NIOS 8.3.8 ReleaseNotes F

NIOS 7.3.
18 Release Notes
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
INTRODUCTION ................................................................................................................... 2
SUPPORTED PLATFORMS ........................................................................................................ 2
NEW FEATURES ................................................................................................................... 7

NIOS 8.3.8 ...................................................................................................................... 7
NIOS 8.3.7 ...................................................................................................................... 8
NIOS 8.3.6 ...................................................................................................................... 8
NIOS 8.3.4 ...................................................................................................................... 8
NIOS 8.3.2 ...................................................................................................................... 9
NIOS 8.3.0 .................................................................................................................... 10
CHANGES TO DEFAULT BEHAVIOR .......................................................................................... 15

NIOS 8.3.x .................................................................................................................... 15
NIOS 8.2.x .................................................................................................................... 15
NIOS 8.0.0 .................................................................................................................... 15
CHANGES to Infoblox API and RESTful API (WAPI) ....................................................................... 16
UPGRADE GUIDELINES ......................................................................................................... 18
BEFORE YOU INSTALL ......................................................................................................... 19
ACCESSING GRID MANAGER ................................................................................................... 20
ADDRESSED VULNERABILITIES................................................................................................ 20
RESOLVED ISSUES............................................................................................................... 26
Fixed in NIOS 8.3.8 ......................................................................................................... 26
Fixed in NIOS 8.3.7 ......................................................................................................... 27
Fixed in NIOS 8.3.6 ......................................................................................................... 31
Fixed in NIOS 8.3.5 ......................................................................................................... 34
Fixed in NIOS 8.3.4 ......................................................................................................... 34
Fixed in NIOS 8.3.3 ......................................................................................................... 35
Fixed in NIOS 8.3.2 ......................................................................................................... 37
Fixed in NIOS 8.3.1 ......................................................................................................... 38
Fixed in NIOS 8.3.0 ......................................................................................................... 40
Severity Levels .............................................................................................................. 52
KNOWN GENERAL ISSUES ..................................................................................................... 52
© 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 1 of 53
400-0720-007 Rev. F 1/13/2021
NIOS 7.3.18 Release Notes
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
INTRODUCTION
Infoblox NIOSÔ 8.3.x software, coupled with Infoblox appliance platforms, enables customers to deploy large,
robust, manageable and cost-effective Infoblox Grids. This next-generation solution enables distributed
delivery of core network services—including DNS, DHCP, IPAM, TFTP, and FTP—with the nonstop availability and
real-time service management required for today’s 24x7 advanced IP networks and applications.
NOTE: NIOS 8.3.x is not supported on the following appliances: IB-250, IB-250-A, IB-500, IB-550, IB-550-A,
IB-1000, IB-1050, IB-1050-A, IB-1550, IB-1550-A, IB-1552, IB-1552-A, IB-1852-A, IB-2000, IB-2000-A,
IB-VM-250, IB-VM-550, IB-VM-1050, IB-VM-1550, IB-VM-1850, IB-VM-2000, and Trinzic Reporting TR-2000 and TR-
2000-A series appliances. You cannot upgrade to NIOS 8.3 on these appliances. See Upgrade Guidelines in this
document for additional upgrade information.
SUPPORTED PLATFORMS
Infoblox NIOS 8.3.x is supported on the following platforms:
NIOS Appliances
- Infoblox Advanced Appliances: PT-1400, PT-1405, PT-2200, PT-2205, PT-2205-10GE, PT-4000, and
PT-4000-10GE
- Network Insight Appliances: ND-800, ND-805, ND-1400, ND-1405, ND-2200, ND-2205, ND-4005, and ND-
4000
- Trinzic Appliances: TE-100, TE-810, TE-815, TE-820, TE-825, TE-1410, TE-1415, TE-1420, TE-1425,
TE-2210, TE-2215, TE-2220, TE-2225, IB-4010, IB-4015, IB-4020, IB-4025, and IB-FLEX virtual platform
NOTE: Infoblox strongly recommends against using the TE-810 and TE-820 appliances as the Grid
Master or Grid Master Candidate.
- Cloud Network Automation: CP-V800, CP-V1400, and CP-V2200
- Trinzic Reporting: TR-800, TR-805, TR-1400, TR-1405, TR-2200, TR-2205, TR-4000, and IB-4005
- DNS Cache Acceleration Appliances: IB-4030 and IB-4030-10GE
- Infoblox Virtual NIOS Appliances for AWS and Microsoft Azure: TE-V820, TE-V825, TE-V1420, TE-V1425,
TE-V2220, TE-V2225, CP-V800, CP-V1400, and CP-V2200.
NOTE: TE appliances are also known as the IB appliances.
Virtual vNIOS Appliances
Infoblox supports the following vNIOS virtual appliances. Note that Infoblox does not support running vNIOS in
any nested VMs or VM-inside-VM configuration.
• vNIOS for VMware on ESX/ESXi Servers

The Infoblox vNIOS on VMware software can run on ESX or ESXi servers that have DAS (Direct Attached
Storage), or iSCSI (Internet Small Computer System Interface) or FC (Fibre Channel) SAN (Storage Area
Network) attached. You can install the vNIOS software package on a host with VMware ESX or ESXi 6.7,
6.5.x, 6.0.x, 5.5.x, 5.1.x, or 5.0.x installed, and then configure it as a virtual appliance.
vSphere vMotion is also supported. You can migrate vNIOS virtual appliances from one ESX or ESXi server to
another without any service outages. The migration preserves the hardware IDs and licenses of the vNIOS
virtual appliances. VMware Tools is automatically installed for each vNIOS virtual appliance. Infoblox
supports the control functions in VMware Tools. For example, through the vSphere client, you can shut
down the virtual appliance.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
You can deploy certain vNIOS virtual appliances with different hard disk capacity. Some vNIOS appliances
are not supported as Grid Masters or Grid Master Candidates. Note that the IB-VM-800 and IB-VM-1400
virtual appliances are designed for reporting purposes. For more information about vNIOS on VMware, refer
to the Infoblox Installation Guide for vNIOS Software on VMware.
• vNIOS for Microsoft Server 2012, 2012 R2, and 2016 Hyper-V
The Infoblox vNIOS virtual appliance is now available for Windows Server 2008 R2 and Windows Server 2012
and 2012 R2 that have DAS (Direct Attached Storage). Administrators can install vNIOS virtual appliance on
Microsoft Windows® servers using either Hyper-V Manager or SCVMM. A Microsoft Powerscript is available
for ease of installation and configuration of the virtual appliance. Note that vNIOS for Hyper-V is not
recommended as a Grid Master or Grid Master Candidate. With this release, you can deploy certain vNIOS
appliances with a 50 GB, 55 GB, or 160 GB hard disk. You can also deploy the IB-VM-800 and IB-VM-1400
virtual appliances as reporting servers. For more information about vNIOS for Hyper-V, refer to the Infoblox
Installation Guide for vNIOS on Microsoft Hyper-V.
Note: All virtual appliances for reporting purposes are supported only for Windows Server 2012 R2.
• vNIOS for Xen Hypervisor

The Infoblox vNIOS for Xen is a virtual appliance designed for Citrix XenServer 6.5 running Xen hypervisor.
You can deploy vNIOS for Xen virtual appliances as the Grid Master, Grid members, or reporting servers
depending on the supported models. Note that the IB-VM-800 virtual appliances are designed for reporting
purposes only. For more information about vNIOS for Xen, refer to the Infoblox Installation Guide for vNIOS
for Xen Hypervisor. For information about vNIOS virtual appliances for reporting, refer to the Infoblox
Installation Guide for vNIOS Reporting Virtual Appliances.
• vNIOS for KVM Hypervisor

The Infoblox vNIOS for KVM is a virtual appliance designed for KVM (Kernel-based Virtual Machine)
hypervisor and KVM-based OpenStack deployments. The Infoblox vNIOS for KVM functions as a hardware
virtual machine guest on the Linux system. It provides core network services and a framework for
integrating all components of the modular Infoblox solution. You can configure some of the supported
vNIOS for KVM appliances as independent or HA (high availability) Grid Masters, Grid Master Candidates,
and Grid members. For information about vNIOS for KVM hypervisor, refer to the Infoblox Installation
Guide for vNIOS for KVM Hypervisor and KVM-based OpenStack.
• vNIOS for AWS (Amazon Web Services)

The Infoblox vNIOS for AWS is a virtual Infoblox appliance designed for operation as an AMI (Amazon
Machine Instance) in Amazon VPCs (Virtual Private Clouds). You can deploy large, robust, manageable and
cost effective Infoblox Grids in your AWS cloud, or extend your existing private Infoblox NIOS Grid to your
virtual private cloud resources in AWS. You can use vNIOS for AWS virtual appliances to provide carrier-
grade DNS and IPAM services across your AWS VPCs. Instead of manually provisioning IP addresses and DNS
name spaces for network devices and interfaces, an Infoblox vNIOS for AWS instance can act as a
standalone Grid appliance to provide DNS services in your Amazon VPC, as a virtual cloud Grid member tied
to an on-premises (non-Cloud) NIOS Grid, or as a Grid Master synchronizing with other AWS-hosted vNIOS
Grid members in your Amazon VPC; and across VPCs or Availability Zones in different Amazon Regions. For
more information about vNIOS for AWS, refer to the Infoblox Installation Guide for vNIOS for AWS.
• vNIOS for Azure

Infoblox vNIOS for Azure is an Infoblox virtual appliance designed for deployments through Microsoft Azure,
a collection of integrated cloud services in the Microsoft Azure. vNIOS for Azure enables you to deploy
robust, manageable, and cost effective Infoblox appliances in Microsoft Azure. Infoblox NIOS provides core
network services and a framework for integrating all the components of the modular Infoblox solution. It
provides integrated, secure, and easy-to-manage DNS (Domain Name System) and IPAM (IP address
management) services. You can deploy one or more Infoblox vNIOS for Azure instances using Microsoft
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
Azure Marketplace and provision them to join the on-premises NIOS Grid. You can then use the vNIOS for
Azure instance as the primary DNS server to provide carrier-grade DNS and IPAM services in Microsoft
Azure. You can also utilize Infoblox Cloud Network Automation with your vNIOS for Azure instances to
streamline with IPAM, improve visibility of your cloud networks, and increase the flexibility of your cloud
environment. For more information about vNIOS for Azure, refer to the Infoblox Installation Guide for
vNIOS for Microsoft Azure.
NOTE: Infoblox NIOS virtual appliances support any hardware that provides the required Hypervisor version,
memory, CPU, and disk resources. To maintain high performance on your NIOS virtual appliances and to avoid
not having enough resources to service all the NIOS virtual appliances, DO NOT oversubscribe physical resources
on the virtualization host. Required memory, CPU, and disk resources must be adequately allocated for each
virtual appliance that is running on the virtualization host. For information about the required specification for
each NIOS virtual appliance model, see the following table.
The following table lists the required memory, CPU, and disk allocation for each supported Infoblox virtual
appliance model:
NIOS Virtual Primary # of Memory Recommended NIOS for NIOS NIOS NIOS NIOS Supported
Appliances Disk (GB) CPU Alloca- CPU Per Core VMware for MS for for for AWS as Grid
Cores tion Clock Rate Hyper Xen KVM & Azure Master and
(GB) -V * Grid Master
Candidate
IB-VM-100 55 1 1 1600 MHz ü ü ü ü û No
IB-VM-800 300 2 Range: 1600 MHZ ü3 ü ü ü1 û No

(Reporting (Primary & 2–8
only; 1 GB Reporting) Default:
daily limit) 8
IB-VM-800 300 2 Range: 1600 MHZ ü3 ü ü û û No

(Reporting (Primary & 4–8
only; 2 GB Reporting) Default:
daily limit) 8
IB-V805 ** 250 (+ user 2 32 2700 MHz ü ü û ü4 û No

(Reporting defined
only) reporting
storage)
IB-VM-810 55 2 2 1200 MHz ü ü ü ü û No
IB-VM-810 160 2 2 1200 MHz ü ü ü û û No
IB-V815 ** 250 2 16 1100 MHz ü ü û ü4 û Yes
IB-VM-820 55 2 4 1600 MHz ü ü ü ü û Yes2
IB-VM-820 160 2 4 1600 MHz ü ü ü û ü Yes2
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
IB-V825 ** 250 2 16 1600 MHz ü ü û ü4 ü Yes2
IB-VM-1400 555 4 Default: 2660 MHz ü3 ü û û û No

(Reporting (Primary & 8
only; 5 GB Reporting)
daily limit)

(Reporting defined
only) reporting
storage)
IB-VM-1410 55 4 8 GB 1600 MHz ü ü ü û û No
IB-VM-1410 160 4 8 1600 MHz ü ü ü û û Yes2
IB-V1415 ** 250 4 32 1200 MHz ü ü û ü4 û Yes
IB-VM-1420 160 4 8 2400 MHz ü ü ü ü ü Yes2
IB-V1425 ** 250 4 32 1800 MHz ü ü û ü4 ü Yes

(Reporting defined
only) reporting
storage)
IB-VM-2210 160 4 12 2000 MHz ü û ü û û Yes2
IB-V2215 ** 250 8 64 2100 MHz ü ü û ü4 û Yes
IB-VM-2220 160 4 12 2400 MHz ü û ü ü ü Yes2
IB-V2225 ** 250 8 64 2100 MHz ü ü û ü4 ü Yes
IB-V4005 250 14 128 2400 MHz ü û û û û No

(Reporting (+ 1500 GB
only) reporting
storage)
IB-V4015 ** 250 14 128 2400 MHz ü ü û ü4 û Yes
IB-V4025 ** 250 14 128 2400 MHz ü ü û ü4 ü Yes
IB-V5005 ** User User User N/A ü ü û ü û No

defined defined defined
reporting
storage
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
Network Overall # of CPU Memory Recommended NIOS for NIOS NIOS NIOS NIOS Supported
Insight Virtual Disk (GB) Cores Alloca- CPU Core Clock VMware for MS for for for AWS as Grid
Appliances tion Rate Hyper Xen KVM & Azure Master and
(GB) -V * Grid Master
Candidate
ND-V800 160 2 8 1600 MHz ü3 ü ü û û No
ND-V805 ** 500 2 32 2700 MHz ü ü û ü4 û No
ND-V1400 160 4 16 2660 MHz ü3 ü ü û û No
ND-V1405 ** 250 4 32 3600 MHz ü ü û ü4 û No
ND-V2200 160 8 24 2400 MHz ü3 û ü û û No
ND-V2205 ** 250 8 32 2100 MHz ü ü û ü4 û No
ND-V4005 ** 250 14 128 2400 MHz ü ü û ü4 û No
Cloud Overall # of Memory Recommended NIOS for NIOS NIOS NIOS Supported
Platform Disk (GB) CPU Alloca- CPU Core Clock VMware for for MS for as Grid
Virtual Cores tion Rate KVM Hyper- Xen Master and
Appliances (GB) V* Grid Master
Candidate
CP-V800 160 2 2 2000 MHz ü ü ü ü No
CP-V1400 160 4 8 6000 MHz ü ü ü ü No
CP-V2200 160 4 12 12000 MHz ü ü ü ü No
NOTE:
* When running NIOS in MS Hyper-V with dynamic memory allocation enabled, your system might experience
high memory usage. To avoid this issue, Infoblox recommends that you disable dynamic memory allocation.
** To achieve best performance on your virtual appliances, follow the recommended specifications and allocate
your resources within the limits of the licenses being installed on the appliances.
1
For KVM hypervisor only. Not supported for KVM-based OpenStack. Does not support Elastic Scaling.
2
NIOS virtual appliance for Hyper-V is not recommended as a Grid Master or Grid Master Candidate. IB-VM-820
with 55 GB disk is not supported as the Grid Master or Grid Master Candidate for the vNIOS for KVM. The
Identity Mapping feature is supported on the IB-VM-810 and IB-VM-820 appliances only if they are configured as
Grid members, not as the Grid Master.
3
Does not support Elastic Scaling.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
4NIOS for KVM is supported in the following environments: OpenStack, RHEL, SuSE Enterprise and Cloud, and
CentOS. Note that only IB-V1405 as a Reporting server has been qualified for OpenStack.
The following table lists the required CPU and memory allocation for each supported Infoblox appliance model
when software threat protection is enabled:
NIOS Virtual # of Memory

