DNS server experienced a mismatched SOA
serial number.
NIOS-63568 Major Unable to modify the IP address of a Grid member.
NIOS-63567 Major WAPI: Call for RPZ rule SubstituteIPAddressCname was not functioning properly.
NIOS-63552 Major Unable to create a hots record using the same MAC address that was still in the DHCP
configuration.
NIOS-63546 Major Improved the documentation for IPAM Plugin v4.2.1.
NIOS-63532 Major In a multi-Grid configuration, unable to set up snapshots of sub Grids.
CVE-2016-10229: udp.c in the Linux kernel before 4.5 allowed remote attackers to
execute arbitrary code via UDP traffic that triggered an unsafe second checksum
calculation during execution of a recv system call with the MSG_PEEK flag.
NIOS-63506 Major Unable to download updates for ADP rulesets when using the automatic update
feature.
400-0704-207 Rev. D 10/3/2018
NIOS-63494 Major Unable to add members to the name server group.
NIOS-63478 Major Unable to recover glue records for a delegated zone using the CLI command set
dns-auto-gen.
NIOS-63459 Major An HA failover occurred after the installation of a certificate.
NIOS-63431 Major Remote users and AD users were unable to view reports.
NIOS-63406 Major Unable to restore an external DNS view from the Recycle Bin after it was deleted.
NIOS-63397 Major Under certain circumstances, unable to view the syslog.
NIOS-63395 Major Unable to run the Captive Portal service after an upgrade.
NIOS-63391 Major Under certain circumstances, a forced restart could cause DNS outage.
NIOS-63384 Major A traffic capture contained numerous files from different areas, instead of one single
file.
NIOS-63380 Major Grid Manager returned an error after importing a TXT record through CSV import.
NIOS-63368 Major Unable to run vNIOS for Hyper-V on Microsoft Windows 2008 R2.
NIOS-63364 Major On some occasions, an HA failover occurred after DHCP services restarted.
NIOS-63362 Major On rare occasions, the DHCP service restarted on some appliances.
NIOS-63343 Major Under certain circumstances, a newly created DTC server caused the DNS service to go
into a restart loop, resulting in DNS outage.
NIOS-63313 Major Unable to log in to the Grid Master due to a disk full error caused by issues related to
journal queue files.
NIOS-63312 Major On a special occasion, users were unable to include certain DHCP options in their
requests.
NIOS-63262 Major In certain situations, global search did not function as expected.
NIOS-63244 Major When the One Lease Per Client feature was enabled, the DHCP service might not
reference the correct UIDs of leases.
NIOS-63240 Major Unable to see the correct NS records because the name server groups were not
populated correctly.
NIOS-63233 Major Certain threat protection rules unexpectedly blocked valid traffic.
NIOS-63229 Major Excessive error messages logged for DDNS update failures during database
transactions.
NIOS-63220 Major This release upgrades NTPD to ntp-4.2.8p10 to address the following medium to low
severity vulnerabilities: CVE-2017-6464, CVE-2017-6463, CVE-2017-6462, CVE-2017-
6460, CVE-2017-6459, CVE-2017-6458, CVE-2017-6455, CVE-2017-6452,
CVE-2017-6451, CVE-2016-9042, CVE-2016-7434.
NIOS-63209 Major Grid Manager returned a timeout message when users navigated to the Data
Management -> DHCP -> Networks -> tab and click on a range.
400-0704-207 Rev. D 10/3/2018
NIOS-63184 Major Unable to properly remove Microsoft servers and their associated records from the
Grid.
NIOS-63173 Major Certain normal non-segment TCP DNS queries triggered a threat protection rule,
generating alerts.
NIOS-63164 Major Under certain circumstances, the Grid Master might fail the upgrade test and the
actual upgrade.
NIOS-63163 Major CSV export did not include DNSSEC signed zones.
NIOS-63163 Major Grid Manager returned a timeout error when users searched a host record by DNS view
and by a host alias at the same time.
NIOS-63155 Major Unable to remove a discovery member from the Grid.
NIOS-63116 Major Under certain circumstances, the distribution process failed on the passive node of an
HA pair during an upgrade.
NIOS-63109 Major Under certain circumstances, the PXE lease time inherited the incorrect time value.
NIOS-63050 Major Unable to overwrite files that were created earlier when using the NIOS appliance as a
file server for Avaya VoIP phones.
NIOS-63041 Major Under specific circumstances, the IB-4030 might reboot due to power cycle recovery.
NIOS-63033 Major In some situations, the valid DHCPv6 lease time for a roaming host could be
configured to a value less than the preferred lease time.
NIOS-62967 Major Unable to log in to FTP or SFTP in the bloxTools environment due to some password
format issues.
NIOS-62951 Major Under certain circumstances, users experienced slow GUI performance on the Grid
after enabling identity mapping and synchronizing network users with Microsoft
Servers.
NIOS-62937 Major The API Documentation contained incorrect syntax for
Infoblox::DNS::Member::SoaMname.
NIOS-62846 Major Under certain conditions, certain reports did not function properly, causing NIOS to
return errors.
NIOS-62833 Major Under some circumstances, an HA pair was unable to upgrade properly due to some
timing issues.
NIOS-62750 Major Users with first and last names were unable to log in to Grid Manager when
authenticating through a nested group or non-nested group if Nested Group Query was
enabled.
NIOS-62635 Major Unable to use the Identity Mapping feature under certain circumstances.
NIOS-62189 Major The “Scheduled Task Restarts” feature did not function properly.
NIOS-62167 Major Unable to view active users and Microsoft servers displayed errors while using the
Identity Mapping feature.
NIOS-61644 Major When using the MAC address of a deleted fixed address to request a lease, both nodes
of the DHCP failover association restarted with a “segfault” error.
400-0704-207 Rev. D 10/3/2018
NIOS-60745 Major The RRSIGs for DNSKEY records were not regenerated, causing a DNSSEC validation
failure.
NIOS-60468 Major The reporting services was using the VIP of the HA interface as the source destination
while using the MAC address of the LAN1 interface.
NIOS-55439 Major It took longer than expected to return data in the Network Users Widget if there are
large networks in the Grid.
NIOS-64124 Minor Certain RPZ contents were not displayed correctly the exported CSV file.
NIOS-63990 Minor Text in the SNMP trap was not clear when a Grid member or the passive node of the
Grid Master was rebooted.
NIOS-63716 Minor Under certain circumstances, the DHCP service experienced a delay.
NIOS-63577 Minor Unable to get search results when using multiple filter criteria in the Current Leases
tab in Grid Manager.
NIOS-63547 Minor An authoritative zone was removed during a zone transfer.
NIOS-63526 Minor When using the export_data log_files method in the API, the resulting tar.gz
file contained paths with a leading “/”.
NIOS-63616 Minor DDNS updates did not support CAA resource records.
NIOS-63378 Minor The disk usage on the Gird Master was high while exporting the GSS-TSIG keys.
NIOS-63373 Minor Added more information for the SNMP trap for the LDAP service state change.
NIOS-63372 Minor Removed certain requirements from the documentation for reporting and threat
protection.
NIOS-63166 Minor NetMRI sent “enable” command even when the device was already in privilege mode.
NIOS-62609 Minor Grid Manager returned an error when users opened a smart folder containing objects
that were no longer in the database.
NIOS-62275 Minor The “Allow Underscore” hostname policy did not function as expected.
NIOS-59901 Minor Unable to remove blacklisted RPZs after removing the analytics member from the
Grid.
NIOS-63341 Enhance This release adds CLI commands for enabling and disabling the database transaction
trace log.
NIOS-60443 Enhance Updated the root zone KSK in NIOS.
Fixed in NIOS 8.1.4
ID Severity Summary
NIOS-64400 Major Addressed a regression, introduced with the fix for CVE-2017-3142, that caused the
verification of TSIG-signed TCP message sequences for large zones (where not all the
messages were signed) to fail incorrectly.
NIOS-61644 Major When using the MAC address of a deleted fixed address to request a lease, both nodes
of the DHCP failover association restarted with a “segfault” error.
400-0704-207 Rev. D 10/3/2018
Fixed in NIOS 8.1.3
ID Severity Summary
CVE-2017-3143: An attacker who was able to send and receive messages to an

authoritative DNS server and who had knowledge of a valid TSIG key name for the
zone and service being targeted might be able to manipulate NIOS into accepting a
dynamic update.
CVE-2017-3142: An attacker who was able to send and receive messages to an