Appliances CPU Allocation
Cores (GB)
IB-V1415 4 32
IB-V1425 8 32
IB-V2215 16 64
IB-V2225 16 64
IB-V4015 28 128
IB-V4025 28 128
NEW FEATURES
This section lists new features in the 8.3.x releases.
NIOS 8.3.8
Caching Threat Category Information from the Cloud Services Portal (RFE-9249)
You can configure the Cloud Services Portal and and schedule the entire threat indicator database download
from the Cloud Services Portal. The threat category information is then sent to the reporting server to augment
RPZ hits and reports are generated. Caching threat category information from the Cloud Services Portal helps
enhance the performance of threat reports as data is fetched from the cache that is stored locally.
You can also download incremental updates from the threat indicators of the Cloud Services Portal. The
incremental threat indicator is downloaded only after the whole threat indicator is downloaded from the Cloud
Services Portal.
You can configure threat indicator caching by using the Threat Indicator Caching > Basic tab in the Grid
Reporting Properties editor. For more information, see the “Grid Reporting” topic in the NIOS online
documentation.
Collecting NIOS Database Performance Data (RFE-9550)

You can now download Ptop log files that comprise database metrics which you can use to determine the
health of the NIOS database and baseline its performance. Based on the database performance, you can
ascertain the impact of changes such as adding a Grid member or enabling features such as Grid replication for
DNS zones or multi-master DNS, on the database performance. You can download the Ptop log files by using a
WAPI call. For more information, see the “Monitoring Tools” topic in the NIOS online documentation.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
Adding TLSA Records in Unsigned Zones (RFE-10324)
You can now add TLSA records in both DNSSEC signed zones or unsigned zones.
NIOS 8.3.7
NAT Port as IPSD (RFE-9527)

NIOS now supports CGNAT (Carrier Grade NAT). Multiple subscribers share the same public IP address. In
specific NATing algorithms that use port block (known port range allocation), the IP address and the first usable
port (which is a new AVP called Deterministic-NAT-Port) for the subscriber are provided in a RADIUS accounting
AVP. You can select this AVP from the IP Space Discriminator drop-down list. For more information, see the
“Scaling Using Subscriber Sites” topic in the NIOS online documentation.
NIOS 8.3.6
New Policy for Subscriber Parental Control (RFE 8665)

NIOS can now receive a new AVP (Attribute Value Pair) called the PCC (Parental Control Category) policy from
the RADIUS server. The PCC policy is a 128-bit string, and it defines how to service domains in a particular
category. If the PCC category matches a category, then a CEF log message is logged as a warning in the syslog
for domains in that category; however, these domains are not blocked.
Reporting Data Retention (RFE 9394)

You can now specify whether you want to retain reporting data and specify the number of days for which you
want the data to be retained.
You can also configure the delete permission on reporting data for a local admin user who has superuser
permissions by running the following new CLI commands:
• show reporting_user_capabilities
• set reporting_user_capabilities
For information about this feature, see the “Grid Reporting Properties”, “set reporting_user_capabilities”, and
the “show reporting_user_capabilities” topics in the NIOS online documentation.
You can also select reporting data that you want to delete after enabling the delete permission for local
admin users who have superuser permission. For information about this feature, see the “Deleting Reporting
Data” section in the “About Reports” topic in the NIOS online documentation.
NIOS SPPC Lease2RADIUS Installation (RFE 9520)

You can now add subscribers by using DHCP server logs. This procedure involves creating Python scripts and
their associated init scripts in Linux to parse to DHCP log files and send RADIUS accounting request messages to
a RADIUS accounting server. For detailed installation and configuration instructions, see the NIOS SPPC
Lease2RADIUS Installation and Configuration Guide at
https://drive.google.com/drive/folders/18thwiTAJ_zCDwsLeboIwhXzmmN0aij8p
Use Infoblox credentials to access this link.
NIOS 8.3.4
DHCP Fingerprint Data Enhancement

Infoblox has upgraded the DHCP fingerprint file in the NIOS database, adding new fingerprints and changing
some fingerprint descriptions. Thus, the appliance can now detect and identify additional devices and return
new DHCP fingerprints, and you might also see changes in certain fingerprint descriptions.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
Cisco ISE Endpoint Enhancements
• When adding a notification rule for a Cisco ISE endpoint, you can add the rule to PT appliances in NIOS
8.3.4. In other NIOS version, you can add a rule only to IB appliances.
• In NIOS 8.3.4, the Quarantine the end host action and Notify target data action are published through
the subscribing member. Only the subscribing member can publish data to the Cisco pxGrid node.
NIOS 8.3.2
Infoblox Subscriber Services Enhancements (RFE 8995)
• You can now create service policies that can be associated with specific servers. These are blocking
servers through which traffic or web pages that conform to the service policies you create are blocked
and are redirected to the blocking VIP addresses. You can specify additional IP addresses that will act
as blocking servers. For more information, see the “Configuring Blocking Server Policies” topic in the
NIOS 8.3 online documentation.
• This NIOS release adds the set subscriber_secure_data never_proxy and the show
subscriber_secure_data never_proxy CLI commands. You can use these commands to set and
view the hexadecimal characters that represent the list of categories in the global list used to resolve
DNS queries without proxying to an MSP (Multi-Services Proxy) server. For more information, see the
“set subscriber_secure_data never_proxy” and the “show subscriber_secure_data never_proxy” topics
in the NIOS 8.3 online documentation.
• You can now set the Proxy-All setting to 1 to have DNS queries processed by NIOS. The MSP server
will process the queries only if NIOS is unable to categorize the DNS queries.
Prefix Length Mode for DHCPv6 (RFE 8836)

You can now set the prefix length mode for DHCPv6 servers. The prefix length mode determines the prefix
selection rules employed by the DHCPv6 server when a DHCPv6 client sends an empty prefix with just a prefix
length as a hint for the server to specify the required prefix length. For information about the prefix length
mode options available, see the “Setting the Prefix Length Mode for DHCPv6” topic in the NIOS online
documentation.

Support for Cisco ISE 2.4 (RFE 8858)
NIOS now supports the integration with Cisco Identity Services Engine (ISE) version 2.4.
Including View Names as an EDNS Option (RFE 8238)
You can now include DNS view names as an EDNS option in recursive queries forwarded from NIOS. For more
information, see the “Specifying Forwarders” section in the “Using Forwarders” topic in the NIOS 8.3 online
documentation.
Splunk Reporting API Calls (RFE 8912)

API calls made from Splunk reporting to the Cloud Services Portal now use the configured proxy server.
Infoblox ADP Performance Improvements

DCA first: You can now configure NIOS such that DNS queries and packets are first passed on to DNS Cache
Acceleration (DCA). If the query is valid and the answer is in the cache, the query is answered by DNS Cache
Acceleration. To configure this, you must select the Enable DNS responses from acceleration cache before
applying Threat Protection rules check box. For more information, see the “Handling DNS Queries Through
DNS Cache Acceleration” topic in the NIOS 8.3 online documentation.
IB-FLEX support on AWS

The IB-FLEX platform is now supported on AWS. For more information, see the “About IB-FLEX” topic in the
NIOS online documentation.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS 8.3.1
Infoblox Subscriber Services Enhancements
• Support for termination of all user connections traversing Multi-Services Proxy (MSP) upon activation of
the block-all Parental Control Policy (PCP), or any PCP change for subscribers behind the home gateway
(CPE) when identified by the EDNS0 local ID. You can reestablish connections depending on the new
PCP value.
Note: To support proxy subscribers, the configuration must first resolve locally by ensuring that
127.0.0.1 is the first in the list of resolves. You can do this either globally through Grid DNS
properties -> DNS Resolver, or locally through Member DNS properties -> DNS Resolver.
• You can now configure the access token to use the Subscriber Data Repository REST API. You can
configure it in application.properties and set to false by default.
Support for Cisco ISE 2.3

NIOS now supports integration with Cisco Identity Services Engine (ISE) version 2.3.
CLI commands to Change the IP Address of the Docker Bridge

NIOS supports the following new CLI commands to change the IP address of the Docker bridge when DNS
forwarding proxy is enabled on a member:
• set docker_bridge
This command changes the current Docker bridge IP address to the IP address that you specify.
• show docker_bridge
This command displays the current Docker bridge settings.
For more information about these commands, see the show docker_bridge and set docker_bridge
topics in the NIOS 8.3 online documentation.
HTTP Strict Transport Security Support (RFE-7286)

NIOS now supports the HTTP Strict Transport Security (HSTS) security policy and communication between the
browser and the NIOS server occurs only through HTTPS. The HSTS header is added to avoid man-in-the-middle
(MITM) attacks that may occur through HTTP requests.
Unique Session ID (RFE-8268)

NIOS now generates a unique session ID and rejects incoming requests that do not have the unique ID. Browser
security headers are added to avoid MITM, CSRF, XSS, and MIME attacks.
Enhancement to DTC Health Checks (RFE-7753)

As per the enhancement, members that you have not selected for health checks are not taken into
consideration when calculating the health status. Only those members that are in the consolidated list perform
the local health check and share the health status across members that are in the non-selected list but are still
a part of the DTC pool.
NIOS 8.3.0
Infoblox Subscriber Services

The Infoblox Subscriber Services solution is a scalable, carrier-grade solution that provides visibility to
subscriber activities and complete filtering capabilities by combining advanced DNS services with subscriber
identification and threat protection policies. The Infoblox Subscriber Services solution includes the following:
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
• Infoblox Subscriber Insight automates the process of identifying infected subscriber devices that are
trying to connect to malicious domains. This solution augments the malware incident logs with the
subscriber identity information received via RADIUS accounting messages and generates a report to
display RPZ violations per subscriber ID. You can also identify subscribers who access specific
domains for purposes other than security.
• Infoblox Subscriber Policy Enforcement enables the selection of applicable policies for the
subscriber. Policies are any combinations of RPZs. You can use this product to create value-added
service plans or packages for different subscribers.
• Infoblox Subscriber Engage enables service providers to interact with specific customers based on
context of browsing activities for upsell or customer care. It also allows providers to create specific
campaigns for incremental revenue with value-added services and/or customer satisfaction in the
context of browsing activities for individual subscribers. Common engagement can include
customer care, advertisement insertion, and marketing campaign management based on individual
criteria.
• Infoblox Subscriber Parental Control enables subscribers to manage Internet access and content for
their mobility devices, houses, families, or corporations. Subscribers can restrict or allow access to
content based on content categories and domains. Note that this feature works with Infoblox
Harmony 8.2.0.12 or later. For more information, refer to the Infoblox Harmony Release Notes.
• Support for EDNS0 Local-ID that is used to identify subscribers behind a home gateway network.
• EDNS0 category support.
• Support for per subscriber blacklist and whitelist domains.
• CEF log and reporting enhancements.
• Support for Splunk REST APIs.
• Alternate subscriber ID to identify the fixed line or home gateway router.
• MGMT replication that allows accepting the NAS RADIUS traffic over the MGMT interface only.
• Support for the proxy server to download the category feed
• Support for guest indicator for fixed line deployments to identify unknown local ID
Flex Grid Activation License for Managed Services

Infoblox introduces the NIOS Flex Grid Activation License for Managed Services. This license is similar to the
Flex Grid Activation license but is meant for managed service deployments. The license enables you to access
the following three new reports in addition to the other Infoblox reports:
• Managed DDI Peak IP Usage Trend
• Managed DNS Peak Usage Trend
• Managed DDI Features Enabled
Flex Grid Activation License

The Flex Grid Activation License now supports the following features in addition to the previously supported
features:
• DHCP
• MSMGMT
• Cloud Network Automation (only when IB-FLEX is the Grid Master)
• Captive Portal
Outbound Feature Enhancements

This NIOS release adds the following enhancements to the outbound feature when the Security Ecosystem
license is installed:
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
• Notification rule supports Security ADP, Schedule, and Object Change Discovery Data event types.
Notifications are also sent for network container changes and object change discovery data.
• Infoblox allows you to exclude the name field for each step, modify endpoint configuration during
template execution, repeat a parse operation, and use template functions that will contain the list of
steps to be executed. New parse operations are introduced and existing parse operations are enhanced
to evaluate or remove strings.
• You can configure query FQDN for outbound threat protection events and choose maximum labels in
FQDN that can be configured at the Grid and/or member level.
• ActiveTrust Cloud Clients: This release supports the use of Infoblox ActiveTrust Cloud Client to allow
interaction between the ActiveTrust Cloud platform and external outbound endpoints using the
Outbound notifications feature. The ActiveTrust Cloud Client uses threat API calls to request security
events from the Cloud Services Portal and convert data to outbound events. With the ActiveTrust Cloud
Client, you can periodically pull blocked or locked malicious DNS requests. Infoblox enables you to
configure notification rules to filter incoming events using the following fields: Threat Origin (NIOS,
ActiveTrust Cloud), ActiveTrust Cloud Hit Type (DNS RPZ, Threat Analytics), ActiveTrust Cloud Hit Class
and ActiveTrust Cloud Hit Property.
Super Host (RFE-297)

With this NIOS release, Infoblox introduces configuration of super hosts. A super host is a collection of resource
records or fixed addresses that belong to a single network device, such as a router or a switch, or an
application server. You can configure and manage multiple interfaces, IP addresses, and DNS and DHCP records
that are associated with the same physical or virtual device.
DTC SRV Records (RFE-7950)

You can now create, update, and delete SRV records in a DTC server.
DNSSEC secure responses (RFE-6478)

You can now configure the appliance to secure responses for domains that are not DNS secure.
Support of wildcards in the certificate subject (RFE-311)

NIOS now supports SSL/TLS (x509) server certificates with a ‘*’ in the subject.
Support for CSV import/export of DTC Objects (RFE-6643)

This release of NIOS provides CSV import and export for DTC objects. This feature:
• Enables external parsing of DTC configuration data
• Enables historical backups of DTC configurations
• Facilitates migrations from competitive load balancing solutions
DTC Health Checks (RFE-7753)

You can choose the DTC health monitors whose DTC health checks are considered when calculating the health
status of a member in a pool.
Back Up DTC Configuration Files (RFE-7948)

You can back up and restore DTC configuration files in the same way as you would back up configuration files
or discovery database files.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
Enhancement for DTC Persistence (RFE-7791, RFE-7790)
From this NIOS release onwards, even if the DNS restart takes longer than the value specified in the
Persistence field in the DTC LBDN wizard, the DNS server now directs the request to the same server. This
provides persistence redundancy so that applications can maintain state even when Grid member services are
interrupted.
Enabling Fixed RRset Ordering for NAPTR Records (RFE-7744)

You can now enable fixed RRset ordering for the authoritative zone to save the order of the NAPTR records that
are imported to the zone using CSV import.
Mixed SRIOV/Virtio support with NIC Bonding on OpenStack (RFE-8007)