authoritative DNS server might be able to circumvent TSIG authentication of AXFR
requests via a carefully constructed request packet.
Fixed in NIOS 8.1.2
ID Severity Summary
NIOS-63579 Critical A DHCP Grid member incorrectly inherited some DHCP options, passing on PXE lease
time to certain printers.
NIOS-63570 Critical NTP clients were unable to synchronize using NTP access keys there were longer than
20 bytes.
ID Severity Summary
NIOS-63858 Major On June 1st UTC, the IPv6 address for B-ROOT server (b.root-servers.net) has been
changed.
CVE-2017-3140: RPZ policy handling could affect servers using RPZ policies that
included NSIP or NSDNAME triggers, resulting in additional recursions that consumed
DNS resources indefinitely and caused performance issues or DNS outage.
NIOS-63771 Major The BFD function experienced some intermittent issues.
NIOS-63739 Major When HA members performed an HA failover, the WINS forward on the members
failed.
NIOS-63682 Major Under certain circumstances, unable to run vDiscovery on an AWS endpoint.
NIOS-63624 Major Under certain circumstances that involved extremely high volumes of DDNS updates,
the database could leak memory.
NIOS-63617 Major On some occasions, DNS responses were sent through the anycast loopback interface
instead of the LAN/VIP interface in a multiple primary configuration.
NIOS-63610 Major DDNS updates did not automatically update reverse-mapping zones.
NIOS-63362 Major On rare occasions, the DHCP service restarted on some appliances.
400-0704-207 Rev. D 10/3/2018
NIOS-63164 Major Under certain circumstances, the Grid Master might fail the upgrade test and the
actual upgrade.
NIOS-63616 Minor DDNS updates did not support CAA resource records.
Fixed in NIOS 8.1.1
ID Severity Summary
NIOS-63243 Critical For new installations, the appliance used a fixed password (instead of generating
random passwords) for Cloud API users.
ID Severity Summary
NIOS-63229 Major Excessive error messages logged for DDNS update failures during database
transactions.
NIOS-63220 Major This release upgrades NTPD to ntp-4.2.8p10 to address the following medium to low
severity vulnerabilities: CVE-2017-6464, CVE-2017-6463, CVE-2017-6462, CVE-2017-
6460, CVE-2017-6459, CVE-2017-6458, CVE-2017-6455, CVE-2017-6452, CVE-2017-6451,
CVE-2016-9042, CVE-2016-7434.
CVE-2017-3137: Processing a response containing CNAME or DNAME records in an