NIOS now supports mixed SRIOV/Virtio support with NIC Bonding on OpenStack.
Including Client IP and MAC addresses to Outgoing Queries (RFE-8238)

When you configure NIOS to forward recursive queries to ActiveTrust Cloud, you can now include the following
in the outgoing recursive queries: the IP address and the MAC address of the client from which the DNS query
was initiated as well as the EDNS0 custom options. You can also configure NIOS to copy and validate the client
IP address and MAC address from incoming queries to outgoing queries. Note that this feature is designed to
work with forwarding recursive queries to legitimate Infoblox DNS servers.
New OIDs for ibPlatformOne MIB (RFE-8520)

This release of NIOS introduces the following new OIDs for the ibPlatformOne MIB file:
• 3.1.1.2.1.8.4.3.1.1.4.112.111.111.108
• 3.1.1.2.1.8.4.3.1.1.5.99.97.99.104.101
• 3.1.1.2.1.8.4.3.1.1.5.116.99.111.114.101
• 3.1.1.2.1.8.4.3.1.1.5.109.99.111.114.101
Enhancements for Software ADP and DNS Cache Acceleration Platforms

This NIOS release adds the following enhancements for Software ADP DNS Cache Acceleration Platforms:
• Support for Software ADP on the following appliances: IB-815, IB-825, IB-1410, IB-1415, IB-1420, IB-
1425, IB-2215, IB-2225, IB-4015, and IB-4025 (both physical and virtual platforms)
• Support for Software ADP on IB-2210 and IB-2220 platforms (both physical and virtual platforms)
(RFE-7732)
• Support for sortlist and DNS64 features for vDCA on IB-FLEX platforms
• Support for NAT (Network Address Translation) mapping of software-based threat protection services
VLAN Tagging Support

VLAN tagging is supported by all virtual appliances.
Generating CSR using SHA-384 (RFE-7569)

NIOS now supports CSR and self-signed certificates using SHA-384 and SHA-512.
Support for BGP 4-byte ASN (RFE-6862)

This release of NIOS supports BGP 4-byte Autonomous System Numbers (ASN) configurations.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
Changes to the default values of unbound parameters (RFE-8301)
Default values for the following unbound parameters have been updated:
Unbound Parameter Default Value
outgoing-num-tcp 384
incoming-num-tcp 512
infra-cache-numhosts 20000
val-permissive-mode yes
Network Insight Enhancements

This NIOS release adds the following enhancements for Network Insight:
• Discovery Diagnostics for Non-IPAM Networks (RFE-6804): Network Insight can now perform discovery
diagnostics for devices or IP addresses that are associated with networks that you have not defined in
IPAM. When you select a discovery member for an IP address that does not exist in any IPAM network or
is excluded from discovery, Network Insight can now create a discovery diagnostic task for the IP
address.
• Additional Discovered Data: Additional wireless discovery data is now included with the endpoint IP
addresses being synchronized with NIOS. The additional data includes wireless access point name,
wireless access point IP address, and SSID. This data complements the wireless controller that is
already being synchronized.
Support for CAA Resource Record (RFE-4537)

NIOS now supports the CAA (Certification Authority Authorization) DNS resource record. A CAA resource record
enables domain owners to define the CAs (Certificate Authorities) that can issue certificates for a domain.
When you define a CAA record, only the CAs listed in the records can issue certificates for the respective
domain. With CAA, you can also define notification rules to manage requests for a certificate from a non-
authorized CA.
Enhancements for Nested AD Groups (RFE-7580)

In addition to the default nested AD group, you can now define multiple organizational units and add non-
default AD admins and groups to these units.
Cloud Certificates Management (RFE-8048)

You can now manage the CA certificate in NIOS for the public clouds AWS and Azure. You can upload valid CA
certificates from the Grid Manager if the root CA expires.
Support for ALIAS Records (RFE-3808)

NIOS now supports the creation of an ALIAS record for a standard record type to ALIAS the root domain (apex
zone) to another name. An ALIAS record can be used to host a website at a domain name without the "www" (or
other) prefix when using the cloud services, such as Amazon Web Services, Azure VMs, GitHub pages, Heroku,
and so on.
Subject Alternative Name Certificate Support (RFE-1256)

This NIOS release supports the use of Subject Alternative Name (SAN) in SSL certificates.
Support for Microsoft Azure Government cloud

This release of NIOS supports the Microsoft Azure Government cloud platform.
Support for Java 1.7 (RFE-5158)

You can make REST API calls using Java version 1.7 and later.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
CHANGES TO DEFAULT BEHAVIOR
This section lists changes to default behavior in NIOS 8.x releases.
NIOS 8.3.x
• Threat context fetch in the Cloud Services Portal now uses the proxy settings if configured through the
Grid Properties option in Grid Manager.
Note: The proxy server certificate is not qualified.
• Threat Insight in the Cloud now uses credentials instead of an API key for authorization. If you use
Threat Insight in the Cloud, you must configure the email address and password for ActiveTrust Cloud
integration in the Grid Properties Editor > ActiveTrust Cloud Integration tab. The Cloud Services
Portal uses these credentials for authorization when you enable the cloud client for Threat Insight in
the Cloud or ActiveTrust Cloud for outbound.
• You can override the Grid or member zone transfer setting at the zone level. Due to an implementation
issue in previous releases, when you set the zone transfer setting at the zone level to “None,” the zone
still inherited the Grid or member setting. For example, the appliance would still perform zone
transfers when you overrode the zone transfer setting to “None” at the zone level if your Grid or
member setting allowed zone transfers. When you set zone transfers to “None” at a zone level, the
appliance denies zone transfers, and all zone transfers for that zone will fail.
• From NIOS 8.3 onwards, RPZ events require more storage to enable detailed reporting. If you
experience a high level of RPZ events, you must either acquire more reporting capacity or change your
RPZ configuration to reduce event generation. Post upgrade from NIOS 8.2.7, RPZ hits consume greater
memory.
NIOS 8.2.x
• In NIOS 8.2.x, the appliance adds IP addresses of the external secondary servers to the “also-notify”
statement for all master zones. You will see this change when you install or upgrade to NIOS 8.2.x.
NIOS 8.0.0
• The Infoblox DNS Traffic Control solution delivers an enhanced user interface through Grid Manager.
Starting with this release, you will experience the following changes:
Ø The DTC Server wizard has been integrated with IPAM and DNS. DNS records can be selected
under DNS or IPAM, and you can launch the DTC Server wizard. The wizard will then use
information from the selected record to create a DTC server. Also, when the DTC server wizard
is launched from the Traffic Control tab, you can select a DNS record to provide information
for creating a DTC Server.
Ø Management of Health Monitors and Topology Rulesets have been moved to dialogs that are
launched from the Traffic Control tab.
Ø The Traffic Control Visualization can now be viewed in two panels: A panel that is displayed
next to the Traffic Control list view or in an expanded full-size panel.
Ø The visualization panel has many improvements for visualizing and managing traffic control
structures, including tooltip menus for directly editing Traffic Control objects.
Ø New menu actions have been added to the Action menu (the gear icon) and the visualization
tooltip. You can use these actions to quickly add servers to pools and pools to LBDNs.
• Starting with this release, the IB-4030 and IB-4030-10GE appliances use the cache pre-fetch option to
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
replace the old cache refresh. Cache pre-fetch detects cached records that are about to expire and
fetch another copy before the actual expiration. When a query asks for data that has been cached, in
addition to returning the data, the appliance fetches a fresh copy from the authoritative server if the
pre-fetch condition (Eligible and Trigger settings) is met. This option helps minimize the time window
in which no answer is available in the cache.
• When configuring DNSSEC, you can select the resource record type (NSEC or NSEC3) you want to use
for handling non-existent names in DNS for the Resource Record Type for Nonexistent Proof option.
The default is now NSEC3 versus NSEC in previous releases.
• In previous releases, bloxTools is not supported on NIOS virtual appliances. bloxTools is now supported
on NIOS virtual appliances.
• In previous release, when port redundancy was configured and if LAN1 was not available, the Infoblox
appliance failed over to LAN2. Once the LAN1 connection was available, the appliance reverted to
LAN1 automatically. Starting with this release, this behavior has changed. After a failover, the
appliance no longer reverts automatically back from LAN2 to LAN1. You can select the Use LAN1 when
available option when you enable port redundancy to always use LAN1 when it is available. If this
option is not selected, the appliance does not automatically revert from LAN2 to LAN1 even when the
LAN1 interface is available.
CHANGES to Infoblox API and RESTful API (WAPI)
This section lists changes made to the Infoblox RESTful API. For detailed information about the supported
methods and objects, refer to the latest versions of the Infoblox WAPI Documentation, available through the
NIOS products and on the Infoblox documentation web site.
The latest available WAPI version is 2.11 which is supported in NIOS 8.5.
This NIOS release supports the following WAPI versions: 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.4, 1.4.1, 1.4.2, 1.5, 1.6,
1.6.1, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 2.0, 2.1, 2.1.1, 2.2, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.4, 2.5, 2.6, 2.6.1,
2.7, 2.8, and 2.9.x.
NOTE: In NIOS versions 6.12.14 to 6.12.17, the alias to the current WAPI version was incorrectly specified as
2.1 instead of 1.7.5. This caused the documentation to also display v2.1 as the latest version and requests sent
as 2.1 to behave as if they were sent against 1.7.5. This issue was rectified in NIOS 6.12.18 and later 6.12.x
releases. Any WAPI scripts using v2.1 in the URI written to run against NIOS versions 6.12.x should be changed
to v1.7.5 immediately after upgrading from an affected release to NIOS 6.12.18 or later.
The following table describes the mapping of NIOS versions to WAPI versions:
NIOS Version WAPI Version
8.0.0 to 8.0.9 2.5
8.1 to 8.1.8 2.6.1
8.2.0 to 8.2.3 2.7
8.2.4 to 8.2.5 2.7.1
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
8.2.6 to 8.2.9 2.7.3
8.3.0 to 8.3.1 2.9
8.3.2 to 8.3.5 2.9.1
8.3.6 2.9.5
8.3.8 2.9.7
8.4.0 to 8.4.1 2.10
8.4.2 to 8.4.3 2.10.1
8.4.4 2.10.3
8.4.5, 8.4.6, 8.4.7 2.10.5
8.5 2.11
WAPI Deprecation and Backward Compatibility Policy
This policy covers the interfaces exposed by the Infoblox WAPI and the protocol used to communicate with it.
Unless explicitly stated in the release notes, previously available WAPI versions are intended to remain
accessible and operative with later versions.
The planned deprecation of a given version of the WAPI will normally be announced in the release notes at
least one year in advance. Upon deprecation, the announced WAPI version and all prior versions will no longer
be supported in subsequent releases. For example, if the current WAPI release is v3.4 and the release notes
contain an announcement of the v1.5 deprecation, v1.4 and v1.5 API requests would continue to work with
later releases for one year from the announcement date. After that, some or all requests for these deprecated
versions may not work with versions later than v1.5. API requests adherent to versions later than v1.5 (v2.0 for
example) would continue to work with subsequent releases. Infoblox seeks to avoid any deprecation that has
not been announced in advance, however product modifications and enhancements may affect specific API
requests without a prior announcement; Infoblox does not warrant that all API requests will be unaffected by
future releases. This policy applies to both major and minor versions of the WAPI. Infoblox reserves the right
to change this policy.
NIOS 8.3.x includes the following WAPI changes:
New Structures:
Ø member:dnsip
Ø parentalcontrol:sitemember
Ø parentalcontrol:nasgateway
Ø parentalcontrol:msp
Ø parentalcontrol:spm
Ø grid:cspapiconfig
Ø outbound:cloudclient
Ø outbound:cloudclient:event
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
New Objects:
Ø member:dns (Extend object)
Ø parentalcontrol:avp
Ø parentalcontrol:ipspacediscriminator
Ø parentalcontrol:subscriber
Ø parentalcontrol:subscribersite
Ø member:parentalcontrol
Ø record:caa
Ø notification:rule (Extended)
Ø notification:ruleexpressionop (Extended)
Ø notification:rest:template (Extended)
Ø grid:threatprotection (Extended)
Ø member:threatprotection (Extended)
Ø parentalcontrol:subscriber(Extended)
UPGRADE GUIDELINES
• If there are Threat Protection members in your Grid for the 8.3.x features (Infoblox Subscriber
Services, forwarding recursive queries to ATC, and CAA records), ensure that you upload the latest
Threat Protection ruleset for these features to function properly.
• Infoblox recommends that you enable DNS Fault Tolerant Caching right after you upgrade to NIOS
8.2.x and keep this feature enabled to handle unreachable authoritative servers. Note that enabling
this feature requires a DNS service restart, which will clear the current cache. Therefore, if you enable
this when you are trying to mitigate an ongoing attack on an authoritative server that is outside of your
control, it will clear the DNS cache, which will magnify the issues that your system is experiencing.
• During a scheduled full upgrade to NIOS 8.1.0 and later versions, you can use only IPv4 addresses for
NXDOMAIN redirection. You cannot use IPv6 addresses for NXDOMAIN redirection while the upgrade is in
progress.
• If you set up your Grid to use Infoblox Threat Insight but have not enabled automatic updates for
Threat Analytics module sets, you must manually upload the latest module set to your Grid or enable
automatic updates before upgrading. Otherwise, your upgrade will fail.
• If you are upgrading from 7.3.200 or 7.3.201 to NIOS 8.0.x and have reporting clustering configured,
you must download and upgrade to IBRA 1.2.0 (for the Splunk app) after the NIOS upgrade.
• In NIOS versions 6.12.14 to 6.12.17, the alias to the current WAPI version was incorrectly specified as
2.1 instead of 1.7.5. This caused the documentation to also display v2.1 as the latest version and
requests sent as 2.1 to behave as if they were sent against 1.7.5. This issue was rectified in NIOS
6.12.18 and later 6.12.x releases. Any WAPI scripts using v2.1 in the URI written to run against NIOS
versions 6.12.x should be changed to v1.7.5 immediately after upgrading from an affected release to
NIOS 6.12.18 or later.
• There are special restrictions for configuration changes when upgrading to NIOS 8.0.0 and later
releases. For detailed information about the restrictions, see the “Upgrading NIOS” section at
https://docs.infoblox.com/
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
BEFORE YOU INSTALL
Infoblox supports the following upgrade paths:

• 8.3.7 and earlier 8.3.x releases
• 8.3.0 EA1 and 8.3.0 EA2 releases
• 8.0.11 and earlier releases
• 7.2.202-LD and earlier 7.2.2xx releases
Even though Infoblox supports the upgrade paths mentioned above, Infoblox has tested and validated the
following upgrade paths for NIOS 8.3.8. Infoblox recommends that you upgrade to NIOS 8.3.8 from these tested
and validated releases.
8.3.7, 8.3.6, 8.3.5, 8.3.4, 8.3.3, 8.2.9, 8.1.8, 8.0.11, and 7.3.18
If you want to upgrade from other NIOS releases, Infoblox recommends that you first upgrade to the tested and
validated paths before upgrading to NIOS 8.3.8. For example, if you want to upgrade from 6.12.12 to 8.3.8,
Infoblox recommends that you first upgrade to 7.3.18, and then upgrade to 8.3.8.
To ensure that new features and enhancements operate properly and smoothly, Infoblox recommends that you
evaluate the capacity on your Grid and review the upgrade guidelines before you upgrade from a previous NIOS
release.
Infoblox recommends that administrators planning to perform an upgrade from a previous release create and
archive a backup of the Infoblox appliance configuration and data before upgrading. You can run an upgrade
test before performing the actual upgrade. Infoblox recommends that you run the upgrade test, so you can
resolve any potential data migration issues before the upgrade.
Technical Support
Infoblox technical support contact information:
Telephone: 1-888-463-6259 (toll-free, U.S. and Canada); +1-408-625-4200, ext. 1
E-mail: support@infoblox.com
Web: https://support.infoblox.com
GUI Requirements
Grid Manager supports the following operating systems and browsers. You must install and enable Javascript for
Grid Manager to function properly. Grid Manager supports only SSL version 3 and TLS version 1 connections.
Infoblox recommends that you use a computer that has a 2 GHz CPU and at least 1 GB of RAM.
Infoblox has tested and validated the following browsers for Grid Manager:
OS Browser
Microsoft Windows 10® Microsoft Internet Explorer® 11.x*
Microsoft Edge
Microsoft Windows 8® Google Chrome 61.0.3163.100
Microsoft Windows 7® Mozilla Firefox 57.0.2
Red Hat® Enterprise Linux® 7.4 Google Chrome 61.0.3163.100
Red Hat® Enterprise Linux® 7.3 Mozilla Firefox 57.0.2
Apple® Mac OS Safari
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
When viewing Grid Manager, set the screen resolution of your monitor as follows:
Minimum resolution: 1280 x 768
Recommended resolution: 1280 x 1024 or better
Documentation
You can access the NIOS 8.3 documentation online at
https://docs.infoblox.com/display/nios83/Infoblox+NIOS+8.3
Training
Training information is available at https://training.infoblox.com
ACCESSING GRID MANAGER
Before you log in to Grid Manager, ensure that you have installed your NIOS appliance, as described in the
installation guide or user guide that shipped with your product, and configured it accordingly.
To log in to Grid Manager:

1. Open an Internet browser window and enter https://<IPv4 address or hostname of your NIOS
appliance> or https://[IPv6 address] of your NIOS appliance. The Grid Manager login page appears.
2. Enter your user name and password, and then click Login or press Enter. The default user name is
admin and password is infoblox.
3. Read the Infoblox End-User License Agreement and click I Accept to proceed. Grid Manager displays the
Dashboard, your home page in Grid Manager.
ADDRESSED VULNERABILITIES
This section lists security vulnerabilities that were addressed in the past 12 months. For vulnerabilities that are
not listed in this section, refer to Infoblox KB #2899. For additional information about these vulnerabilities,
including their severities, please refer to the National Vulnerability Database (NVD) at http://nvd.nist.gov/.
The Infoblox Support website at https://support.infoblox.com also provides more information, including
vulnerabilities that do not affect Infoblox appliances.
CVE-2019-11477
The TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when
handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of
service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11.
CVE-2019-6469
An error in the EDNS Client Subnet (ECS) feature for recursive resolvers could cause BIND to exit with an
assertion failure when processing a response that contained malformed RRSIGs.
CVE-2018-10239
A vulnerability in the “support access” password generation algorithm on NIOS could allow a locally
authenticated administrator to temporarily gain additional privileges on an affected device and perform
actions within the super user scope. A locally authenticated administrative user may be able to exploit this
vulnerability if the “support access” feature is enabled. This is because the administrator knows the support
access code for the current session and the algorithm to generate the support access password from the
support access code. “Support access” is disabled by default. When enabled, the access is automatically
disabled (and support access code will expire) after 24 hours.
CVE-2018-5743
The named DNS service fails to properly enforce limits on the number of simultaneous TCP connections.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
CVE-2018-5732
A specially constructed response from a malicious server could cause a buffer overflow in the DHCP client.
CVE-2018-5733
A malicious client that was allowed to send very large amounts of traffic (billions of packets) to a DHCP server
could eventually overflow a 32-bit reference counter, potentially causing the DHCP daemon to crash.
CVE-2018-5391
The Linux kernel versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified
packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending
specially crafted IP fragments. This vulnerability became exploitable in the Linux kernel with the increase of
the IP fragment reassembly queue size.
CVE-2018-5390
A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A
remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue()
and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which
could lead to a CPU saturation and hence a denial of service on the system.
CVE-2018-0739
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed
the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There
are no such structures used within SSL/TLS that come from untrusted sources, so this is considered safe.
CVE-2018-0733
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only
comparing the least significant bit of each byte. This allows an attacker to forge messages that would be
considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the
scheme.
CVE-2018-8781
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and
including 4.15 had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to
obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-
bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered
just feasible, because most of the work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be significant. However, for an attack on
TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX
extensions like Intel Haswell (4th generation).
CVE-2017-3737
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a
fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately
fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions
(SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if
SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be
returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the
same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
the SSL/TLS record layer.
CVE-2017-3735
If an X.509 certificate had a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer
overread, resulting in an erroneous display of the certificate in text format.
CVE-2016-10229
udp.c in the Linux kernel before 4.5 allowed remote attackers to execute arbitrary code via UDP traffic that
triggered an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK
flag.
CVE-2017-3143
An attacker who was able to send and receive messages to an authoritative DNS server and who had knowledge
of a valid TSIG key name for the zone and service being targeted might be able to manipulate NIOS into
accepting a dynamic update.
CVE-2017-3142
An attacker who was able to send and receive messages to an authoritative DNS server might be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed request packet.
CERT VULNERABILITY NOTE CVE-2017-3140

RPZ policy handling could affect servers using RPZ policies that included NSIP or NSDNAME triggers, resulting in
additional recursions that consumed DNS resources indefinitely and caused performance issues or DNS outage.
CERT VULNERABILITIES for NTPD

Upgraded NTPD to ntp-4.2.8p10 to address the following medium to low severity vulnerabilities:
CVE-2017-6464, CVE02017-6463, CVE-2017-6462, CVE-2017-6460, CVE-2017-6459, CVE-2017-6458,
CVE-2017-6455, CVE-2017-6452, CVE-2017-6451, CVE-2016-9042, CVE-2016-7434.
CVE-2017-3137
Processing a response containing CNAME or DNAME records in an unusual order could cause a DNS resolver to
terminate.
CVE-2017-3136
Using DNS64 with 'break-dnssec yes' could cause the DNS service to exit with an assertion failure.
CVE-2017-3135
Under some conditions when using both DNS64 and RPZ to rewrite query responses, the querying process could
resume in an inconsistent state, resulting in either an INSIST assertion failure or an attempt to read through a
NULL pointer.
CVE-2016-9444
An unusually-formed answer containing a DS resource record could trigger an assertion failure and cause the
DNS service to stop, resulting in a denial of service to clients.
CVE-2016-9147
An error handling a query response containing inconsistent DNSSEC information could trigger an assertion
failure and cause the DNS service to stop, resulting in a denial of service to clients.
CVE-2016-9131
A malformed response to an ANY query can trigger an assertion failure during recursion and cause the DNS
service to stop, resulting in a denial of service to clients.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
CVE-2016-8864
While processing a recursive response that contained a DNAME record in the answer section, “named” could
stop execution after encountering an assertion error in resolver.c.
CVE-2016-6306
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause
a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVE-2016-6304
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a
allowed remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request
extensions.
CVE-2016-5696
The net/ipv4/tcp_input.c in the Linux kernel before 4.7 did not properly determine the rate of challenge ACK
segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window
attack.
CVE-2016-1285
A defect in the control channel input handling could cause the DNS service to fail due to an assertion failure in
sexpr.c or alist.c when a malformed packet was sent to the control channel.
CVE-2016-1286
An attacker who controlled a server to make a deliberately chosen query to generate a response that contained
RRSIGs for DNAME records could cause the DNS service to fail due to an assertion failure in resolver .c or db.c,
resulting in a denial of service to clients.
CVE-2015-8705
In some versions of BIND, an error could occur when data that had been received in a resource record was
formatted to text during debug logging. Depending on the BIND version in which this occurred, the error could
cause either a REQUIRE assertion failure in buffer.c or an unpredictable crash (e.g. segmentation fault or other
termination). This issue could affect both authoritative and recursive servers if they were performing debug
logging. Note that NIOS 7.1.0 through 7.1.8 and NIOS 7.2.0 through 7.2.4 were affected by this vulnerability.
CVE-2015-8704
A DNS server could exit due to an INSIST failure in apl_42.c when performing certain string formatting
operations. Examples included but might not be limited to the following:
§ Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer
from their masters.
§ Masters using text-format db files could be vulnerable if they accepted a malformed record in a DDNS
update message.
§ Recursive resolvers were potentially vulnerable when logging, if they were fed a deliberately
malformed record by a malicious server.
§ A server which had cached a specially constructed record could encounter this condition while
performing 'rndc dumpdb'.
CVE-2015-8605
A badly formed packet with an invalid IPv4 UDP length field could cause a DHCP server, client, or relay
program to terminate abnormally, causing a denial of service.
CVE-2015-8000
If responses from upstream servers contained an invalid class parameter for certain record types, DNS service
might terminate with an assertion failure.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
CVE-2015-7547
The glibc DNS client side resolver was vulnerable to a stack-based buffer overflow when the getaddrinfo()
library function was used. Software using this function might be exploited with attacker-controlled domain
names, attacker-controlled DNS servers, or through a man-in-the-middle attack.
CVE-2015-6564
Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the
pre-authentication process for remote code execution
CVE-2015-6563
Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise
the pre-authentication process for remote code execution and who had valid credentials on the host could
impersonate other users.
CVE-2015-5986
An incorrect boundary check could cause DNS service to terminate due to a REQUIRE assertion failure. An
attacker could deliberately exploit this by providing a maliciously constructed DNS response to a query.
CVE-2015-5722
Parsing a malformed DNSSEC key could cause a validating resolver to exit due to a failed assertion. A remote
attacker could deliberately trigger this condition by using a query that required a response from a zone
containing a deliberately malformed key.
CVE-2015-5477
A remotely exploitable denial-of-service vulnerability that exists in all versions of BIND 9 currently supported.
It was introduced in the changes between BIND 9.0.0 and BIND 9.0.1.
CVE-2015-6364 and CVE-2015-5366

A flaw was found in the way the Linux kernel networking implementation handled UDP packets with incorrect
checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel,
resulting in a denial of service on the system, or causing a denial of service in applications using the edge
triggered epoll functionality.
CVE-2015-1789
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1
before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds
read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against
a server that supported client authentication with a custom verification callback.
CVE-2015-1790
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s,
1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner
EncryptedContent data.
CVE-2015-1792
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1
before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via
vectors that triggered a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for
a hash function.
CVE-2015-1781
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any
of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute
arbitrary code with the permissions of the user running the application.
CVE-2015-4620
A recursive resolver configured to perform DNSSEC validation, with a root trust anchor defined, could be
deliberately crashed by an attacker who could cause a query to be performed against a maliciously constructed
zone.
CVE-2015-0235
Addressed an internal issue in C library (GNU C Library gethostbyname*). Although it was not possible to exploit
this as a security issue in NIOS, it could cause some incorrect error conditions and messages while administering
the product.
CVE-2014-9298
An attacker could bypass source IP restrictions and send malicious control and configuration packets by
spoofing ::1 addresses because NTP's access control was based on a source IP address.
CVE-2014-8500
Failure to place limits on delegation chaining could allow an attacker to crash named or cause memory
exhaustion by causing the name server to issue unlimited queries in an attempt to follow the delegation.
CVE-2014-8104
The OpenVPN community issued a patch to address a vulnerability in which remote authenticated users could
cause a critical denial of service on Open VPN servers through a small control channel packet.
CVE-2014-3566
SSL3 is vulnerable to man-in-the-middle-attacks. SSL3 is disabled in NIOS, and connections must use TLSv1
(which is already used by all supported browsers). Note that SSL3 is still used for transmission of reporting
data; but you can disable SSL3 on your reporting server to protect it from the vulnerability.
CVE-2014-3567
A denial of service vulnerability that is related to session tickets memory leaks.
CVE-2014-7187
Off-by-one error in the read_token_word function in parse.y in GNU BASH through v. 4.3 allowed remote
attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly an
unspecified impact through deeply nested for loops (also known as the "word_lineno" issue).
CVE-2014-7186
The redirection implementation in parse.y in GNU BASH through v. 4.3 allowed remote attackers to cause a
denial of service (out-of-bounds array access and application crash) or possibly an unspecified impact through
the "redir_stack" issue.
CVE-2014-6271, CVE-3014-6277, CVE-2014-6278, AND CVE-2014-7169