unusual order could cause a DNS resolver to terminate.
CVE-2017-3136: Using DNS64 with 'break-dnssec yes' could cause the DNS service to
exit with an assertion failure.
NIOS-62951 Major Under certain circumstances, users experienced slow GUI performance on the Grid
after enabling identity mapping and synchronizing network users with Microsoft
Servers.
Fixed in NIOS 8.1.0
ID Severity Summary
NIOS-62700 Critical After publishing a DTC topology to Grid members, the DNS service went into a restart
loop, causing DNS outage.
NIOS-62574 Critical The appliance included auto-generated resource records in the CSV report even after
the authoritative zone was removed from the DNS view in which other zones used the
same records as the NS FQDN.
NIOS-62372 Critical Under certain circumstances, the PT-1400 appliance was unable to join the Grid after
the threat protection service was enabled in monitoring mode.
NIOS-62295 Critical In an anycast configuration with port redundancy enabled, the IPv6 OSPF neighbor
unexpectedly went offline after a NIC failover.
NIOS-62269 Critical On rare occasions, the appliance experienced intermittent service outage due to
issues related to zone reloading.
400-0704-207 Rev. D 10/3/2018
NIOS-62246 Critical In a specific configuration, the PT-2200 might experience DNS query timeouts due to a
socket buffer issue.
NIOS-62138 Critical Under specific circumstances, users were unable to remove obsolete NS records.
NIOS-62126 Critical Unable to save Grid DHCP properties in a Grid in which specific GSS-TSIG settings were
configured for certain Grid members.
NIOS-62118 Critical On rare occasions, the DHCP service experienced high CPU usage.
NIOS-61968 Critical Reverse zones failed to load due to overlapping IPs from bulk hosts.
NIOS-61774 Critical A DHCP range did not inherit IPv4 logic filters from its parent network or network
container.
NIOS-60748 Critical It took longer than expected for limited-access users to access Grid Manager when
there were a lot of top-level zones in the Grid.
ID Severity Summary
NIOS-63287 Major Unable to make zone changes due to Safenet HSM issues.
NIOS-63092 Major Unable to modify a zone and Grid properties or view DNS members under certain
conditions.
NIOS-63041 Major Under specific circumstances, the IB-4030 might reboot due to power cycle recovery.
NIOS-62964 Major Enabling Identity Mapping and synchronizing network users with Microsoft servers
affected performance on Grid Manager.
NIOS-62942 Major On rare occasions, the Default Dashboard did not display any content while other
dashboards functioned properly.
NIOS-62931 Major The IB-4030 appliance might not respond to DNS queries if the DSCP was set to a
certain value.
NIOS-62929 Major Unable to remove an auto-generated record from Grid Manager or through certain CLI
commands in maintenance mode.
NIOS-62903 Major Under certain circumstances, the Grid Master restarted due to a failure in the
“make_sec_data_conf” process.
NIOS-62832 Major Under special circumstances, a member HA pair stayed in the “upgrading & syncing
storage files” mode after an upgrade, causing DNS outage.
NIOS-62813 Major The SOA email address was not updated even after the SOA RNAME was configured at
the Grid level.
NIOS-62786 Major Under certain circumstances, LDAP authentication did not function properly after an
upgrade.
NIOS-62770 Major Generating the DHCP configuration file might fail if GSS-TSIG update was enabled, but
domain controller (KDC) and keys were not set.
NIOS-62741 Major Under certain circumstances, the appliance experienced increased SWAP usage and
reporting service interruptions.
NIOS-62656 Major Changes made in the Active Directory user profile were reverted to default after users
logged out and then logged back in to the system.
400-0704-207 Rev. D 10/3/2018
NIOS-62645 Major Unable to join the passive node of an HA pair that was running Infoblox Advanced DNS
Protection to the Grid after it went offline.
NIOS-62603 Major Under certain circumstances, an RPZ CIDR tree insertion error could corrupt the tree
data structure that contained overlapping networks, causing the DNS service to
restart.
NIOS-62585 Major On specific occasions, the passive node of an HA pair experienced NTP restarts when
the Grid was synchronized with external NTP servers, especially in a multi-Grid
configuration.
CVE-2017-3135: Under some conditions when using both DNS64 and RPZ to rewrite
query responses, the querying process could resume in an inconsistent state, resulting
in either an INSIST assertion failure or an attempt to read through a NULL pointer.
NIOS-62537 Major The Member Detailed Status in Grid Manager and the CLI command output of "show
hardware_status" did not reflect the correct power supply status when the power
cable was unplugged on the IB-4010 appliance.
NIOS-62526 Major Under certain circumstances, the Infoblox reporting application did not preserve the
original option settings after an upgrade.
NIOS-62507 Major Grid Manager did not display all the upgrade groups in the Upgrade Scheduler tab.
NIOS-62492 Major Network Insight: Unable to properly detect certain IPv6 devices.
NIOS-62489 Major In a VMware environment with outdated VMware tools, vDiscovery did not function
properly.
NIOS-62480 Major Addressed a few TCP ports on default installation.
NIOS-62464 Major Under certain circumstances, the Grid Master shut down on occasions when Common
Criteria mode was enabled.
NIOS-62454 Major Updated the Installation Guide for the IB-2200 Series to reflect the correct order of
the hard disk drives.
NIOS-62450 Major In certain configurations, a DNS view experienced DNS outage when the order of the
DNS views was set to automatic.
NIOS-62436 Major When using the appliance as a file server for Avaya VoIP phones, users were unable to
overwrite files that were previously created through the phones.
NIOS-62389 Major Unable to set up HSM signing with a Thales HSM Group due to incompatible version of
Thales.
NIOS-62388 Major On a standalone appliance, the “Response Policy Zones Hit Rate Configuration” was
missing in the System Properties editor if the Grid license was not installed.
NIOS-62347 Major In the Member DNS Properties editor under the “Recursive views assigned to this
member” section, DNS views in the “Available” table were automatically moved to
the “Selected” table when a DNS view was deleted from the “Selected” section.
NIOS-62342 Major When users deleted a DNS zone from an external DNS view, the glue A records for the
name servers specified for another zone in the same DNS view might be deleted as
well.
400-0704-207 Rev. D 10/3/2018
NIOS-62339 Major Unable to remove offline members from the Grid even after they were dissociated
from the name server group.
NIOS-62317 Major Under specific circumstances, upgrade test might fail.
NIOS-62310 Major The associated fixed addresses did not exist even after the host addresses were
configured for DHCP.
NIOS-62283 Major HA failovers occurred due to issues related to the HTTPD process.
NIOS-62264 Major Unable to download traffic captures due to an issue related to the length of the file
name.
NIOS-62261 Major Unable to access a whitelisted URL because the appliance could not find the NS record
for the whitelisted RPZ.
NIOS-62255 Major The appliance deleted an incorrect record after synchronizing with the Microsoft
server, causing service disruptions on the server.
NIOS-62244 Major Under certain circumstances, Grid Manager did not display any DNS statistics for two
Grid members while showing data for others.
NIOS-62237 Major When installing a temporary Reporting license on the IB-V1405 appliance that had a
one-year Grid license, the Reporting license was given a 60-day expiry period instead
of one-year.
NIOS-62229 Major Under certain circumstances, API scripts took longer than expected to complete.
NIOS-62216 Major A CNAME record that contained a backslash (\) symbol in the name caused DNS outage.
NIOS-62207 Major Unable to download traffic capture on Grid members that were scheduled for an
upgrade after the Grid Master had been upgraded.
NIOS-62200 Major Search results for “Protected equals Yes” for a reverse-mapping zone returned results
that included both “Yes” and “No.”
NIOS-62194 Major During an upgrade, the distribution process failed on certain Grid members.
NIOS-59171 Major In certain configurations, an IPv6-only Grid did not function properly.
NIOS-62180 Major On certain appliances, an upgrade could affect service performance.
NIOS-62176 Major Infoblox DNS Firewall did not function properly after a temporary RPZ license was
installed during an upgrade.
NIOS-62164 Major The NTP server did not respond if IPv6 networks were granted the “Allow” permission
in an Access Control List.
NIOS-62165 Major The system intermittently restarted and the GUI was affected after a scheduled
upgrade.
NIOS-62135 Major Unable to change the TTL values for a few host records.
NIOS-62125 Major Grid Manager returned an error when users tried to open the IPAM List view for
certain subnets.
NIOS-62108 Major Microsoft Management: The appliance accepted a trailing space in the
NIOS-62078 Domain\Username credential field, causing synchronization issues.
NIOS-62095 Major Limited-access users were unable to access or view any predefined reports.
400-0704-207 Rev. D 10/3/2018
NIOS-62036 Major Grid Manager might not display certain resource records when users sorted the records
by principal in a specific DNS zone.
NIOS-62025 Major PAPI or WAPI: The logic filter list was not applied to the newly created network when
using a network template that was configured with IPv4 filters.
NIOS-62003 Major If the list of discovered VLANs was very long, the scrolling function might not perform
correctly.
NIOS-61697 Major Neighbor history revision tracking via the use of partition tables could cause large
NIOS-61989 repositories of data usage on ND appliances.
NIOS-61955 Major Under certain circumstances, the Grid Master failed over due to issues with the HTTPD
process.
NIOS-61937 Major This release adds the ability to hide IP addresses that are not in use when using Global
Search.
NIOS-61929 Major When deleting exclusion ranges, the appliance removed those that were not included
as part of the filtered results.
NIOS-61884 Major In a specific configuration, the anycast behavior on the PT-2210 and 2220 appliances
changed after an upgrade.
NIOS-61815 Major Under certain circumstances, opening a Global Smart Folder in Grid Manager took
longer than expected.
NIOS-61800 Major On rare occasions, the appliance failed to run an upgrade test.
NIOS-61768 Major The SOA serial number was incremented after users modified the comment of a
reverse-mapping zone.
NIOS-61752 Major When logged in using a specific AD account, Grid Manager returned an error when
users tried to create a smart folder.
NIOS-61706 Major Changes made to a network through Global Search were not reflected in the IPAM List
view.
NIOS-61549 Major DDNS updates from an external server caused certain DNS records to be removed,
resulting in DNS outage.
NIOS-61478 Major When the “Nested Group Query” feature was enabled on Windows servers,
authentication for all user accounts outside the “Users” OU group failed.
NIOS-61145 Major It took longer than expected to migrate DNS data using DIW and AXFR.
NIOS-60348 Major Auto-generated A records appeared in DNS views for members that were not
authoritative for any DNS zones in those views.
NIOS-60275 Major In a specific configuration, the TTL value for NS record was incorrectly inherited from
the external primary server.
NIOS-60230 Major When importing forward-mapping zone data using the “Import zone” feature from an
external name server with the option “Create Hosts and Bulk Hosts during import”
selected, NIOS converted A records to Host and put them in the forward zone.
NIOS-59362 Major Reporting: Certain dashboards returned lookup errors.
NIOS-58546 Major Fixed the issue that the SNMPD process was running as root.
400-0704-207 Rev. D 10/3/2018
NIOS-62880 Minor Updated the Infoblox NIOS Administrator Guide to reflect the fact that PTR records
were not created if reverse-mapping zone was not available.
NIOS-62765 Minor NIOS returned NXDOMAIN for a bulk host after users removed the sub zone
NIOS-62757 Minor Unable to review reports after joining a reporting server to the Grid due to an
incompatible IBRA version.
NIOS-62496 Minor The configured primary server was not displayed in the Primary name server (for SOA
MNAME field) field of the Zone Properties editor.
NIOS-62479 Minor The IB-2200 appliance sent an equipment failure SNMP trap with a “Minor” severity
instead of a “Major” severity.
NIOS-62386 Minor The online help for “Allow recursion” was outdated.
NIOS-62366 Minor The audit log recorded an entry for network changes even though no changes were
made after opening and closing the network.
NIOS-62233 Minor Unable to load a DNS zone if the zone name contained a trailing escape symbol (\).
NIOS-62199 Minor Under certain circumstances, the “Owner” field in a custom report changed to
“nobody” instead of the original owner.
NIOS-62188 Minor Extensible attributes that were restricted to network containers and networks did not
function as expected.
NIOS-62064 Minor Under certain circumstances, accessing audit history from the IP MAP view of Grid
Manager returned an error.
NIOS-62054 Minor On some occasions, invalid SNMPv3 traps were sent by Grid members.
NIOS-62050 Minor Temporary licenses could be installed on a vNIOS virtual appliance in an inappropriate
order.
NIOS-62041 Minor Certain dashboards and reports did not display statistics within the selected time
frame.
NIOS-62027 Minor The IPAMv4 Network Usage Statistics Dashboard did not display networks that were
not associated with a member.
NIOS-62012 Minor The IPAMv4 Top Utilization Networks Report did not reflect the actual utilization
NIOS-62009 value.
NIOS-61975 Minor Removed the IB-4005 model from the set_temp_license menu.
NIOS-61963 Minor Changed the label "Maximum concurrent outbound zone transfers per remote name
server” to "Maximum concurrent inbound zone transfers per remote name server” in
Grid Manager.
NIOS-61936 Minor Grid Manager displayed inconsistent status for active hosts in different tabs.
NIOS-61652 Minor Updated the documentation to reflect the correct behavior of the LEDs on the TE-
2200 appliance.
NIOS-61641 Minor An external syslog server was configured to monitor logs related to “Active Directory
Authentication,” but the syslog server displayed ZRQ logs from the passive node of an
HA pair.
NIOS-61469 Minor On rare occasions, the performance of Grid Manager was slower than expected.
400-0704-207 Rev. D 10/3/2018
NIOS-61414 Minor Multi-Grid Configuration: The strict delegation modes did not restrict the creation of
network containers.
NIOS-61401 Minor WAPI: The appliance did not return all the shared record groups for some DNS zones
when using WAPI calls that did not specify the FQDN.
NIOS-60674 Minor Limited-access users could modify the comment and extensible attribute fields of a
Host record.
NIOS-56058 Minor Some of the cloud related fields did not appear in the IPAM Network Details view.
NIOS-10777 Minor This release enhances the error message related to “no free leases.”
NIOS-61674 Enhance This release adds a check box in the GUI for enabling “DDNS protected' in the Host
Record creation wizard.
NIOS-61659 Enhance WAPI: The download file name was different than that in the WAPI Documentation.
NIOS-63045 Enhance This release adds threat protection rules for dropping UDP DNS queries without
NIOS-63044 “Recursive Desired” configured in the header.
Fixed in NIOS 8.0.5
ID Severity Summary
NIOS-63041 Major When certain threat protection response rules were enabled, the IB-4030-10GE could
engage in the power cycle recovery loop during a reboot.
NIOS-62931 Major The IB-4030 might not accelerate DNS queries that had DSCP values configured for a
certain value. It passed these queries to the standard DNS process. A high volume of
such queries might overload the DNS process, causing high CPU usage.
Fixed in NIOS 8.0.4
ID Severity Summary
NIOS-62372 Critical Under certain circumstances, the PT-1400 appliance was unable to join the Grid after
the threat protection service was enabled in monitoring mode.
NIOS-62295 Critical In an anycast configuration with port redundancy enabled, the IPv6 OSPF neighbor
unexpectedly went offline after a NIC failover.
NIOS-62269 Critical On rare occasions, the appliance experienced intermittent service outage due to
issues related to zone reloading.
NIOS-61968 Critical Reverse zones failed to load due to overlapping IPs from bulk hosts, resulting in
incorrect FQDN being returned.
400-0704-207 Rev. D 10/3/2018
ID Severity Summary
NIOS-62603 Major Under certain circumstances, an RPZ CIDR tree insertion error could corrupt the tree
data structure that contained overlapping networks, causing the DNS service to
restart.
CVE-2017-3135: Under some conditions when using both DNS64 and RPZ to rewrite
query responses, the querying process could resume in an inconsistent state, resulting
in either an INSIST assertion failure or an attempt to read through a NULL pointer.
NIOS-62342 Major A records for name servers in the “external" DNS view were deleted after a zone that
had the specific record as a name server was deleted.
NIOS-62317 Major Under specific circumstances, upgrade test might fail.
NIOS-62237 Major When installing temporary Reporting licenses on certain high-performance Trinzic
appliances, the license expiration did not align with that of the Grid license.
NIOS-62234 Major A gradual increase in swap space usage was experienced in the following appliances
that support IPMI (Intelligent Platform Management Interface): IB-810, IB-820, IB-800,
IB-1410, IB-1420, PT-1400, IB-1400, IB-2200, PT-2200, IB-2210, IB-2220, IB-4000, IB-
4010, IB-4020, IB-4030, IB-4030-10GE, PT-4000, ND-800, ND-1400, ND-2200, and ND-
4000.
NIOS-62216 Major Creating a CNAME record using the backslash (\) character in the name could cause a
DNS service outage.
NIOS-62190 Major Creating a sub zone that started with a wildcard character caused a zone failure.
NIOS-62176 Major The threat protection service did not automatically restart after a valid RPZ license
was installed after an upgrade.
NIOS-62165 Major Under certain circumstances, Grid Manager was very slow and it reverted to the
product restart page.
NIOS-62096 Major Network Insight: The network view value in a VRF mapping rule was mapped to 0
(zero), which was an invalid number and caused an error in NIOS.
NIOS-61478 Major Microsoft Management: Authentication for all user accounts outside the Users OU
(organizational unit) failed when the nested group query was enabled.
NIOS-61341 Major Reporting: The Top NXDOMAIN NOERROR report did not return data for some Grid
members.
NIOS-62229 Minor This release enhances the Infoblox PAPI and WAPI performance to meet certain
requirements.
NIOS-62123 Minor Updated the Infoblox NIOS Administrator Guide to reflect the correct port usage for
specific appliance roles.
NIOS-57752 Minor The appliance logged messages related to purging scavenging tasks even after DNS
scavenging was disabled at the Grid level.
400-0704-207 Rev. D 10/3/2018
Fixed in NIOS 8.0.3
ID Severity Summary
CVE-2016-9444: An unusually-formed answer containing a DS resource record could