GNU Bash through v. 4.3 processed trailing strings after function definitions in the values of environment
variables, which allowed remote attackers to execute arbitrary code via a crafted environment (also known as
the "ShellShock" vulnerability)."
CVE-2014-3470
Enabling anonymous ECDH cipher suites on TLS clients could cause a denial of service.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
CVE-2014-0224
A specially crafted handshake packet could force the use of weak keying material in the SSL/TLS clients,
allowing a man-in-the-middle (MITM) attack to decrypt and modify traffic between a client and a server.
CVE-2014-0221
Remote attackers could utilize DTLS hello message in an invalid DTLS handshake to cause a denial of service.
CVE-2014-0198
Enabling SSL_MODE_RELEASE_BUFFERS failed to manage buffer pointer during certain recursive calls that could
cause a denial of service.
CVE-2014-0195
Remote attackers could trigger buffer overrun attack through invalid DTLS fragments to an OpenSSL DTLS
client or server, resulting in a denial of service.
CVE-2014-0591
A crafted query against an NSEC3-signed zone could cause the named process to terminate.
RESOLVED ISSUES
The following issues were reported in previous NIOS releases and resolved in this release. The resolved issues
are listed by severity. For descriptions of the severity levels, refer to Severity Levels.
Fixed in NIOS 8.3.8
ID Severity Summary
NIOS-72388 Critical Fatal error messages were displayed in the log files in a vNIOS KVM-based
OpenStack Newton deployment and numerous core files were generated.
NIOS-71216 Critical RPZ local zones were not transferred to Grid members that joined the Grid with
the IPv6 only MGMT port.
NIOS-70577 Critical The join WAPI function did not work on IB-FLEX appliances.
NIOS-70558 Critical When the primary name server was changed and the secondary server was made
the primary server, after a DNS service restart, the change was not reflected in
the Grid members.
ID Severity Summary
NIOS-73901 Major NIOS-73636 was not documented as a resolved issue.
NIOS-73621 Major The threat analytics service kept restarting because the DNSTAP application
took a long time to start.
NIOS-73474 Major Under certain circumstances, the threat protection service was in a failed state
and restarted unexpectedly.
NIOS-73318 Major The NIOS 8.3.0 Early Access upgrade path needed to be removed from all later
NIOS releases.
NIOS-73234 Major After a KSK rollover, resolving LBDN records in a zone caused DNSSEC validation
to fail.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-73137 Major Unable to create TLSA records in an unsigned zone.
NIOS-72783 Major Unable to edit the host name of a Grid member and the “Must be a fully
qualified domain name” message was displayed.
NIOS-72723 Major Adding an external secondary nameserver to a nameserver group displayed an
“An Invalid value entered” error message.
NIOS-72513 Major Perl modules needed to be upgraded to download Symantec data with HTTPS
protocol support using a proxy URL.
NIOS-72447 Major The set snmptrap command used 0 as the value of the
msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime
variables and this caused the trap receiver to drop traps.
NIOS-71004 Major The DNS service restart took a long time to execute in Grid members.
NIOS-70609 Major Using WAPI, unable to create records in a shared record group.
NIOS-70276 Major Under certain circumstances, the Threat Analytics service kept restarting
continuously.
ID Severity Summary
NIOS-73682 Minor After a NIOS upgrade, a Grid member displayed an error in the Grid > Grid
Manager > DNS Cache Acceleration tab when configuring DNS Cache
Acceleration.
NIOS-72623 Minor The visualization and representation of DTC objects in a Grid caused unexpected
outcomes such as the wrong status of pools and LBDNs.
Fixed in NIOS 8.3.7
ID Severity Summary
NIOS-73150 Critical Under a rare circumstance, the DNS service did not start after a NIOS upgrade.
NIOS-73127 Critical Under a rare circumstance, the RPZ was not refreshed after a zone transfer and
alerts were generated.
NIOS-73118 Critical Under a rare circumstance, DNS members dropped queries and generated slower
responses.
NIOS-73091, Critical A connection failure with syslog blocked programs for up to 5 seconds and
NIOS-73044 multiple instances of the syslog-ng process were launched.
NIOS-73002 Critical When DNS Cache Acceleration was enabled, DNS responses with EDNS were
dropped.
NIOS-72797 Critical After a NIOS upgrade, the named.conf file displayed syntax errors.
NIOS-72441 Critical Restoring accidentally deleted networks from the Recycle Bin took a long time.
NIOS-72396 Critical The subscriber ID needed to be unescaped before adding it to the proxy API.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-71069 Critical Setting the server for Consolidated Monitor Health Settings resulted in a high
swap issue.
NIOS-70786, Critical Devices at two sites went down and a restart did not recover the systems.
NIOS-70738
NIOS-70764 Critical Statistics for the DNS Effective Peak Usage Trend for Flex Grid License report
were incorrect and the QPS did not represent the actual value.
NIOS-70698 Critical The IPv6 loopback address was not assigned to an area thus causing it to be
advertised as LSA type5 (external route).
NIOS-70657 Critical Under certain circumstances, the name server configuration was removed for
AWS zones.
NIOS-70571 Critical The NIOS kernel was susceptible to CVE-2019-11477.
NIOS-70484 Critical Under certain circumstances, HA failover failed.
NIOS-70324 Critical Restarting the DNS service on Grid members took a long time.
NIOS-70234 Critical A local RPZ zone with many records was slow to open and navigate.
NIOS-69755 Critical PTR records were removed from Microsoft DNS as a result of changes to TTL
values.
NIOS-67562 Critical After a NIOS upgrade, there was high memory utilization on the bloxTools
member.
ID Severity Summary
NIOS-73266, Major Both latency and traffic increased on LAN1 and LAN2 interfaces after a hotfix
NIOS-73246, installation.
NIOS-73151
NIOS-73137 Major Unable to create TLSA records in an unsigned zone.
NIOS-73103 Major Enabling port redundancy resulted in unresponsive DNS queries and ICMP
requests.
NIOS-73022 Major A fix for the set reset_rabbitmq CLI command was required so that a root
session is avoided.
NIOS-72729 Major After a NIOS upgrade, some domains were resolved with an increase in latency.
NIOS-72698 Major The DTC health check failed because multiple search heads responded to port
TCP 9185.
NIOS-72652 Major Splunk instances failed to recognize timestamps that started from 1st January,
2020.
NIOS-72637 Major Running the show rpz_recursive_only command resulted in a buffer
overflow.
NIOS-72614 Major The set transfer_supportbundle and set traffic_capture
transfer commands allowed root access.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-72483 Major Under certain circumstances, a NIOS Microsoft DHCP servers synchronization
changed the load balance split of the Microsoft failover association.
NIOS-72415 Major The set hotfix CLI command allowed reverse shell access to NIOS.
NIOS-72403 Major Running the set certificate_auth_services CLI command may have
caused memory corruption.
NIOS-72402 Major Running the set admin_group_acl CLI command may have caused memory
corruption.
NIOS-72351 Major Multiple records for the same IP address behind the home gateway (CPE) were
not obtained.
NIOS-71665 Major Subscriber services was logging a report of all guests irrespective of whether
their CPE had the opt-in policy or not.
NIOS-71660 Major The RADIUS messages updated both the proxy addresses and the double proxy
entries.
NIOS-71398 Major The default host name policy did not allow wildcard A records with a second
label to be created.
NIOS-71330 Major Threat analytics log files filled up disk space up to 100%.
NIOS-71298 Major External notify messages were dropped by Software ADP.
NIOS-71217 Major DTC load balancing did not work as expected with DNSSEC.
NIOS-71197 Major A NIOS upgrade generated many log messages.
NIOS-71192, Major When DCA was enabled on a DNS server, the infoblox-dtc-enable yes line
NIOS-71185 was removed from the DNS configuration and the status of the hosts in the pool
was displayed as Unlicensed in the DTC LBDN Visualization window (Health
check).
NIOS-71163 Major DNS Cache Acceleration responses that were over 512 bytes did not work as
expected.
NIOS-71155, Major A NIOS restart triggered by Smart NIC caused Grid members to repeatedly go
NIOS-71142 offline.
NIOS-71107 Major Under certain circumstances, a bunch of SNMP alerts were generated.
NIOS-71086 Major Unable to increase the maximum concurrent transfers to a value higher than
100.
NIOS-70989 Major Reporting volume usage thresholds and their associated banners were incorrect
for single and multiple site clusters that have perpetual licenses.
NIOS-70968 Major An upgraded Grid member displayed the Warning status after subscriber services
was enabled.
NIOS-70955 Major The show subscriber_secure_data command closed the SSH connection to
the server.
NIOS-70832 Major The DNS service stopped responding till a manual service restart was performed.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-70809 Major When trust anchors were added during DNSSEC validation, the Responses must
be secure option was automatically enabled.
NIOS-70767 Major A Splunk REST API request did not work after a password change.
NIOS-70765 Major Adding a new zone caused Grid Manager to be slow.
NIOS-70729 Major After a NIOS upgrade, health checks did not work as expected.
NIOS-70726 Major Under certain circumstances, an IB-1410 member restarted unexpectedly.
NIOS-70713 Major The set promote_master CLI command did not query about the primary
reporting site candidates while promoting the Grid Master Candidate.
NIOS-70633 Major Unable to add an IP address ending with 255 in the Virtual TFTP Root screen.
NIOS-70619 Major During a NIOS upgrade, the internal version was displayed.
NIOS-70604 Major Unable to delete DS records using WAPI although they can be deleted using
PAPI.
NIOS-70588 Major Core files were generated and subsequent HA failovers occurred after viewing a
DHCP range.
NIOS-70579 Major The service status of all sub-grids flapped between online and offline after the
Grid connected to Multi-Grid Master.
NIOS-70569 Major Unable to import LBDN records using CSV import.
NIOS-70557 Major Removing system generated records also removed shared delegate records thus
causing an outage.
NIOS-70502 Major DHCPv6 lease affinity did not use both DUID and IAID to map clients to leases.
NIOS-70473 Major Both the Grid Master and Grid Master Candidate on which the DHCP service was
running experienced high swap usage.
NIOS-70116 Major AD authentication for a nested group query failed for a canonical name that
contained commas.
NIOS-69306 Major The wrong certificate was displayed when connecting to the Splunk API.
NIOS-69093 Major Access to Grid Manager was lost after emptying the Recycle Bin.
NIOS-68414 Major Sending DNS queries to IPv6 link local addresses displayed several log messages.
NIOS-67706 Major After a NIOS upgrade, the DNS restart went into a loop due to DTC configuration
issues.
NIOS-67601 Major Delay in communication between the Grid Master and members caused a
bottleneck in recovery.
NIOS-67266 Major When trying to sign a zone, an error message was displayed.
NIOS-67158 Major The DNS service crashed and numerous core files were generated.
NIOS-66478 Major Disk usage of Grid Master consistently increased.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-65838 Major After enabling the LAN2 port on the vNIOS HA Grid Master, an error message was
displayed after a forced HA failover.
ID Severity Summary
NIOS-72768 Minor The Infoblox Installation Guide for 1405 appliances incorrectly stated that the
power LED glows green when there is power to the appliance.
NIOS-72410 Minor NIOS inserted backslashes when passing the fixed line ID for MAC address
formats.
NIOS-72376 Minor When merging rulesets, NIOS was stuck and a Java exception message was
displayed in the infoblox.log file.
NIOS-71030 Minor Time zone changes related to Daylight Savings Time were not correctly
computed.
NIOS-70873 Minor The reporting service restarted every 30 minutes after a NIOS upgrade.
NIOS-70808 Minor Inheritance of DHCP threshold email settings at the network level did not work
as expected.
NIOS-69311 Minor HA failover occurs when a smart folder is created and the smart search “VLAN ID
- has a value” is assigned to it.
Fixed in NIOS 8.3.6
ID Severity Summary
NIOS-70331 Critical Under certain circumstances, DNS Forwarding Proxy did not work on NIOS.
NIOS-70274 Critical Under a rare circumstance, upgrading NIOS offline Grid members resulted in an
error message being displayed.
NIOS-70222 Critical Certain DHCP fingerprint issues could cause Grid members to lose connection to
the Grid Master during an upgrade.
NIOS-69742 Critical Under certain circumstances, modifying the configuration of a Grid member
took longer than 10 minutes.
NIOS-69711 Critical The certificate authentication service could be bypassed by clicking Cancel
when the browser prompted for the certificate.
NIOS-69374 Critical Under certain circumstances, idns_resign_daemon was triggered every hour
even when there was no DTC license installed in the Grid.
NIOS-69372 Critical Under certain circumstances, Grid Manager restarted every 15 minutes.
NIOS-69052 Critical Under a rare circumstance, the system swap space usage exceeded the critical
threshold value on a Grid Master Candidate.
NIOS-67997 Critical Under a rare circumstance, all services on a Grid Master kept restarting every 10
minutes.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
ID Severity Summary
NIOS-70434 Major An HA Grid member went offline when the Threat Protection monitoring mode
was disabled.
NIOS-70392 Major Under certain circumstances, in an HA setup, the passive node restarted
randomly.
NIOS-70356 Major Unable to upload the NIOS upgrade executable when Online Certificate Status
Protocol (OCSP) was enabled.
NIOS-70108 Major The DNS integrity check failed when the zone was DNSSEC-signed.
NIOS-70091 Major After an LBDN object was modified, the DTC server responded with only an SOA
response.
NIOS-70085 Major Under certain circumstances, the HA pair of a Grid Master Candidate failed to
upgrade.
NIOS-70081 Major Pre-provisioned members were generating multiple hits on non-subscriber RPZs.
NIOS-69980 Major Logic filters created within the DHCP range template were not dynamically
inherited by another DHCP range template.
NIOS-69929 Major Under certain circumstances, a NIOS upgrade failed on multiple members of a
Grid.
NIOS-69898 Major The Threat Analytics service kept restarting on a Grid member.
NIOS-69883 Major Reporting for Subscriber Services categories was done with the CNAME instead of
the original FQDN name.
NIOS-69860 Major The DNS service did not start on a HA Grid Member after the DTC configuration
change was applied.
NIOS-69859 Major Under certain circumstances, Zone-Signing Key (ZSK) rollovers did not take place
as scheduled.
NIOS-69857 Major Unable to send reporting traffic over the configured interface.
NIOS-69855 Major Under certain circumstances, the Border Gateway Protocol (BGP) advertised
default route for IPv6 was not accepted.
NIOS-69785 Major The DNS integrity check did not account for the fact that DNS is not case-
sensitive when performing the check.
NIOS-69759 Major Under certain circumstances, unable to create an A record using Grid Manager.
NIOS-69745 Major The DDNS update returned servfail responses for dynamic records.
NIOS-69734 Major The DNS Object Count Trend for Flex Grid License and DNS Effective Peak Usage
Trend for Flex Grid License reports did not display data for all the days.
NIOS-69712 Major The CSV import had to be divided into multiple files to avoid errors.
NIOS-69677 Major The SNMP trap generated by the set snmptrap command did not include the
system uptime or timeticks.
NIOS-69651 Major High CPU usage on Grid Manager caused a HA failover.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-69578 Major Pending changes under the View Pending Changes tab were not logged in the
audit log files.
NIOS-69574 Major An Azure vDiscovery task was stuck in the "Job in progress" state even after the
member was back online.
NIOS-69519 Major A newly configured LDAP authentication for remote admins failed.
NIOS-69499 Major Under certain circumstances, running the set dns transfer command
displayed an error message.
NIOS-69488 Major DNS Forwarding Proxy on NIOS did not forward queries to BloxOne Threat
Defense Cloud for resolution.
NIOS-69451 Major After a NIOS upgrade, ADP and DNS forwarder events were not posted on Cisco
ISE.
NIOS-69412 Major On a standalone system, if an OSPF authentication key was used, you had to re-
enter the key each time you changed the system properties or even if you just
opened and saved or closed it.
NIOS-69377 Major A new resource record was successfully created using WAPI without adding the
required extensible attribute even though the extensible attribute was marked
as required in Grid Manager.
NIOS-69307 Major Authentication nested group query failed if the Active Directory user canonical
name contained parenthesis ().
NIOS-69248, Major A HA failover took hours to synchronize and synchronization of DDNS updates to
NIOS-69239 the database was very slow.
NIOS-69236 Major Experienced a DHCP outage after a passive failover.
NIOS-68431 Major The HA failover took hours to synchronize and the synchronization of DDNS
updates to the database was very slow.
NIOS-68294 Major The WAPI did not retrieve networks associated with an Active Directory site that
had an associated network container.
NIOS-68277 Major The response content check for the DTC HTTPS health monitor did not work as
expected.
NIOS-68257 Major The reporting server did not retain data for the required length of time.
NIOS-67827 Major RabbitMQ transport for networkusersynccontrol stopped and did not restart.
NIOS-67681 Major Under certain circumstances, an unexpected smart NIC card reset was
experienced.
NIOS-67642 Major The SNMP engine ID of an appliance changed when the backup was restored
from a different appliance.
NIOS-66275 Major The CVE-2018-10239 vulnerability was fixed.
NIOS-65279 Major Under certain circumstances, the PT-1400 appliance disconnected from the Grid
Master and later restarted.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
ID Severity Summary
NIOS-70099 Minor The Threat Protection Status for Member widget displayed incorrect data when
the screen was refreshed.
NIOS-70179 Minor If you selected a string containing the & character as a value for the Used by
extensible attribute, NIOS displayed an error.
NIOS-69870 Minor After NIOS was upgraded, the Reporting > Events tab was missing information
related to Parental Control.
NIOS-69776 Minor The SNIC threshold for dropping ICMP packets needed to be lowered.
NIOS-69754 Minor The NIOS documentation was missing information about available memory of TE-
4015 and TE-4025 appliances.
NIOS-69749 Minor The NIOS documentation did not contain information about the background color
of Threat Protection profiles.
NIOS-69663 Minor Inheritance from Grid to member did not work for the Enable GSS-TSIG
authentication of clients option.
NIOS-69518 Minor The NIOS documentation needed detailed information about the Allow multiple
values check box.
NIOS-69176 Minor The automatic policy conversion example illustrated in the NIOS documentation
was not logically correct.
NIOS-69105 Minor The Used % column for the Device report category displayed 100 even though
the Device category was unused.
NIOS-69376 Minor The CSV export did not export all the members during a Grid upgrade.
NIOS-67921 Minor When creating rules in IPv4 option filters, the “An invalid value was entered”
error message was displayed.
NIOS-67457 Minor Under certain circumstances, unable to upload the SSL certificate and the “The
certificate already exists.” error message was displayed.
Fixed in NIOS 8.3.5
ID Severity Summary
NIOS-70222 Critical Certain DHCP fingerprint issues could cause Grid members to lose connection to
the Grid Master during an upgrade.
Fixed in NIOS 8.3.4
ID Severity Summary
NIOS-69571 Critical In a specific rare condition, the DNSSEC ZSK rollover operation may be ignored
by the DNS service causing DNS data inconsistency.
SPPC-1003 Critical Under certain circumstances, subscriber policies returned incorrect subscriber
policy information when network entries were used.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
ID Severity Summary
NIOS-69608 Major Under certain circumstances, the 100 GB reporting subscription license did not
work.
NIOS-69398 Major The cloud-init template did not work in Microsoft Hyper-V instances.
NIOS-67233 Major The CVE-2018-5391 and CVE-2018-5390 vulnerabilities were fixed.
ID Severity Summary
NIOS-69609 Minor The NIOS documentation contained an incorrect report category for the DNS
Object Count Trend for Flex Grid License report.
NIOS-69395 Minor Infoblox has upgraded the DHCP fingerprint file in the NIOS database.
Fixed in NIOS 8.3.3
ID Severity Summary
NIOS-69173 Critical In the Restart Grid Services dialog box, the Restart Grid Services If needed
option did not work as expected.
NIOS-68297 Critical On clicking the Test SNMP button, NIOS did not send a trap.
NIOS-68005 Critical Under certain circumstances, some virtual appliances went offline.
NIOS-67856 Critical Multiple BIND reloads occurred after the DNS service was restarted.
NIOS-67815 Critical Under certain circumstances, LAN1 and MGMT ports experienced lost or
intermittent connectivity.
NIOS-67673 Critical Deleting zones using CSV import took a long time and caused Grid Manager to
slow down.
NIOS-67643 Critical Several Grid members displayed high swap utilization in Grid Manager.
NIOS-67573 Critical Pinging the virtual IP address of an HA pair of IB-FLEX members after an HA
failover caused intermittent failures.
Critical The DNS Cache Acceleration service stopped and restarted because of a false
NIOS-67439
alarm.
Critical Executing the set reset_reporting_backup_restore_state command
NIOS-67393
caused a database violation.
Critical NTP syslog messages were generated when Grid Master was converted to a IPv6
NIOS-67270
only Grid.
NIOS-67202 Critical Adding an IPv6 static route using the WAPI failed with an error message.
ID Severity Summary
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-69220 Major Under certain circumstances, the DHCP fingerprint filter did not works as
expected.
NIOS-69026, Major DTC objects took a long time to load.
NIOS-67523
NIOS-68385 Major Core files were generated when the external syslog server was being configured
with a certificate.
NIOS-68064, Major Pre-provisioned subscribers were hitting non-subscriber RPZ rules at random.
NIOS-68058
NIOS-67884, Major In Network Insight, the Pao Alto Networks series did not contain the IP Address
NIOS-67338 table and the CLI Route table.
NIOS-67852 Major Empty DNS views were being deleted after synchronizing with AWS Route 53.
NIOS-67811 Major The SNMP service did not respond to SNMP queries.
NIOS-67750 Major The DHCP > Networks > Shared Networks tab displayed a timeout error
message.
NIOS-67705 Major Scheduled emails were not sent for the CPU Utilization Trend report.
NIOS-67676 Major The DNS service status, Threat Protection status, and reporting status of a DNS
member that has Unbound configured displayed as offline.
NIOS-67613 Major An LBDN object created using topology rules responded with the default
destination for all queries.
NIOS-67564 Major NIOS experienced an DNS outage when some routers were upgraded.
NIOS-67526, Major Unable to specify the host name in the FQDN field when creating a TLSA record.
NIOS-67509
NIOS-67518 Major Full reporting backups instead of incremental backups were performed.
NIOS-67489 Major Unable to create a subzone and returned an error message.
NIOS-67482 Major Grid Manager was not synchronized after the hardware for the passive node was
replaced.
NIOS-67470 Major Unable to restore an external DNS view from the Recycle Bin.
NIOS-67465 Major After NIOS was upgraded to version 8.3.0, Consolidators did not work because of
repetitive long running queries.
NIOS-67438 Major The disk size on Grid Manager was at 99% on both the active and passive nodes
thus causing Grid Manager to be unresponsive.
NIOS-67430 Major Unable to create a zone because the "0" hextet was present in member's DNS
view IPv6 address.
NIOS-67104 Major Some DHCP options that were defined in a template with Microsoft failover
association were are not visible in the DHCP range.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
ID Severity Summary
NIOS-69162 Minor Dynamic blocking servers for Subscriber Services allowed browsers to cache
content.
NIOS-67855 Minor TTL updates using a zone replication queue resulted in a broken file.
NIOS-66946 Minor DHCP failover logs displayed an incorrect lease count.
Fixed in NIOS 8.3.2
ID Severity Summary
NIOS-67665 Critical Under certain circumstances, the Cloud Platform member in the Grid went
offline.
NIOS-67620 Critical DNS anycast addressing failed to resolve on multiple IPv6 addresses on multiple
appliances.
NIOS-67521 Critical If the same zone was listed twice in the Trust Anchors area and the Response
must be secure check box was selected for both the zones, the named.conf file
displayed a syntax error message.
NIOS-67462 Critical Host systems running on AWS did not display additional addresses added on the
loopback interface.
NIOS-67383 Critical If the NIOS AWS instance was attached to a Virtual Private Cloud for which the
DNS resolution was set to “Yes,” the DNS resolver on the NIOS appliance was
overwritten.
NIOS-67379 Critical On certain occasions, the DNS service did not start on a new virtual DNS server.
NIOS-67147 Critical Unable to ping LAN1 and MGMT after DNS Cache Acceleration (DCA) was
enabled.
ID Severity Summary
NIOS-67533 Major The NIOS documentation did not contain information about restrictions for
configuring VLAN for NIOS.
NIOS-67497 Major DNS recursion failed when ADP (Infoblox Advanced DNS Protection) was turned
on.
NIOS-67492 Major Inconsistent ADP behavior was observed among appliances with vADP and PT
appliances for certain DNS queries.
NIOS-67465 Major The Consolidator took a long time to process subscriptions.
NIOS-67241 Major Under specific circumstances, no data was displayed on the Network Users tab
of Grid Manager after an upgrade.
NIOS-67177 Major CSV import took a long time to execute.
NIOS-67101 Major After NIOS was upgraded to version 8.3.0, Grid Manager displayed the “The
Selection object could not be found” error message on the Devices tab.
NIOS-66843 Major Disabled authoritative DNS zones broke root delegation.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-66347 Major The HA failover took a long time to synchronize.
ID Severity Summary
NIOS-67617 Minor The default value of tcp-client was incorrectly documented in the NIOS
documentation.
NIOS-67553 Minor The NIOS documentation did not contain information about the permission
required for the AD user to send secure DDNS updates.
NIOS-67112 Minor Extremely large zone transfers resulted in corrupted files or termination of the
server process.
NIOS-67055 Minor NIOS documentation did not contain information about the actual indexing
capacity of the IB-1405 VM.
Fixed in NIOS 8.3.1
ID Severity Summary
NIOS-67300 Critical One of the members in a Grid was frequently displayed as offline in Grid
Manager.
NIOS-67251 Critical Both the nodes in a NIOS HA setup displayed error messages in Grid Manager and
the debug log files were full of “PANIC” messages.
NIOS-67171 Critical Unable to resolve DHCP options that were set to use the anycast IP address.
NIOS-67164 Critical Documentation about the ALIAS target name not pointing to a CNAME record did
not exist.
NIOS-67045 Critical When adding a CAA record, the Name field was a mandatory field.
NIOS-67040 Critical A hotfix to resolve the preferred time calculation issue functioned only in IPv6
allocation, but not in prefix delegation.
NIOS-66829 Critical The preferred lifetime value was not being correctly calculated after NIOS was
upgraded to version 8.2.4.
NIOS-66384 Critical Even though the preferred lifetime and valid lifetime were configured, the
lifetime values were always displayed as zero (0) for renew requests.
ID Severity Summary
NIOS-67288 Major DNS traffic was interrupted because of the “EARLY DROP UDP query multiple
questions or non query operation code" ADP rule.
NIOS-67241 Major After upgrading to NIOS 8.3.0, no data was displayed on the Network Users tab.
NIOS-67178 Major vDiscovery did not discover only authoritative zones.
NIOS-67154 Major The SSL certificate did not synchronize with the passive node of the Grid Master
in an HA environment.
NIOS-67124 Major Grid Manager timed out when you tried to navigate to the Data Management ->
DNS, Query Monitoring tab.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-67119 Major Enabling DNS query capture caused the disk to fill up with data.
NIOS-67113 Major DNSSEC validation did not work when Unbound was used as the DNS resolver.
NIOS-67110 Major Unable to view data in the Cloud -> Tenants -> VMs tab.
NIOS-67105 Major Subzones that were deleted in the Amazon Route 53 environment were still
visible in Grid Manager even after a synchronization.
NIOS-67091 Major CSV imports using the NIOS API failed when more than one file was in the
uploaded state.
NIOS-67088 Major The DNS service was affected by DHCP restarts after NIOS was upgraded to
version 8.2.6.
NIOS-67073 Major All the licenses were removed from the reporting server when a wrong command
was used to reset the reporting license and the reporting server was restarted.
NIOS-67026 Major Unable to perform a CSV import using the API when more than one file was
already in the uploaded state.
NIOS-66986 Major Unable to open a custom RPZ zone with approximately 250000 to 300000
entries.
NIOS-66942 Major The API connection limit needed to be increased.
NIOS-66869 Major Unable to use the reporting API without first logging on to the NIOS UI.
NIOS-66799 Major DTC objects took a long time to load and in certain circumstances, Grid Manager
did not respond.
NIOS-66793 Major The Grid Manager -> Members tab did not display data.
NIOS-66746 Major DHCPDISCOVER did not handle prefix length mismatches correctly.
NIOS-66705 Major Using the View Threat Context option displayed an error message.
NIOS-66268 Major A Grid member went offline.
NIOS-65718 Major After NIOS was upgraded to version 8.2.1, the DNS service stopped working
because of a DTC health check failure.
NIOS-65716 Major HA members in a Grid did not send reporting data to the reporting server.
NIOS-65586 Major IPAM permission on a network did not work if the host object was not attached
to a DNS.
ID Severity Summary
NIOS-67250 Minor Although the DNS Statistics widget displayed a 12 minute timeframe for the
cache hit ratio, the line graph displayed only 6 minutes of data.
NIOS-67116 Minor Automatic conversion of unmanaged IP addresses did not work if the
discovered_name variable contained an IP address with an FQDN.
NIOS-67018 Minor The DNS service went into a restart loop and Grid Manager displayed an error
message.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-66985 Minor Unable to perform a CSV import because of an issue with the
basic_polling_settings field.
NIOS-66947 Minor Enabling read-only API access displayed an error message.
NIOS-66864 Minor Grid Manager did not respond and the swap area used was very high.
NIOS-66608 Minor The option to install the DTC license in TE-810 and TE 820 appliances needed to
be removed.
NIOS-65948 Minor Unable to upload MIB files because of a lack of white space in the IB-TRAP-
MIB.txt file.
NIOS-64879 Minor The is_multimaster field did not work as expected when using the WAPI.
Fixed in NIOS 8.3.0
ID Severity Summary
NIOS-66953 Critical The Discovery service was down and the network consolidator displayed 100%
status.
NIOS-66548 Critical Under certain circumstances, DNS Cache Acceleration prevented RPZs for
Infoblox Subscriber Services.
NIOS-66358 Critical The “LAN2 port link is down. Please check the connection.” message was
displayed in Grid Manager even though LAN2 redundancy was disabled.
NIOS-66326 Critical Under specific situations, a high count of queries per second utilized a lot of
CPU.
NIOS-66266 Critical The NIOS documentation did not contain a recommendation about not running
DTC on the TE-810 and TE-820 appliances.
NIOS-66226 Critical The NIC Usage field in the System Activity Monitor widget displayed incorrect
data for HA members.
NIOS-66213 Critical Unable to sign the zone with DTC LBDN. Without DTC LBDN, the zone could be
signed but the DTC LBDN record could not be added.
NIOS-66205 Critical Under specific circumstances, Microsoft sites were not synchronizing properly.
NIOS-66203 Critical The index storage space used by a reporting index and displayed in the Used%
column was not updated with the indexed data.
NIOS-66135 Critical The data in the Used% column did not increment for reporting data.
NIOS-66079 Critical Unable to route VPN traffic through the MGMT port on an AWS member.
NIOS-66065 Critical The “SNMP MIB Hierarchy” topic in the NIOS documentation referenced a broken
URL.
NIOS-66061 Critical Documentation about reverting a member in an upgrade group in the “Upgrading
NIOS Software” section was unclear.
NIOS-65924 Critical After NIOS was upgraded to version 8.2.3, the interface IP address was changed
to the NAT group IP address in the named.conf file, causing the zone transfer to
fail.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-65879 Critical A Grid member unexpectedly disconnected from the Grid.
NIOS-65854 Critical Unable to convert multiple unmanaged networks to managed networks.
NIOS-65766 Critical NXDOMAIN queries were not sent to the upstream DNS server until the expired
timeout period lapsed.
NIOS-65559 Critical The LED lights on the IB-1400 appliances were on even though the Hardware
Identify icon in the NIOS UI displayed the status as off.
NIOS-65532 Critical The DNS service was interrupted on IB-4030 appliances.
NIOS-65347 Critical DNS service issues occurred on IB-4030 appliances.
NIOS-65221 Critical The DHCP MAC filter did not work after a hotfix was applied.
NIOS-65192 Critical Unable to apply the Reporting Reset license.
NIOS-65179 Critical Configurations made using IPAM tools took a long time to reflect.
NIOS-65154 Critical The DHCPv6 service was unresponsive and DHCPv6 log files were not visible on
the appliance.
NIOS-65101 Critical Microsoft AD synchronization failed when the Microsoft site was deleted leaving
an unassociated subnet.
NIOS-65095 Critical Unable to assign a managing member to a Microsoft server and an error message
was displayed.
NIOS-65091 Critical Unable to delete a name server group that was created for stub zones or
forward zone even though it was not assigned to any member.
NIOS-65037 Critical The DNS service restarted in a loop and a fatal error message was displayed in
the infoblox.log file.
NIOS-64942 Critical DHCP fingerprinting did not work on certain printers.
NIOS-64982 Critical An unexpected HA failover occurred after the set_dns_autogen command was
executed.
NIOS-64966 Critical The CSV Reference documentation did not contain information about the
delegation name server group.
NIOS-64873 Critical Applying filters on an IPv6 IPAM network caused the NIOS UI to time out.
NIOS-64834 Critical Under certain circumstances, PT-1400 appliances restarted and rebooted in all
the Grids.
NIOS-64798 Critical In specific configuration, AWS vDiscovery might not function properly.
NIOS-64769
NIOS-64771 Critical DTC objects took longer than expected to load.
NIOS-64632 Critical Running the install.sh script did not remove upgrade_mode for non-lite
upgrades.
NIOS-64571 Critical Running an AWS vDiscovery tasks slowed down the performance of the NIOS UI.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-64533 Critical Using the Enable remote lookup for user membership option matched the User
Principal Name (UPN) with the same account name rather than the user’s
principal name.
NIOS-64462 Critical In an HA mode, the passive node reported that its disk was 85% full because of
reporting data.
NIOS-64410 Critical BGP restarted unexpectedly when the DNS service restarted.
NIOS-62601 Critical The NIOS documentation did not have clear information about the set
interface CLI command.
NIOS-51444 Critical When adding a new device to a Grid, the “Duplicate object of type
'physical_node' already exists in the database” error message was displayed.
ID Severity Summary
NIOSSPT-7613 Major The AAAA/A proxy server response TTL settings for Infoblox Subscriber Services
needed to be 5 seconds.
NIOS-67056 Major The CVE-2018-5732 and CVE-2018-5733 vulnerabilities were fixed.
NIOS-66998 Major The NIOS-66243 issue was not documented in the "Resolved Issues" section of the
NIOS 8.3.0 Release Notes.
NIOS-66982 Major The NIOS documentation specified an incorrect format for expire_time for MAC
addresses.
NIOS-66872 Major On the IB-FLEX appliance, sometimes the disk usage was reported at 100% and
NIOS-66862 the system crashed.
NIOS-66871 Major Sometimes, performance testing on the Subscriber Services features displayed a
high error rate.
NIOS-66801 Major The IPv4 and IPV6 proxy server response Time To Live (TTL) settings for Infoblox
Subscriber Services needed to be increased to 5 seconds.
NIOS-66772 Major Addressed the following vulnerability:
CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at
the Linux kernel version 3.4 and up to and including 4.15 had an integer-
overflow vulnerability allowing local users with access to the udldrmfb driver to
obtain full read and write permissions on kernel physical pages, resulting in a
code execution in kernel space.
NIOS-66739 Major Under certain circumstances, end host interfaces and VLAN information were
missing.
NIOS-66726 Major The HTTP trace method was still working when Captive Portal was enabled.
NIOS-66715 Major Symantec files were not deleted from the Grid Master candidate even though
they were deleted from the Grid Master.
NIOS-66682 Major A separate ruleset was required for the subscriber cache replication of TCP
traffic.
NIOS-66674 Major A DTC pool configured with the All Available load balancing method did not
return results in a specific order.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-66671 Major A CSV import of many networks caused the Grid Master to crash.
NIOS-66669 Major Using the Allow Underscore host name policy created a discrepancy between the
NIOS UI and the Hostname Compliance report.
NIOS-66590 Major The mail_daemon utilized a lot of CPU.
NIOS-66587 Major OpenSSH needed to be upgraded from version 6.4p1 to version 7.7p1.
NIOS-66547 Major DHCP returned an inappropriate prefix to a client when the client moved from
one subnet to another.
NIOS-66535 Major The NIOS performance was affected when view=internal was included in a
WAPI call.
NIOS-66490 Major Adding an authoritative zone caused the Grid Master to crash.
NIOS-66480 Major Swapping hardware appliances in a Grid and then changing the host names
created several issues.
NIOS-66465 Major The IP address was not pre-populated when trying to create a fixed IP address
with a template.
NIOS-66395 Major The option to create an external primary server as “stealth” was confusing.
NIOS-66366 Major A newly created network did not inherit the DDNS domain name configuration
from an existing DHCP network container.
NIOS-66361 Major LBDNs responded with an SOA response even when the health monitors displayed
a green status.
NOS-66345 Major OpenSSH version 6.4p1 was vulnerable to CVE-2016-10708.
NIOS-66340 Major Unable to view extensible attributes for some network containers.
NIOS-66333 Major When a DTC topology was created using WAPI, NIOS displayed an error message.
NIOS-66331 Major There was a discrepancy between the WAPI output and a DTC topology rule
created in the NIOS UI.
NIOS-66291 Major The NIOS documentation had unclear information about exact matches or
subdomain matches for the FQDN specified in a rule.
NIOS-66288 Major Reboot of an AWS member changed its hardware ID.
NIOS-66267 Major After upgrading to NIOS version 8.2.3, IP addresses and networks added to
named ACLs were not visible in the named.conf file of the Grid members.
NIOS-66263 Major Many devices under the IPAM tab were missing connected port and device
details even though these details were available on the Assets tab.
NIOS-66233, Major Amazon Route 53 synchronization for specific AWS groups stopped after
NIOS-66159, encountering an Uniqueness Violation error in the log files.
NIOS-64881
NIOS-66231, Major Pending changes were listed when a Restart Services operation was attempted.
NIOS 65442,
NIOS-64537
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-66230 Major Under certain circumstances, disk usage steadily increased for a Grid Master
candidate.
NIOS-66228 Major Infoblox reports displayed error messages.
NIOS-66221 Major Unable to move entries from mitigation RPZ to whitelist.
NIOS-66206 Major Unable to use the Traffic Capture tool from the NIOS UI and the Grid Master was
unresponsive.
NIOS-66204 Major A network container under IPAM took a long time to load.
NIOS-66200 Major The Device Interface Inventory report displayed incorrect interface VLAN data.
NIOS-66166 Major A reboot of an AWS member changed its hardware ID.
NIOS-66163 Major A “Network interface card temperature is above threshold” trap was received
for the smart NIC card.
NIOS-66162 Major Unable to sign zones using Thales HSM with key sizes larger than 1024 bits.
NIOS-66148 Major Creating a DTC pool using the API displayed an error message.
NIOS-66146 Major Captive Portal did not start when a 4096 byte key size was used for the SSL
certificate.
NIOS-66136 Major A large replication queue on Grid members caused DNS discrepancies.
NIOS-66127 Major Extensible attributes for some network containers were not displayed.
NIOS-66121 Major The NIOS documentation did not mention information about ibSnicCore in the
“SNMP MIB Hierarchy” topic.
NIOS-66119, Major The DNS fault tolerant cache feature encountered when an A record was
NIOS-66118 converted to a CNAME record.
NIOS-66093 Major Certain read-only devices required route and ARP CLI commands.
NIOS-66071 Major Under certain circumstances, when NIOS was upgraded from version 7.3.8 to
8.1.6, the NIOS UI displayed the following error message:
"Forwarder is running but it failed to connect to none of the indexers”
NIOS-66069 Major The Infoblox DNS Cache Acceleration Administrator Guide did not contain
information about the set dns transfer, set monitor dns, and show
monitor dns commands being disabled on certain appliances that have an
active DNS Cache Acceleration license.
NIOS-66060 Major When zone associations were added to a network using WAPI, the WAPI call
returned a server error message.
NIOS-66054 Major An expert mode CLI command was required that captures rndc logs to the log
file.
NIOS-66046 Major Unable to configure the IPv6 Grid Master in HA mode by using the set network
CLI command.
NIOS-66037 Major After upgrading to NIOS version 8.2.2, unable to add a dot to the Strict
Hostname Checking policy.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-66015 Major Infoblox reports did not send scheduled reports.
NIOS-66005 Major A DNS Grid member that had Subscriber Services enabled, rebooted thus
generating a large number of RPZ hits.
NIOS-65988 Major Managed networks were displayed in a grey background which indicated that
they were not managed.
NIOS-65985 Major The NIOS documentation did not contain information about the session timeout
not being honored for those features that support auto refresh.
NIOS-65975 Major Pending changes were still visible when services were restarted.
NIOS-65959 Major The active node of an HA pair hung and needed to be rebooted.
NIOS-65950 Major CNAME records were not selected by default when you tried to create a new
LBDN.
NIOS-65947 Major When name server groups were updated, some zones using the name server
groups did not increment their SOA serial number.
NIOS-65936 Major SNMP traps were dropped because of an engine mismatch.
NIOS-65934 Major Unable to create real time alerts in Infoblox Reporting.
NIOS-65931 Major The infoblox.log file was flooded with check_duplicate and print_vector
messages.
NIOS-65892 Major Unable to stop or cancel an ongoing CSV export job.
NIOS-65877 Major A database connection issue occurred when Network Insight was downgraded.
NIOS-65860 Major Microsoft Active Directory sites were not visible in the NIOS UI.
NIOS-65828 Major AD authenticated scheduled reports did not run after initially completing
successfully.
NIOS-65817 Major IB-820 appliances exceeded disk space thresholds and the disk was filled with
core files.
NIOS-65804 Major NIOS users who belonged to certain groups were unable to log on to the NIOS UI
and some of the admin group permissions could not be viewed.
NIOS-65777 Major The network inherited the Grid settings and not the container settings and the
wrong threshold settings were displayed in the email.
NIOS-65751, Major After upgrading to NIOS version 8.0.4, the UI performance slowed down.
NIOS 65731
NIOS-65730 Major Unable to delete user accounts.
NIOS-65719 Major After performing a HA failover, logging in to the NIOS UI using the default user
ID and password displayed an “Invalid log in” error message.
NIOS-65668 Major Under certain circumstances, a Grid Master VM crashed.
NIOS-65656 Major The default values for some Unbound parameters changed.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-65648, Major HA failover took a long time to synchronize.

NIOS-65629,
NIOS-65628
NIOS-65631 Major DNS members did not respond to the queries and therefore caused an outage.
NIOS-65630 Major When the vNIOS license expired, Grid members were displayed as being offline.
NIOS-65615 Major The reporting service flipped from VIP to LAN1 even though the forwarding
report traffic was selected as VIP.
NIOS-65602 Major One of the Grid members was offline and both the HA nodes of an IB-4010
appliance were restarting all the time.
NIOS-65594 Major Unable to register a new Data Collector to the Grid.
NIOS-65590 Major Importing records into a zone using the Import Zone option displayed an error
message even if the IP address of the imported records matched the networks in
the Networks Association list.
NIOS-65579 Major Name server records were missing in the primary authoritative zone.
NIOS-65570 Major The View option in the toolbar did not work for DNS member properties.
NIOS-65555, Major The NSEC3 record for the delegated subzone was not removed thus causing
NIOS 65195 SERVFAIL errors.
NIOS-65552 Major Upgrading NIOS to version 8.0.4 slowed down the performance of the NIOS UI.
NIOS-65499 Major The client was not assigned the same IPv6 address when it rejoined the subnet.
NIOS-65449 Major The NXDOMAIN redirection feature was not available for IB-FLEX members.
NIOS-65423 Major The system memory in IB-4030 kept increasing.
NIOS-65382 Major Service interruptions occurred on a DNS member.
NIOS-65338 Major The Time To Live (TTL) settings for PTR records did not follow the TTL settings
of the host record.
NIOS-65335 Major DHCP did not start after a network container was deleted.
NIOS-65331 Major During a CSV import, SNMPv3 traps were parsed as SNMPv2 traps.
NIOS-65306 Major After upgrading NIOS to version 8.1.6, a Perl script did not produce the
expected output.
NIOS-65302 Major A value of 0 was returned for SNMPv3 traps.
NIOS-65278, Major The show network_connectivity command did not work.