trigger an assertion failure and cause the DNS service to stop, resulting in a denial of
service to clients.
CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC

information could trigger an assertion failure and cause the DNS service to stop,
resulting in a denial of service to clients.
CVE-2016-9131: A malformed response to an ANY query can trigger an assertion failure

during recursion and cause the DNS service to stop, resulting in a denial of service to
clients.
Fixed in NIOS 8.0.2
ID Severity Summary
NIOS-62118 Critical Under certain circumstances, the appliance experienced high CPU usage.
NIOS-61774 Critical On some occasions, the DHCP range did not inherit the logic filer list from its parent
network.
NIOS-61460 Critical In certain configuration, the Grid experienced high disk usage on multiple members.
NIOS-60748 Critical It took longer than expected for limited-access users to access Grid Manager.
ID Severity Summary
NIOS-62207 Major Downloads of the capture files failed during a scheduled upgrade.
NIOS-62180 Major In some cases, the DNS cache on the IB-4030 appliance can become degraded over
time, affecting DNS responsiveness. This issue affects only the IB-4030 appliance.
NIOS-62086 Major In a Multi-Grid configuration, credential validation on the sub Grid did not function
properly.
NIOS-62036 Major Grid Manager might not display certain records when users sort them by principal in a
particular zone.
NIOS-62017 Major CHAOS query was not supported when Advanced DNS Protection was enabled.
NIOS-61987 Major Under certain circumstances, Grid Manager displayed an error when users opened a
specific DNS zone.
NIOS-61145 Major It took longer than expected to perform DNS zone transfers using DIW.
400-0704-207 Rev. D 10/3/2018
NIOS-60348 Major Auto-generated A records appeared for Grid members that were not running DNS in
the respective view.
NIOS-60275 Major The TTL Value for a NS record was incorrectly inherited from the external primary
server, when the zone was assigned to a name server group containing the Grid Master
as Grid primary and an external secondary server.
NIOS-60230 Major The import zone data feature did not function properly when the “Create Hosts and
Bulk Hosts during Import” option was selected only for a forward-mapping zone.
NIOS-61469 Minor It took longer than expected to navigate through Grid Manager.
NIOS-61674 Enhance This release added an option for enabling “DDNS protected' in the Add Host Record
wizard.
Fixed in NIOS 8.0.1
ID Severity Summary
NIOS-61839 Critical Addressed the following vulnerability:
CVE-2016-8864: While processing a recursive response that contained a DNAME record

in the answer section, “named” could stop execution after encountering an assertion
error in resolver.c.
ID Severity Summary
NIOS-61924 Major VMware Tools was displayed as “Not running” on the IB-V825 and IB-V1425 appliances.
NIOS-61868 Major The diagnostic code for BFD has been changed for DNS service stop.
NIOS-61801 Major DNS Traffic Control: The menu actions “Add Existing Server” for a DTC pool and “Add
Existing Pool” for an LBDN might fail with an invalid error message. The message
indicates that a duplicate object is being added to the Pool or LBDN when the
selected object is not a duplicate.
Fixed in NIOS 8.0.0
ID Severity Summary
NIOS-60748 Critical Under certain circumstances, Grid Manager experienced latency when loading the DNS
tab.
NIOS-60700 Critical Unable to restart Grid services after an upgrade.
NIOS-60518 Critical The appliance returned an error by automatically generating the FireEye URL in lower
case irrespective of the Network/DNS view, causing mismatch with the actual network
and DNS view.
NIOS-60509 Critical Global search returned swap space error and GUI performance was slower than usual.
NIOS-60045 Critical The NIC Usage tab in the System Activity Monitor dashboard on the IB-4030 appliance
displayed the same line graph for both LAN1 and LAN2 ports.
400-0704-207 Rev. D 10/3/2018
NIOS-59953 Critical In a specific configuration, modifying NS groups using CSV import might cause the
appliance to reboot.
NIOS-59875 Critical This release adds the Prefer LAN1 when available option when port redundancy is
enabled in configuration that uses the LAN1 as the primary source.
NIOS-59828 Critical After adding an external DNS view, zone transfers did not function properly.
NIOS-59827 Critical DNS scavenging might fail when users logged in remotely and executed DNS scavenging
manually.
NIOS-59796 Critical Query logging for Network Insight caused some performance issues.
NIOS-59676 Critical The Reporting Search tab did not populate data under the “What to Search” and
“Data Summary” sections.
NIOS-59333 Critical login_denied messages were displayed instead of login_allowed messages for the
SPLUNK-REPORTING-ADMIN group after an upgrade.
NIOS-59153 Critical During an upgrade, DHCP ranges did not inherit properties from the network.
NIOS-59013 Critical RFC1918 and 127.0.0.0/8 were removed from the base.rpz.infoblox.local feed and
moved to the bogon.rpz.infoblox.local zone.
NIOS-58960 Critical Under certain circumstances, some networks might experience behavioral changes due
to DDNS issues.
NIOS-58925 Critical In a situation to address timing issue for a DHCP failover association, DHCP clients
were unable to get leases even when the secondary peer was in the partner-down
state.
NIOS-58885 Critical Under certain circumstances, DHCP service was affected due to DHCP failover issues
during service restarts.
NIOS-58120 Critical The match-recursive-only option was reset to the default value when DNS service was
restarted.
NIOS-57809 Critical AD authentication did not work properly when users tried to log in to the appliance
using SSH.
NIOS-56196 Critical Under specific circumstances, the NTP service was not synchronized correctly, causing
service outage.
ID Severity Summary
NIOS-61703 Major Under certain circumstances, the reporting cluster and Network Insight appliances
failed to come online until manually rebooted.
NIOS-61677 Major The swap usage on a reporting server exceeded the threshold value after an upgrade.
NIOS-61575 Major Under specific circumstances, the IB-4030 appliance unexpectedly went offline.
NIOS-61518 Major The appliance logged a “bulk host” failure error even when bulk hosts were resolved
successfully.
NIOS-61506 Major Upgrade test unexpectedly failed after distribution was completed successfully.
400-0704-207 Rev. D 10/3/2018
NIOS-61461 Major Addressed the following OpenSSL vulnerabilities:
CVE-2016-6306: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before
1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read)
via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVE-2016-6304: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2