NIOS-65153
NIOS-65277 Major After upgrading NIOS, RabbitMQ traffic was observed on an expected interface.
NIOS-65269 Major The IB-820 appliance restarted automatically.
NIOS-65233 Major Unable to connect to bloxTools after upgrading to NIOS version 8.0.10.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-65230 Major Unable to access the Grid Master UI when Microsoft synchronization was
enabled.
NIOS-65220 Major A NIOS instance with CNA enabled displayed an error message in the All Tenants
screen.
NIOS-65210, Major The Upgrade tab displayed an error message even though the NIOS upgrade was
NIOS-65205 successful.
NIOS-65204 Major The NIOS documentation did not contain information about the default option
when enabling automatic ruleset downloads.
NIOS-65202 Major DNS scavenging encountered issues and dynamically updated records were not
replicated to the Grid Master.
NIOS-65167 Major The Inactive IP Addresses report included active IP addresses.
NIOS-65157 Major After a NIOS upgrade, the DNS service hung and restarted in a loop.
NIOS-65126 Major DNS Cache Acceleration did not restart after the DNS service was stopped and
restarted.
NIOS-65105 Major Files of .key type were included in support bundles when the Files from the
previously installed NIOS version option was selected.
NIOS-65103 Major Unable to browse because of a bad UDP checksum error.
NIOS-65079 Major NIOS was restarting in a loop.
NIOS-65066 Major Unable to update TTLs on a zone using CSV or the NIOS UI.
NIOS-65052 Major Threat Analytics incorrectly detected domains and added them to the
blacklisted domains.
NIOS-65051 Major When NIOS was upgraded to version version 8.1.6, database initialization failed.
NIOS-65050 Major Unable to clear the reporting license violation.
NIOS-65048 Major When a zone was deleted completely and re-created, the recreated zones
contained auto-created A records from internal DNS members that were not part
of the name server group to which the zone was assigned.
NIOS-65036 Major The DNS service crashed and interrupted services.
NIOS-65024 Major RPZ did not work after the temporary RPZ license was removed and normal
member RPZ licenses were added.
NIOS-65021 Major Consolidator appliances displayed the “Discovery Consolidator service has
failed” error message.
NIOS-65008 Major The DHCP fingerprint filter did not work.
NIOS-65007 Major The Data Import Wizard did not work with Punycode zones.
NIOS-64992 Major The IPv6 static route that was configured using the NIOS UI did not reflect in the
CLI output.
NIOS-64970 Major A reporting scheduled backup job did a daily restore rather than a backup.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-64964 Major Device Support Bundles (DSBs) that were installed with MIBs took a long time to
synchronize.
NIOS-64952 Major Navigating to the IPAM tab in the NIOS UI displayed an error message.
NIOS-64953 Major After NIOS was upgraded to version 8.1.4, the DHCP client did not get IP
addresses.
NIOS-64945 Major When new virtual members were added to a name server group of an existing
DNS Grid, they went offline.
NIOS-64924 Major rmmod hung because the hypervisor was unresponsive.
NIOS-64923 Major Multiple core files were generated on the passive node when Cisco ISE was
enabled.
NIOS-64913 Major OpenSSL vulnerability CVE-2017-3735 was exposed.
NIOS-64899 Major The NIOS password was displayed in clear text in the audit log files.
NIOS-64887 Major Opening a support case using the NIOS UI displayed an error message.
NIOS-64886 Major When an external primary server was added to a name server group using the
API, the Use TSIG option was not checked in the NIOS UI.
NIOS-64869 Major The zone transfer setting as “None” had to be changed.
NIOS-64876 Major Route 53 DNS zones that were synchronized by a task were deleted and replaced
by new data when a different synchronization task was executed.
NIOS-64875 Major In NIOS versions 8.2.0 and later, adding a host record that contained a dot and a
hyphen under the Strict Hostname Checking policy displayed an error message.
NIOS-64874 Major Threat Analytics blocked domains and caused the services to be unreachable.
NIOS-64872 Major A database lookup flag was required to be enabled for CLI credentials.
NIOS-64832 Major When deleting exclusion ranges, ranges that were not selected to be deleted
were also deleted.
NIOS-64828 Major The Data Connector Release Notes and the Twiki presented conflicting
information about hardware specifications.
NIOS-64824 Major DHCP Discover caused HA failovers.
NIOS-64799 Major Unable to generate the correct CN in the exported CSR using the PAPI method.
NIOS-64780, Major Unable to perform vDiscovery for OpenStack using public endpoints.
NIOS-64736
NIOS-64779 Major Unable to add a Certificate Authority with the same issuer into a single CAS
group.
NIOS-64773 Major The host system tried to use IPv6 to access the LDAP servers, even though the
Connect through Management Interface option for LDAP was checked.
NIOS-64738 Major When IP addresses of name servers of delegated zones were modified in a
specific order, both old and new auto-generated A records were found in the
parent zone.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-64674 Major NTP did not work because the DNS service had restarted.
NIOS-64666 Major When NIOS was upgraded to version 8.0.6, the export-all.pl Perl script
timed out.
NIOS-64653 Major After upgrading to NIOS version 8.1.1, scheduled discovery did not work.
NIOS-64648 Major DHCP Discover restarted and caused HA failovers.
NIOS-64638 Major Searching for device assets such as MAC addresses took a long time to execute.
NIOS-64635 Major When a zone association to a shared record group was added, appliances
associated with the zone went offline.
NIOS-64623 Major Using WAPI to update a fixed address or a Microsoft reservation to include
custom DHCP options 66 and 67 did not synchronize with the Windows server.
NIOS-64602 Major DNS names that contain dots appeared in reverse order when searching a smart
folder.
NIOS-64589 Major The DNS Query Rate by Member report displayed a dip in the chart and did not
match the report in the NIOS UI.
NIOS-64562 Major The Grid Master was completely inaccessible because of the disk space usage
was 100%.
NIOS-64540 Major Zone transfers could be performed even though the Zone Transfers setting at
zone level was set to None.
NIOS-64513 Major The Threat Protection Status for Member and the Response Policy Zone (RPZ)
Status for Member dashboard widgets displayed incorrect statistics.
NIOS-64450 Major The SSH session crashed when running the traffic_capture command in
maintenance mode.
NIOS-64440 Major Network Insight log files were not included in the support bundle even though
the Discovery SNMP Logs option was selected.
NIOS-63998 Major The DHCP configuration file did not contain the zone configuration information
if the domain name was specified in upper case.
NIOS-64394 Major Importing host records in bulk using CSV import took a long time.
NIOS-64373 Major Queries for zones that were part of EDNS Client Subnet configuration were
cached in DNS Cache Acceleration.
NIOS-63998 Major When DDNS updates were enabled and a zone was authoritative, the DHCP
configuration file did not reflect the IP addresses of the primary servers in the
zone configuration if the domain name for the zone was in upper case.
NIOS-63947 Major Reverse zones that were automatically created did not have name server
records assigned to them from the default name server group.
NIOS-63940 Major The Grid Master candidate reached very high database capacity with majority of
the data related to the version_deleted_object type.
NIOS-63875 Major Revert of a single member failed.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-63866 Major Unable to access Infoblox reporting and the following error message was
displayed:
Your reporting license expired or you have exceeded your license limit too many
times.
NIOS-63799 Major A particular user was not assigned to the correct LDAP group when logging on to
the NIOS UI.
NIOS-63581 Major Vulnerabilities were detected in NIOS versions 7.x.
NIOS-63355 Major Renaming a host object discarded the change to related addresses.
NIOS-63322 Major Under certain circumstances, a forced HA failover failed.
NIOS-63153 Major False positives did not work as expected.
NIOS-63080 Major NIOS deleted DHCP options and reservations on a Microsoft failover association.
NIOS-62631 Major The TE-1410 appliance rebooted unexpectedly and generated “Re-generated 11
signatures" messages in the infoblox.log file.
NIOS-62611 Major DNS TCP connections were tracked.
NIOS-62460 Major The NIOS documentation contained references to “Network Automation” instead
of “NetMRI”.
NIOS-62307 Major Non-PT appliances had missing packets.
NIOS-62245 Major During a non-scheduled upgrade, some VM-820 members failed during the boot
up process.
NIOS-61851 Major Because of a vulnerability in the Linux kernel (CVE-2016-5195), an unprivileged
local user could gain write access to read-only memory mappings and thus
increase their privileges on the system.
NIOS-61697 Major Some VD-1400 vNIOS appliances used too much of disk space.
NIOS-57005 Major A scheduled upgrade did not take place in the defined order although the
Sequentially option was selected.
NIOS-54542 Major Modifying name server groups took a long time.
NIOS-66739 Minor VLAN information and attached interface for the end host was missing.
NIOS-66674 Minor The DTC All Available load balancing method did not return results in a given
order.
NIOS-66532 Minor The NIOS documentation did not contain information about the NIOS lockout
policy.
NIOS-66491 Minor The SNMP MIB documentation did not contain a description for
'ibOutboundWorkerFailed'.
NIOS-66489 Minor The NIOS documentation did not contain specific information about delegated
zones.
NIOS-66473 Minor The NIOS documentation mentioned a DHCP object as “option_logic_filter”
instead of “option_logic_filters”.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-66468 Minor Sometimes, a scheduled backup ran twice in the same hour.
NIOS-66406 Minor The BGP service did not restart when additional IP addresses were added.
NIOS-66392 Minor The NIOS documentation did not mention that the TFTP service is supported
only on LAN1 and MGMT interfaces.
NIOS-66388 Minor The View Pending Changes tab did not display modifications on network
objects.
NIOS-66299 Minor Forwarding entries for certain devices were not displayed.
NIOS-66243 Minor Addressed OpenSSL vulnerabilities CVE-2018-0733, CVE-2018-0739, and CVE-