before 1.0.2i, and 1.1.0 before 1.1.0a allowed remote attackers to cause a denial of
service (memory consumption) via large OCSP Status Request extensions.
NIOS-61383 Major Under certain circumstances, a vNIOS virtual member was disconnected from the Grid.
NIOS-61350 Major The syslog recorded excessive messages related to an error about applying Infoblox
reporting application configuration files to all peers.
NIOS-61263 Major When the database is big and the system was busy, it took longer than expected for
the passive node of an HA pair to synchronize data with the active node when the
appliance became a Grid Master Candidate.
NIOS-61260 Major Under specific circumstances, DNS timeouts might occur after an upgrade.
NIOS-61256 Major The Microsoft managing member experienced high database utilization due to pending
synchronization jobs.
NIOS-61243 Major The appliance denied a DHCP lease to the checkpoint firewall MAC address and sent a
NIOS-61188 DHCPDISCOVER message indicating that the lease was issued to the secondary peer.
NIOS-61167 Major The DNS service failed to start due to an unexpected syntax error in the named.conf
file.
NIOS-61145 Major The appliance experienced slow performance when migrating DNS data using DIW
(Data Import Wizard) and AXFR.
NIOS-61047 Major Network Insight: The appliance returned an error when users tried to drill down to the
Interfaces tab of a discovered device.
NIOS-61041 Major Under special circumstances, DNSSEC validation might fail.
NIOS-60920 Major The RPZ Recent Hits tab did not display any data.
NIOS-60906 Major The Smart folder filter was unable to filter data based on a custom filter name.
NIOS-60891 Major vDiscovery stopped working for OpenStack.
NIOS-60880 Major CSV Import: The appliance returned an error while overriding the existing host address
and modifying the new host address.
NIOS-60828 Major The appliance logged the LDAP server failure traps even though the user
authentication was successful.
NIOS-60724 Major AD authentication did not work properly when users tried to log in to the appliance
using SSH.
CVE-2016-5696: The net/ipv4/tcp_input.c in the Linux kernel before 4.7 did not
properly determine the rate of challenge ACK segments, which made it easier for
man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.
400-0704-207 Rev. D 10/3/2018
NIOS-60661 Major Reporting: The reporting service encountered some lookup issues and did not function
properly.
NIOS-60599 Major Under certain circumstances, the Grid member displayed the “DNS acceleration usage
high” status.
NIOS-60533 Major On rare occasions, the appliance experienced DHCP failure after establishing GSS-TSIG
security context.
NIOS-60515 Major Unable to modify false records associated with the IP address in the External View.
NIOS-60458 Major Unable to restore database if the CNAME record and the LBDN record shared the same
FQDN.
NIOS-60437 Major Under certain circumstances, Grid Master experienced an unexpected HA failover.
NIOS-60429 Major This release disables all ArcFour ciphers used by the SSH service in NIOS.
NIOS-60383 Major Under certain circumstances, the DHCP Lease History report did not show the status
for fixed address.
NIOS-60367 Major Under certain circumstances, Discovery diagnostics did not work on a Network Insight
member.
NIOS-60366 Major Grid Manager might not respond or experience a delay while loading the Action icon in
the IPAM tab.
NIOS-60353 Major Unable to configure DHCP expert mode in NIOS 7.2.0 and NIOS 7.3. 0.
NIOS-60327 Major When Infoblox DDI for AWS was integrated with AWS Route 53 DNS service, task errors
were not logged to the syslog.
NIOS-60287 Major The "EARLY DROP TCP query multiple questions" rule dropped DNS packets from the
specific TCP port when there were multiple questions being queried at same time.
NIOS-60280 Major The number of RPZ zones per DNS view in a Grid should have been limited to 32.
NIOS-60216 Major A CSV import triggered high CPU utilization, causing DNS service interruption.
NIOS-60213 Major WAPI: Fingerprint was missing in lease objects.
NIOS-60199 Major For IB-4030-10GE appliances, IPv6 OSPFv3 router priority should have been set to 0.
NIOS-60183 Major Under certain upgrade scenarios, the bloxTools member might experience high
memory utilization.
NIOS-60178 Major Unable to convert an unmanaged device that was discovered through vDiscovery to A
or PTR record.
NIOS-60162 Major Upgraded the NTP version to address a few NTP vulnerabilities.
NIOS-57974
NIOS-60159 Major Unable to parse option 82 (remote ID and circuit ID) values through option filters.
NIOS-60126 Major AD authentication did not work properly when users tried to log in to the appliance
using SSH.
NIOS-60060 Major When an endpoint was un-quarantined from the Cisco ISE portal, Cisco ISE sent a
session notification that contained a "\" in the username, causing an error on the Grid
Master.
400-0704-207 Rev. D 10/3/2018
NIOS-60048 Major WAPI: The RESTART_IF_NEEDED option restarted all services on all Grid members.
NIOS-60023 Major A Grid Manager session did not timeout when the traffic capture window was active.
NIOS-59997 Major Network Insight: Discovered HSRP addresses were not displayed in Grid Manager.
NIOS-59970 Major Under certain circumstances, the dhcpd process caused high swap memory utilization.
NIOS-59968 Major Under certain circumstances, HA members experience DNS outage after an upgrade.
NIOS-59953 Major During a scheduled upgrade, some Grid members were upgraded before their
scheduled upgrade time.
NIOS-59952 Major Grid Manager displayed an error while saving a DHCP range template.
NIOS-59945 Major The appliance returned an error when users tried to access a Grid member through
the remote console using SSH.
NIOS-59935 Major Unable to upgrade from a pre-released NIOS version.
NIOS-59489 Major Device discovery failed and displayed that SNMP polling was disabled on the group
settings, even though it was enabled globally and polling was disabled at the Grid
level, but enabled at the network level.
NIOS-59913 Major After adding a bulk host, the primary server restarted the DNS service automatically,
but the secondary server was not affected.
NIOS-59902 Major Underscore zones inherited the SOA MNAME settings from the Grid member, instead of
the parent zone.
NIOS-59885 Major Under certain circumstances, the Grid Master failed over and the Grid members were
offline after an upgrade.
NIOS-59839 Major Reporting: A scheduled weekly task for exporting search results started a day after
the scheduled time.
NIOS-59830 Major Certain audit log data that was logged in the aduit.log file was not displayed in Grid
Manager.
NIOS-59820 Major When “Ignore client identifier” was selected, DHCP considered lease requests from
the same MAC, either with or without client identifier and different client identifiers
as identical requests.
NIOS-59810 Major The TE-1410 appliance rebooted due to high swap usage.
NIOS-59760 Major DNS integrity check ran on any member when the member's database had zones with
DNS integrity check enabled.
NIOS-59759 Major In certain NIOS releases, DHCP clients were unable to renew a lease when the Client
UID changed even though “Ignore client identifier” was enabled.
NIOS-59750 Major HTTP file distribution was not getting replicated in Grid members when users were
uploading files from the Grid Master.
NIOS-59688 Major Customer experienced discrepancies in Grid Manager after an unexpected HA Grid
Master failover.
NIOS-59680 Major This release allows users to disable SSLv3 usage during reporting (splunk) data
transmission.
400-0704-207 Rev. D 10/3/2018
NIOS-59667 Major Expired/free leases were showing as “Active” state. In this release, these leases are
displayed as “Free” and DHCP expire messages are logged in the syslog.
NIOS-59558 Major Grid Manager was enforcing “named” to listen for DNS traffic on the interface that
was used to send upstream queries.
NIOS-59548 Major Each time any Grid object was deleted, the “version_deleted_object” was
incremented but these objects were not purged.
NIOS-59543 Major Under specific circumstances, the OSPF service restarted before the DNS service,
causing DNS query failures.
NIOS-59538 Major Remote (RADIUS) users with assigned local groups could log in to the appliance via
Grid Manager, but were unable to login via SSH.
NIOS-59449 Major After the first DHCP renewal, two different lease times were acknowledged by
different DHCP failover peers.
NIOS-59445 Major Under certain circumstances, an IPv6 lease scavenging was not working as expected.
NIOS-59444
NIOS-59427 Major Users suspected multiple open SSL vulnerabilities, but NIOS is not vulnerable to any of
those vulnerabilities.
NIOS-59421 Major Under certain circumstances, some scheduled searches did not return any data even
though the same report generated chart data.
NIOS-59406 Major The “set recursion_cache_size” command on an IB-1410 appliance allowed increasing
the cache size to only 512 MB, even though the physical memory was set to 8 GB.
NIOS-59403 Major Under certain circumstances, a PT-1400 appliance got in to a reboot recovery loop
during its first start up.
NIOS-59373 Major The TXID messages increased in the customer's external monitoring tool after an
upgrade.
NIOS-59357 Major DNS service took 3-5 seconds to function on an IB/VM 1400 appliance because named
required 3-5 seconds to restart on an appliance with factory default settings.
NIOS-59349 Major Some of the interface information was missing with Cisco ASR VRF-aware routers.
NIOS-59330 Major PAPI: Infoblox::DHCP::Range->network() returned only “/” when there were two
scopes in the same network.
NIOS-59300 Major On rare occasions, one of the Grid members was losing connectivity from the Grid
Master from time to time.
NIOS-59296 Major An IB-4030 appliance stopped working and rebooted automatically after a DNS
acceleration cache alarm was triggered.
NIOS-59276 Major OSPF was advertised through the LAN Interface even though VIP VLAN interface was
NIOS-59268 configured as the OSPF advertising interface.
NIOS-59270 Major Users observed high CPU utilization on one of the Grid Members synchronizing with the
Microsoft server.
NIOS-59177 Major The appliance experienced increased SWAP usage and high CPU resource loads
triggered by the http daemon.
NIOS-59171 Major In an IPv6-only Grid, LAN1, LAN2, MGMT, ANY and queries were not going through the
corresponding sources.
400-0704-207 Rev. D 10/3/2018
NIOS-59122 Major The Audit History tab was not available for some IP addresses in IPAM and the
“TypeError: 'NoneType' object is not iterable” error message was displayed.
NIOS-59082 Major When CSV Import was performed with type=Delete, import was completed successfully
and the host address was removed completely. When the search was performed for
the DNS name, it returned the old host record. Delete operation was restricted to
read-only objects such as host addresses.