2017-3738.
NIOS-66137 Minor The NIOS documentation contained information about rules that were not
present.
NIOS-66053 Minor When you entered a string of exactly 257 characters in the sysLocation field, an
error was not displayed despite the maximum number of characters allowed in
this field being 256.
NIOS-66011 Minor Earlier versions of the NIOS Release Notes mentioned a field as “Prefer LAN1
when available” whereas the actual field was Use LAN1 when available.
NIOS-66003 Minor The NIOS documentation mentioned an incorrect default value for the Resolver
queries timeout field.
NIOS-65979 Minor The CLI Collection Enabled field of the discovery status for a particular device
displayed the status as No even though the device had collected CLI credentials.
NIOS-65954 Minor The Daily Total Allocated IP Addresses displayed the same value as the current
value in spite of there being a spike.
NIOS-65934 Minor Unable to to create real-time alerts in reporting.
NIOS-65905 Minor Unable to discover devices due to a duplicate SNMP engine ID.
NIOS-65785 Minor SNMP was running in the background during a discovery blackout.
NIOS-65737 Minor Addressed OpenSSL vulnerabilities CVE-2017-3737, and CVE-2017-3738.
NIOS-65652 Minor Unable to control the NTP service by using the Start/Stop button if the
Synchronize the System with these External NTP Servers option was enabled.
NIOS-65626 Minor Discovered data was marked as a conflict because there was a delay in data
processing.
NIOS-65583 Minor Unable to add multiple network containers.
NIOS-65574 Minor Disabling DNS records did not update the TTL for the same RRset that had
different TTL values.
NIOS-65568 Minor The NIOS documentation did not contain specific information about the DNS
integrity check feature.
NIOS-65545 Minor Unable to change the network view for discovery interfaces.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-65528 Minor A graph for DNS acceleration usage was displayed in the GUI, even though DNS
Cache Acceleration was turned off.
NIOS-65527 Minor The NIOS web UI was not displayed in Internet Explorer 11 in Compatibility view
on Microsoft Windows 7 and Microsoft Windows 10.
NIOS-65522 Minor The NIOS documentation mentioned “Undetermined” as a trap severity instead
of “Indetermined”.
NIOS-65323 Minor Discovered data was not displayed in the OS, NetBIOS Name, and Last
Discovered columns of the Current Leases tab.
NIOS-65203 Minor Unable to set the Forwarding interface used for reporting traffic option in the
reporting member properties for Network Insight.
NIOS-65186 Minor The “Configuring Members and Interfaces for Automatic Updates" section in the
NIOS documentation had to be updated.
NIOS-65139 Minor The CSV file format value did not match what was mentioned in the NIOS CSV
documentation.
NIOS-65129 Minor A note in the GUI was required to inform users that when enabling DNSSEC
validation, trust anchors must be added.
NIOS-64919 Minor Unable to download the traffic capture details of one of the Grid members.
NIOS-64819 Minor A RAID disk failed but NIOS did not send any alerts.
NIOS-64678 Minor A CLI command was required to adjust the tcp-clients parameter.
NIOS-64149 Minor The WAPI did not return a suitable error message when you were forced to
change the password.
NIOS-65855 Minor Unable to change the VLAN ID using the port control feature.
Severity Levels
Severity Description
Critical Core network services are significantly impacted.
Major Network services are impacted, but there is an available workaround.
Moderate Some loss of secondary services or configuration abilities.
Minor Minor functional or UI issue.
Enhance An enhancement to the product.
KNOWN GENERAL ISSUES
ID Summary
NIOS-73715 After a NIOS upgrade, fastpath does not restart if it failed prior to the upgrade.
Workaround: Restart NIOS before upgrading to later releases.
NIOS-73707 Even if fastpath fails to restart, the status of virtual DNS Cache Acceleration and the threat
protection service is incorrectly displayed as running in Grid Manager.
400-0720-007 Rev. F 1/13/2021
NIOS 8.3.8 Release
NIOS 8.3.2 Notes
Release Notes
NIOS-73672 Under a rare circumstance, communication between the reporting cluster master and cluster peer
fails and the “Search Factor is Not Met” and “Replication Factor is Not Met” messages are displayed
on the Dashboards > Reporting Clustering Status tab.
Workaround: Restart the reporting service.
NIOS-73648 You must configure an RPZ feed zone before or after enabling threat indicator caching to start the
download of threat category information.
NIOS-73649 If the reporting search head reboots or shuts down when a replication is in progress, all threat
indicator indexes are removed, and therefore, all entries in the threat details report and the syslog
threat context show as unknown. To fix this issue, disable and enable the threat indicator caching
feature.
Workaround: Disable and enable the threat indicator caching feature.
NIOS-73650 If you reset the reporting data on any reporting member or replace the reporting hardware before or
after enabling threat indicator caching, you must log in to the Grid as a user with delete permission
so that the user details are pushed to the Splunk database for threat indicator caching to work.
Workaround: Disable and enable the threat indicator caching feature.
NIOS-73611 Connecting to the Cloud Services Portal on an HA failover node impacts DNS Forwarding Proxy
enabled on NIOS versions 8.3.7 and 8.3.8 and an invalid OPHID is generated on the newly active
node.
NIOS-73387 You cannot import TLSA records using the Data Import Wizard.
NIOS-70845 Under certain circumstances, during the automatic download of a module set, the threat analytics
service may not start because of a missing analytics directory and the new module set may not be
applied.
NIOS-68400 Network Insight is unable to discover certain devices because of a licensing issue. Please contact
Infoblox Technical Support for help.
NIOS-61565 Object Change Tracking: In situations that involve a large database, performing a full
synchronization from the Grid Master Candidate while the previous file is still being synchronized to
the Grid Master might cause the deletion of the original synchronization file.
Workaround: Do not perform a full synchronization from the Grid Master Candidate until the file
from the previous synchronization is fully synchronized to the Grid Master.
N/A Infoblox has upgraded the software for our user community (community.infoblox.com), which will
offer users enhanced features and a more robust experience. This new community software
however, is not compatible with our community dashboard widget. As a result, the functionality of
the Community Dashboard widget is inconsistent. The Community Dashboard widget will
subsequently be removed in the next NIOS maintenance release.
ISE-249 Cisco ISE: Unable to create a network active user if the user is configured with Cisco ISE server using
the standby server address.
400-0720-007 Rev. F 1/13/2021

NIOS 8.3.8 ReleaseNotes F

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NIOS 8.3.8 ReleaseNotes F

Uploaded by

Copyright:

Available Formats

NIOS 7.3.

SUPPORTED PLATFORMS ........................................................................................................ 2

NEW FEATURES ................................................................................................................... 7

CHANGES TO DEFAULT BEHAVIOR .......................................................................................... 15

CHANGES to Infoblox API and RESTful API (WAPI) ....................................................................... 16

UPGRADE GUIDELINES ......................................................................................................... 18

BEFORE YOU INSTALL ......................................................................................................... 19

ACCESSING GRID MANAGER ................................................................................................... 20

KNOWN GENERAL ISSUES ..................................................................................................... 52

Infoblox NIOS 8.3.x is supported on the following platforms:

NOTE: TE appliances are also known as the IB appliances.

Virtual vNIOS Appliances

• vNIOS for VMware on ESX/ESXi Servers

• vNIOS for Xen Hypervisor

• vNIOS for KVM Hypervisor

• vNIOS for AWS (Amazon Web Services)

• vNIOS for Azure

IB-VM-100 55 1 1 1600 MHz ü ü ü ü û No

IB-VM-800 300 2 Range: 1600 MHZ ü3 ü ü ü1 û No

IB-VM-800 300 2 Range: 1600 MHZ ü3 ü ü û û No

IB-V805 ** 250 (+ user 2 32 2700 MHz ü ü û ü4 û No

IB-VM-810 55 2 2 1200 MHz ü ü ü ü û No

IB-VM-810 160 2 2 1200 MHz ü ü ü û û No

IB-V815 ** 250 2 16 1100 MHz ü ü û ü4 û Yes

IB-VM-820 55 2 4 1600 MHz ü ü ü ü û Yes2

IB-VM-820 160 2 4 1600 MHz ü ü ü û ü Yes2

IB-V825 ** 250 2 16 1600 MHz ü ü û ü4 ü Yes2

IB-VM-1400 555 4 Default: 2660 MHz ü3 ü û û û No

IB-V1405 ** 250 (+ user 4 32 3600 MHz ü ü û ü4 û No

IB-VM-1410 55 4 8 GB 1600 MHz ü ü ü û û No

IB-VM-1410 160 4 8 1600 MHz ü ü ü û û Yes2

IB-V1415 ** 250 4 32 1200 MHz ü ü û ü4 û Yes

IB-VM-1420 160 4 8 2400 MHz ü ü ü ü ü Yes2

IB-V1425 ** 250 4 32 1800 MHz ü ü û ü4 ü Yes

IB-V2205 ** 250 (+ user 8 64 2100 MHz ü ü û ü4 û No

IB-VM-2210 160 4 12 2000 MHz ü û ü û û Yes2

IB-V2215 ** 250 8 64 2100 MHz ü ü û ü4 û Yes

IB-VM-2220 160 4 12 2400 MHz ü û ü ü ü Yes2

IB-V2225 ** 250 8 64 2100 MHz ü ü û ü4 ü Yes

IB-V4005 250 14 128 2400 MHz ü û û û û No

IB-V4015 ** 250 14 128 2400 MHz ü ü û ü4 û Yes

IB-V4025 ** 250 14 128 2400 MHz ü ü û ü4 ü Yes

IB-V5005 ** User User User N/A ü ü û ü û No

ND-V800 160 2 8 1600 MHz ü3 ü ü û û No

ND-V805 ** 500 2 32 2700 MHz ü ü û ü4 û No

ND-V1400 160 4 16 2660 MHz ü3 ü ü û û No

ND-V1405 ** 250 4 32 3600 MHz ü ü û ü4 û No

ND-V2200 160 8 24 2400 MHz ü3 û ü û û No

ND-V2205 ** 250 8 32 2100 MHz ü ü û ü4 û No

ND-V4005 ** 250 14 128 2400 MHz ü ü û ü4 û No

CP-V800 160 2 2 2000 MHz ü ü ü ü No

CP-V1400 160 4 8 6000 MHz ü ü ü ü No

CP-V2200 160 4 12 12000 MHz ü ü ü ü No

NIOS Virtual # of Memory

This section lists new features in the 8.3.x releases.

Collecting NIOS Database Performance Data (RFE-9550)

NAT Port as IPSD (RFE-9527)

New Policy for Subscriber Parental Control (RFE 8665)

Reporting Data Retention (RFE 9394)

NIOS SPPC Lease2RADIUS Installation (RFE 9520)

Use Infoblox credentials to access this link.

DHCP Fingerprint Data Enhancement

Infoblox Subscriber Services Enhancements (RFE 8995)