NIOS-59077 Major When a zone was set to pre-publish, it was signed with two keys during the 15-day
grace period after the ZSK rollover.
NIOS-59029 Major Unable to deploy Infoblox instances (GUI and API access) in OpenStack/KVM networks
with DHCP enabled in the OpenStack network.
NIOS-59014 Major Under certain circumstances, MS Synchronization with the Grid failed.
NIOS-59011 Major Grid Master restarted automatically each time the user performed a CSV Import with
action “REPLACE”.
NIOS-58984 Major IPAM utilization threshold trigger value set at the Grid level was not showing the right
color for network utilization.
NIOS-58979 Major Unable to remove a name server from a name server group under certain
circumstances.
NIOS-58974 Major When performing a network discovery using an incorrect network view, excessive
database transactions might occur.
NIOS-58964 Major The passive node of an HA Grid Master looped in the synchronizing state.
NIOS-58934 Major Unable to filter unmanaged devices using filters in the Data Management -> Devices
tab.
NIOS-58913 Major In specific circumstances, users were unable to manage Microsoft synchronized zones
from the Microsoft servers.
NIOS-58900 Major Unable to synchronize Microsoft servers with the appliance on some occasions.
NIOS-58899 Major The BGPD service was terminated whenever the DNS service restarted or was
NIOS-58397 terminated, causing routing flaps.
NIOS-58892 Major Idle timeout did not take effect in Grid Manager, causing some active UI users to stay
in this state for a few days.
NIOS-58878 Major When using the CLI command for delete dhcp_ddns_updates to remove DDNS
updates, the SSH session or the serial console was unexpectedly logged out.
NIOS-58876 Major The IPv6 address for the I.root-servers.net service has been changed from
2001:500:3:42 to 2001:500:9f:42.
NIOS-58858 Major In a specific configuration, the appliance experienced some DNS query issues after a
number of client rebooted at the same time.
NIOS-58856 Major DHCP option inheritance from parent network containers did not function
consistently.
NIOS-58831 Major The DNS configuration file was empty after an upgrade due to a buffer issue.
NIOS-58781 Major The counts for DDNS updates in the timeout statistics were inconsistent
400-0704-207 Rev. D 10/3/2018
NIOS-58643 Major Under certain circumstances, Grid Manager might experience slow performance due to
heavy database operations.
NIOS-58596 Major On rare occasions, some DNS records were missing from the Microsoft managed DNS
zones.
NIOS-58578 Major Unable to import host addresses through a CSV import if more than one host was
returned.
NIOS-58577 Major Users might experience inheritance issues when using DHCP custom option spaces.
NIOS-58567 Major Under certain circumstances, changing the interface IP address could cause a DNS
failure.
NIOS-58566 Major An authenticated AD user might encounter an error when trying to change the TTL of
a DNS A record.
NIOS-58554 Major The password for the RPC connection to domain controller was logged in clear text in
the audit log.
NIOS-58549 Major The appliance inadvertently returned some internal errors.
NIOS-58548 Major The appliance used the DES method instead of SHA-512 for hashed passwords.
NIOS-58545 Major The appliance accepted community strings that might cause handling issues.
NIOS-58525 Major Network Insight: Unable to add a seed device that had the same name as an existing
seed device in a different network view, which should be allowed.
NIOS-58501 Major Users experienced some inconsistent extensible attributes inheritance issues.
NIOS-58462 Major In the Net Map view for a network container, Grid Manager logged out when users
tried to navigate to other places in the view.
NIOS-58354 Major It took longer than expected to load and display sub zone properties in Grid Manager.
NIOS-58326 Major Under certain circumstances, DDNS updates using a TSIG key were denied.
NIOS-58312 Major In certain configurations, users were unable to add resource records to the associated
networks or zones.
NIOS-58244 Major Unable to sort by the “Status” column in the Network Users -> User History tab.
NIOS-58224 Major Unable to change the scheduled upgrade time for an upgrade group if the original
upgrade time has passed.
NIOS-58196 Major Received “SERVFAIL” responses while querying PTR records in a zone that contained
stale delegated NS records.
NIOS-58137 Major Unable to navigate to the Reporting tab on an IB-VM-820 Grid Master.
NIOS-58126 Major Unable to join networks from different network views.
NIOS-58112 Major Unable to delete a TXT record on a signed zone where the data in the TXT record
contains two consecutive backslashes (\\).
NIOS-58027 Major It took longer than expected and a high CPU usage to remove a Microsoft
synchronization definition.
NIOS-58025 Major Unable to create custom extensible attributes on Cloud Platform members.
400-0704-207 Rev. D 10/3/2018
NIOS-58007 Major The zone integrity check did not occur according to the configured frequency.
NIOS-57991 Major Extensible attributes were not visible in Grid Manger after a CSV import using
“ptrrecord.”
NIOS-57977 Major Unable to join an appliance that was pre-configured as an HA Grid Master using VLAN
tagging.
NIOS-57934 Major When changing the inheritance in the “allow queries from” and “allow recursion”
settings under “queries” at the member level, DNS views appeared in the 'selected'
section instead of the 'available' section.
NIOS-57879 Major Unable to remove the glue A record from the DNS zone served by a name server that
belonged to a NS group.
NIOS-57744 Major Reporting: In the Grid Reporting Properties editor, the percentage for unused
categories was listed as 100%, which could skew the calculation for the total used
percentage.
NIOS-57736 Major The Grid Master used the LAN1 interface instead of the VIP address to communicate
with the HSM appliance.
NIOS-57688 Major Under certain circumstances, the IB-4010 Grid Master experienced an unexpected HA
failover.
NIOS-57462 Major In a specific Microsoft Management configuration, removing all synchronized
unmanaged networks also removed other networks created in NIOS for the network
container.
NIOS-57124 Major PAPI: It took longer than expected to get an authentication policy using the
Infoblox::Grid::Admin::AuthPolicy object when there was a large number of
groups involved.
NOS-56931 Major When a stealth external name server was added to the name server group, the serial
number increments happened only on the secondary servers.
NIOS-56366 Major This release adds CLI commands for SSL/TLS settings to support TLS 1.2
NIOS-53291
NIOS-52666 Major The appliance did not return the expected value when filtering using IPv4 options that
contained the “Option 82 Exists” rule.
NIOS-52004 Major When uploading DNS query and response capture files to an SCP server and the
connection between the Grid and the SCP server was not stable or if the server was
not functional, the appliance might experience a disk full issue.
NIOS-51365 Major When a reporting indexer was offline and then rejoined the Grid, it lost its indexer
role and ran as a forwarder, causing reporting issues.
NIOS-12775 Major The appliance experienced memory issues when DHCP was running through the OMAPI
channel.
NIOS-61715 Minor A “failed LCD” warning was sent to the ND-800 appliance that did not have a LCD.
NIOS-61546 Minor The DHCPv4 Usage Statistics report displayed DHCPv4 utilization that was less than
the actual utilization.
NIOS-61502 Minor A custom report for top devices identified did not work properly after an upgrade.
NIOS-61299 Minor There was a typo in the vDiscovery Job wizard tooltip.
400-0704-207 Rev. D 10/3/2018
NIOS-61292 Minor WAPI: the MAC field in the fixedaddresss object did not support case-sensitive search.
NIOS-60983 Minor Updated the filter attributes for the DHCP MAC Address objects in the Infoblox API
Documentation.
NIOS-60693 Minor The appliance failed to do DNS scavenging for underscore zones.
NIOS-60675 Minor The appliance failed to display some of the time zone correctly.
NIOS-60630 Minor After executing the show dns cache and show dns cache_size CLI Commands,
the IB-4030 appliance returned an error.
NIOS-60551 Minor The appliance displayed the “Loading” message when navigating to the next page of
the RPZ entries.
NIOS-60524 Minor Under certain circumstances, the Toggle flat view option displayed all the subnets
from all network views.
NIOS-60423 Minor Unable to add Grid members to the Grid using Elastic Scaling, if the Grid Master has a
NAT IP address.
NIOS-60277 Minor After upgrading from NIOS 6.10.201 to NIOS 7.2.10, there was a delay while loading
certain zones which have large number of records.
NIOS-60181 Minor Grid Manager displayed an error when user re-enabled DNS by selecting “Enable in
DNS" check box in the Host editor, while converting lease to host in the IPAM list
viewer.
NIOS-60096 Minor Inconsistency in the IPv6 network name When user created and modified an IPv6
network through the PAPI.
NIOS-59943 Minor Unable to add a bulk host if the bulk host name conflicted with an existing host alias.
NIOS-59928 Minor This release changes a warning message about DNS scavenging to clarify the message.
NIOS-59892 Minor In certain configurations, an external management system rejected incoming SNMPv3
traps sent by the Infoblox Grid.
NIOS-59732 Minor A new error message has been added to indicate that DNS Scavenging cannot be
performed for underscore zones.
NIOS-59679 Minor In NIOS 7.3.4 and prior versions, the traffic.cap file was not stored in the root of
tcpdumpLog.tar.gz, but saved under \storage\tmp when it was extracted.
NIOS-59675 Minor The named_cache file when collected in the support bundle was being truncated if
the recursive cache was full.
NIOS-59662 Minor DNS Scavenging reclaimable objects were not displayed in Smart Folders.
NIOS-59567 Minor When the “$” character was used to search the “network” fields for objects such as
network, networkcontainer, ipv6network, ipv6networkcontainer, fixedaddress,
ipv6fixedaddress and range objects, the regex did not work and returned error or
incorrect results.
NIOS-59513 Minor Login was denied when the user was authenticated against Active Directory and
belonged to a group that contained multiple instances of double backslashes.
NIOS-58945 Minor In the syslog, certain messages related to reporting events were not clear.
400-0704-207 Rev. D 10/3/2018
NIOS-58377 Minor A newly added bookmark did not appear in the Bookmarks tab and users were unable
to re-add the bookmark.
NIOS-58362 Minor Unable to synchronize bloxTools data in a specific bloxTools environment, causing a
manual backup failure.
NIOS-58133 Minor The summary index for DNS tunneling contains all Advanced DNS Protection events,
instead of only events related to DNS tunneling.
NIOS-58104 Minor The Infoblox NIOS Administrator Guide did not cover the file name convention for
reporting backups.
NIOS-57995 Minor When configuring an external primary or secondary DNS server in either a zone or
name server group, users could enter invalid characters when using a TSIG key,
causing a DNS configuration syntax error.
NIOS-57722 Minor Changed the “None” option to “Any” for the "Allow queries from" option in the
Grid/Member DNS Query ACL section to improve usability.
NIOS-57637 Minor Updated the Infoblox NIOS Administrator Guide to clarify the password history
information.
NIOS-57582 Minor The appliance sent SNMP traps to clear OSPF and OSPFv6 issues, but did not send
SNMP traps for the issues themselves.
NIOS-56936 Minor Grid Manager now does not display the Infoblox Community dashboard.
NIOS-56329 Minor This release removes irrelevant logging in the audit log.
NIOS-52207 Minor The installation guide did not include the heat output or input current for the Infoblox
800 Series appliances.
NIOS-61098 Enhance Users can now use a CLI command to disable the feature that allows them to send
requests to Infoblox Technical Support.
NIOS-59435 Enhance Syslog messages were missing for a dual-stack Pool of DTC health monitors.
NIOS-58083 Enhance This release adds a check box to the Data Collector VM editor for enabling registration
requests.
NIOS-56267 Enhance This release improves usability so users do not disable remote access permanently by
mistake.
Severity Levels
Severity Description
Critical Core network services are significantly impacted.
Major Network services are impacted, but there is an available workaround.
Moderate Some loss of secondary services or configuration abilities.
Minor Minor functional or UI issue.
Enhance An enhancement to the product.
400-0704-207 Rev. D 10/3/2018
KNOWN GENERAL ISSUES
ID Summary
NFV2-49 You might encounter an error when you enable NIC bonding using a 1G NIC in an OpenStack
environment.
Workaround: Use a 10G NIC instead of 1G.
NIOS-66767 If you convert a node from an HA mode to a standalone mode, the DHCP and DNS services that
are already running will fail.
Workaround: Stop and restart the DHCP and the DNS services in the NIOS GUI.
NIOS-66403 After a reboot or a product restart, the “named” DNS process might not listen on the MGMT IPv6
address on an OpenStack-based virtual appliance with an SRIOV interface.
Workaround: Restart the DNS process after a reboot or a product restart.
NIOS-64767 You might not be able to reach the Grid Master deployed in AWS through the MGMT interface.
This could happen if you set up Grid communications using the MGMT and LAN1 ports on the Grid
Master before joining the AWS member.
NIOS-64534 DTC: If you configure an SNMP health monitor that does not contain any OIDs for dynamic ratio
load balancing, the DTC service might restart.
Workaround: Include at least one OID when you configure an SNMP health monitor.
NIOS-62852 Threat Protection: Using PAPI scripts to upload an updated ruleset might result in a “Read
Timeout” error. The upload will eventually succeed.
NIOS-62829 Threat Protection: It might take longer than expected for the appliance to download and apply
an updated ruleset due to memory usage exceeding the threshold. The upload will eventually
succeed.
NIOS-62690 Scheduled and manual backup to an SCP server using a complete path might fail if the user
account does not have a home directory.
Workaround: Create a home directory for the user under /home.
NIOS-62159 Reporting: When you perform a scheduled full upgrade from a NIOS release earlier than 7.3.0 to
NIOS 8.0.0 and later, reporting data from Grid members that have not been upgraded is not
forwarded to the Reporting server that has already been upgraded due to security changes in SSL
related to CVE-2014-3566 (POODLE).
Workaround: Upgrade all Grid members to NIOS 7.3.0 or later before upgrading them to NIOS
8.0.0 and later.
NIOS-61798 RESTful API Outbound Notifications: The filename downloaded for a RESTful API template might
have an unrecognizable template name if you do any of the following:
• Use UTF-8 characters to name the template.
• Download the template from NIOS.
• Use Firefox 47 or any browsers that do not support UTF-8 filename download.
NIOS-61781 In cases where NAT is disabled but NAT groups still have a value, NIOS reporting forwarders may
try to talk to indexers using an incorrect address. To prevent this, ensure that NAT group settings
are cleared or empty when NAT is disabled.
NIOS-61756 Advanced DNS Protection: It might take longer than expected to download ruleset updates, but
there is no functional impact. You will get a message indicating that the appliance continues to
process changes that you make in the background while downloading the ruleset updates.
400-0704-207 Rev. D 10/3/2018
NIOS-61603 Currently, the Infoblox appliances ship with auto-provisioning enabled by default. During initial
setup, the default IP address of 192.168.1.2 as documented in the Infoblox NIOS Administrator
Guide and Installation Guides will not be assigned.
Workaround: Manually set the IP address through the serial console using the set network CLI
command to re-configure the default IP address to 192.168.1.2 (or any valid IP address) and
netmask to 255.255.255.0.
NIOS-61721 REST API Outbound Notifications: If you configure the Grid Master Candidate as the outbound
member, ensure that you review its capacity before promoting it to the Grid Master because
after the promotion, the newly promoted Grid Master continues to handle all outbound related
activities, including those being handled by the old Grid Master.
NIOS-61714 Temporary licenses: When you have temporary licenses for Security, Threat Analytics, Threat
Protection and RPZ installed on your appliance and the Security license expires, all other
security related functionality stops working. However, Grid Manager might still display an “OK”
status for these services in their corresponding dashboards.
Workaround: Obtain permanent licenses to continue using these features.
NIOS-61681 If you set up your Grid to use Infoblox Threat Insight but have not enabled automatic updates for
Threat Analytics module sets, your upgrade will fail.
Workaround: Manually upload the latest module set to your Grid or enable automatic updates
before upgrading.
NIOS-61651 vNIOS for AWS and Azure: If you configure the LAN1 and MGMT interfaces using IPv6 parameters,
you might not be able to re-join the vNIOS member to the Grid when it reboots.
Workaround: Avoid using IPv6 parameters when configuring the LAN1 and MGMT interfaces for
the vNIOS member.
NIOS-61565 Object Change Tracking: In situations that involve a large database, performing a full
synchronization from the Grid Master Candidate while the previous file is still being synchronized
to the Grid Master might cause the deletion of the original synchronization file.
Workaround: Do not perform a full synchronization from the Grid Master Candidate until the file
from the previous synchronization is fully synchronized to the Grid Master.
NIOS-61563 Reporting and Analytics: In a Reporting Clustering configuration, the status of the cluster master
might return a service failure error after an upgrade.
Workaround: Restart the cluster master.
NIOS-61562 Reporting and Analytics: The Destination Path is an optional field in a single-site cluster,
which might cause a second reporting indexer to go offline and not being upgraded.
Workaround: Ensure that you enter a value for the Destination Path field.
NIOS-61042 Reporting and Analytics: When joining a reporting member to a Grid, the Reporting service icon
might not appear in the Grid -> Grid Manager tab of Grid Manager.
Workaround: In Grid Manager, go to the Administration -> Reporting tab to start the reporting
service. The Reporting service icon will appear in the Grid Manager tab.
NIOS-60959 No outbound events are recorded when you remove a parent object using an outbound template.
NIOS-54840 Some of the cloud related features might still be functional even after you have removed a
temporary Cloud license from your Grid, regardless of whether the license is valid or has expired.
For example, you might not be able to remove cloud extensible attributes because they remain
as Read-only attributes.
Workaround: Install a permanent Cloud license on the Grid, wait at least five minutes, and then
delete the permanent license from the appliance. Wait another five minutes and verify that all
cloud extensible attributes are no long Read-only.
400-0704-207 Rev. D 10/3/2018
N/A Infoblox has upgraded the software for our user community (community.infoblox.com), which
will offer users enhanced features and a more robust experience. This new community software
however, is not compatible with our community dashboard widget. As a result, the functionality
of the Community Dashboard widget is inconsistent. The Community Dashboard widget will
subsequently be removed in the next NIOS maintenance release.
NIOS-58190 Reporting and Analytics: The reporting service does not support non-ASCII characters in the
names of admin groups and admin users.
NIOS-57930 Reporting and Analytics: Object permissions for certain system searches are not migrated after
an upgrade.
Workaround: Superusers can fix these permissions for limited-access users when necessary.
NIOS-57850 Reporting and Analytics: Custom logos in report PDFs might not appear properly if the logo is in
JPEG format.
Workaround: Use logos that are in PNG format.
NIOS-56982 Reporting and Analytics: Unable to copy or bookmark a page using the “Link to Job” option in
the Job Settings dialog in the Splunk -> Reports page.
NIOS-55312 An RPZ rule that was deleted and then added to an RPZ feed again might not take effect
immediately. This delay is mandated by the effective DNS cache setting and might cause some
traffic to go through before the RPZ rule takes effect.
Workaround: To ensure that the RPZ rule takes effect immediately, clear the DNS cache before
adding the rule.
BEAU-443 Cloud Network Automation: In a scenario when you define extensible attributes that have the
exact same name (such as Tenant ID) as the mandatory cloud extensible attribute before you
install a cloud license in the Grid, the mandatory cloud extensible attribute creation will fail
when you install the cloud license.
Workaround:
1. Uninstalled the cloud license.
2. Delete the extensible attributes that have the same name as the mandatory cloud
extensible attributes.
3. Install the cloud license again.
ISE-249 Cisco ISE: Unable to create a network active user if the user is configured with Cisco ISE server
using the standby server address.
NETMRI- Network Insight: When adding seed routers through PAPI scripts, ensure that you specify the
26525 network view with which the seed router associates. Otherwise, the seed router object will be
created without a network view association.
400-0704-207 Rev. D 10/3/2018

NIOS 8.2.7 ReleaseNotes Rev.D

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

NIOS 8.2.7 ReleaseNotes Rev.D

Caricato da

Copyright:

Formati disponibili

NIOS 8.2.

SUPPORTED PLATFORMS .......................................................................................................... 3

CHANGES TO DEFAULT BEHAVIOR ............................................................................................ 18

CHANGES TO Infoblox API and RESTful API (WAPI) ........................................................................ 19

UPGRADE GUIDELINES ........................................................................................................... 25

BEFORE YOU INSTALL ............................................................................................................ 26

ACCESSING GRID MANAGER ..................................................................................................... 28

ADDRESSED VULNERABILITIES .................................................................................................. 28

RESOLVED ISSUES ................................................................................................................. 33

Fixed in NIOS 8.2.1 ........................................................................................................... 41

KNOWN GENERAL ISSUES ........................................................................................................ 68

Please note the following:

Infoblox NIOS 8.2.x is supported on the following platforms:

NOTE: TE appliances are also known as the IB appliances.

Virtual vNIOS Appliances

• vNIOS for VMware on ESX/ESXi Servers

• vNIOS for Xen Hypervisor

• vNIOS for KVM Hypervisor

• vNIOS for AWS (Amazon Web Services)

• vNIOS for Azure

IB-VM-100 55 1 1 1300 MHz      No

IB-VM-800 300 2 Range: 3000 MHZ 3   1  No

IB-VM-800 300 2 Range: 3000 MHZ 3     No

IB-V805 ** 250 (+ user 2 32 2800 MHz    4  No

IB-VM-810 55 2 2 2000 MHz      No

IB-VM-810 160 2 2 2000 MHz      No

IB-V815 ** 250 2 16 1100 MHz    4  Yes

IB-VM-820 55 2 4 3000 MHz      Yes2

IB-VM-820 160 2 4 3000 MHz      Yes2

IB-V825 ** 250 2 16 1600 MHz    4  Yes2

IB-VM-1400 555 4 Default: 8000 MHz 3     No

IB-V1405 ** 250 (+ user 4 32 3600 MHz    4  No

IB-VM-1410 55 4 8 GB 6000 MHz      No

IB-VM-1410 160 4 8 6000 MHz      Yes2

IB-V1415 ** 250 4 32 1200 MHz    4  Yes

IB-VM-1420 160 4 8 8000 MHz      Yes2

IB-V1425 ** 250 4 32 1800 MHz    4  Yes

IB-V2205 ** 250 (+ user 8 64 2100 MHz    4  No

IB-VM-2210 160 4 12 1200 MHz      Yes2

IB-V2215 ** 250 8 64 2100 MHz    4  Yes

IB-VM-2220 160 4 12 1200 MHz      Yes2

IB-V2225 ** 250 8 64 2100 MHz    4  Yes

IB-V4005 250 8 24 2400 MHz      No

IB-V4015 ** 250 14 128 N/A    4  Yes

IB-V4025 ** 250 14 128 N/A    4  Yes

IB-V5005 ** User User User N/A      No

ND-V800 160 2 8 3000 MHz 3     No

ND-V805 ** 250 2 32 2800 MHz    4  No

ND-V1400 160 4 16 8000 MHz 3     No

ND-V1405 ** 250 4 32 3600 MHz    4  No

ND-V2200 160 8 24 24000 MHz 3     No

ND-V2205 ** 250 8 32 2100 MHz    4  No

ND-V4005 ** 250 14 128 N/A    4  No

CP-V800 160 2 2 2000 MHz      No

CP-V1400 160 4 8 6000 MHz      No

CP-V2200 160 4 12 1200 MHz      No

This section lists new features in the 8.x releases.

VLAN Tagging for IB-FLEX

Cloud Certificates Management (RFE-8048)

Support for Mixed-Mode Interface Type for IB-FLEX (RFE-8007)

Software-based DNS Cache Acceleration (vDCA) with Capacity Licensing (FLEX)

Licensing for IB-FLEX

RPZs for Blacklisted Domains (RFE-7158)

DNSMessenger Module Support for Threat Insight