NIOS 8.5.1 ReleaseNotes

NIOS 8.
4
NIOS Release
8.5.1 Notes
Release Notes
INTRODUCTION .................................................................................................................. 2
SUPPORTED PLATFORMS....................................................................................................... 2
NEW FEATURES .................................................................................................................. 7

NIOS 8.5.1 .................................................................................................................... 7
NIOS 8.5.0 .................................................................................................................... 8
CHANGES TO DEFAULT BEHAVIOR ......................................................................................... 11

NIOS 8.5.x .................................................................................................................. 11
NIOS 8.4.x .................................................................................................................. 12
NIOS 8.3.x .................................................................................................................. 12
NIOS 8.2 and Later ........................................................................................................ 12
NIOS 8.2.x .................................................................................................................. 12
NIOS 8.0.0 .................................................................................................................. 12
CHANGES TO INFOBLOX API and RESTFUL API (WAPI) ................................................................. 13

NIOS 8.5 ..................................................................................................................... 15
UPGRADE GUIDELINES ........................................................................................................ 15
BEFORE YOU INSTALL ........................................................................................................ 16
ADDRESSED VULNERABILITIES .............................................................................................. 17
RESOLVED ISSUES ............................................................................................................. 23

Fixed in NIOS 8.5.1 ....................................................................................................... 24
Fixed in NIOS 8.5.0 ....................................................................................................... 28
KNOWN GENERAL ISSUES .................................................................................................... 43
© 2021 Infoblox Inc. All Rights Reserved. All registered trademarks are property of their respective owners. Page 1 of 44
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
INTRODUCTION
Infoblox NIOS 8.5 software, coupled with Infoblox appliance platforms, enables customers to deploy large,
robust, manageable and cost-effective Infoblox Grids. This next-generation solution enables distributed
delivery of core network services—including DNS, DHCP, IPAM, TFTP, and FTP—with the nonstop availability and
real-time service management required for today’s 24x7 advanced IP networks and applications.
Please note the following:
NIOS 8.5 is not supported on the following appliances: IB-250, IB-250-A, IB-500, IB-550, IB-550-A,
IB-1000, IB-1050, IB-1050-A, IB-1550, IB-1550-A, IB-1552, IB-1552-A, IB-1852-A, IB-2000, IB-2000-A,
IB-VM-250, IB-VM-550, IB-VM-1050, IB-VM-1550, IB-VM-1850, IB-VM-2000, and Trinzic Reporting TR-2000 and TR-
2000-A series appliances. You cannot upgrade to NIOS 8.5 on these appliances. See Upgrade Guidelines in this
document for additional upgrade information.
SUPPORTED PLATFORMS
Infoblox NIOS 8.5 is supported on the following platforms:
• Infoblox Advanced Appliances: PT-1405, PT-2205, PT-2205-10GE

• Network Insight Appliances: ND-805, ND-1405, ND-2205, ND-4000, ND-4005
• Network Insight Virtual Appliances: IB-V805, IB-V1405, IB-V2205, IB-V4005
• Trinzic Appliances: TE-815, TE-825, TE-1415, TE-1425, TE-2215, TE-2225, TE-4015, TE-4025
• Trinzic Virtual Appliances: IB-V815, IB-V825, IB-V1415, IB-V1425, IB-V2215, IB-V2225, IB-V4015,
IB-V4025, IB-FLEX
• Trinzic Reporting Appliances: TR-805, TR-1405, TR-2205, TR-4005
• Trinzic Reporting Virtual Appliances: IB-V805, IB-V1405, IB-V2205, IB-V4005, IB-V5005
• Cloud Platform Appliances: CP-V805, CP-V1405, CP-V2205
• Infoblox Virtual NIOS Appliances for AWS, Azure, and GCP: IB-V825, IB-V1425, IB-V2225, CP-V805, CP-
V1405, CP-V2205
The following appliances are still supported in NIOS 8.5. However, they are not available for purchase from
Infoblox:
PT-1400, PT-2200, PT-4000, PT-4000-10GE, ND-800, ND-1400, ND-2200, TE-100, TE-810, TE-820, TE-1410, TE-
1420, TE-2210, TE-2220, TR-800, TR-1400, TR-2200, IB-4010, IB-4020, TR-4000, IB-4030, and IB-4030-10GE.
NOTE: Infoblox strongly recommends against using the TE-810 and TE-820 appliances as the Grid Master or Grid
Master Candidate.
The following appliances are supported only when you upgrade to NIOS 8.5 from an earlier version. They are
not supported for a new NIOS 8.5 installation:
ND-V800, ND-V1400, ND-V2200, TE-V810, TE-V820, TE-V1410, TE-V1420, TE-V2210, TE-V2220, TR-V2200, IB-
V4010, IB-V4020, TE-V800, TE-V1400, TE-V2200, CP-V800, CP-V1400, and CP-V2200.
NOTE: TE appliances are also known as the IB appliances.
NOTE: DNS forwarding proxy is not supported on IB-100, IB-810, IB-820, IB-V810 and IB-V820 appliances. DNS
forwarding proxy is also not supported on any appliance that is running on a memory lower than 4 GB.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
Virtual vNIOS Appliances
Infoblox supports the following vNIOS virtual appliances. Note that Infoblox does not support running vNIOS in
any nested VMs or VM-inside-VM configuration.
• vNIOS for VMware on ESX/ESXi Servers

The Infoblox vNIOS on VMware software can run on ESX or ESXi servers that have DAS (Direct Attached
Storage), or iSCSI (Internet Small Computer System Interface) or FC (Fibre Channel) SAN (Storage Area
Network) attached. You can install the vNIOS software package on a host with VMware ESX or ESXi 6.7,
6.5.x, 6.0.x, 5.5.x, 5.1.x, or 5.0.x installed, and then configure it as a virtual appliance.
vSphere vMotion is also supported. You can migrate vNIOS virtual appliances from one ESX or ESXi server to
another without any service outages. The migration preserves the hardware IDs and licenses of the vNIOS
virtual appliances. VMware Tools is automatically installed for each vNIOS virtual appliance. Infoblox
supports the control functions in VMware Tools. For example, through the vSphere client, you can shut
down the virtual appliance. You can deploy certain vNIOS virtual appliances with different hard disk
capacities. Some vNIOS appliances are not supported as Grid Masters or Grid Master Candidates. For more
information about vNIOS on VMware, refer to the Infoblox Installation Guide for vNIOS Software on
VMware.
• vNIOS for Microsoft Server 2016, 2012 R2, and 2012 Hyper-V
The Infoblox vNIOS virtual appliance is now available for Windows Server 2016, Windows Server 2012 R2,
and 2012 that have DAS (Direct Attached Storage). Administrators can install vNIOS virtual appliance on
Microsoft Windows® servers using either Hyper-V Manager or SCVMM. A Microsoft Powerscript is available
for ease of installation and configuration of the virtual appliance. Note that for optimal performance,
vNIOS for Hyper-V is not recommended as a Grid Master or Grid Master Candidate. For more information
about vNIOS for Hyper-V, refer to the Infoblox Installation Guide for vNIOS on Microsoft Hyper-V.
NOTE: All virtual appliances for reporting purposes are supported only for Windows Server 2012 R2. NIOS
virtual appliance for Hyper-V is not recommended as a Grid Master or Grid Master Candidate.
• vNIOS for KVM Hypervisor

The Infoblox vNIOS for KVM is a virtual appliance designed for KVM (Kernel-based Virtual Machine)
hypervisor and KVM-based OpenStack deployments. The Infoblox vNIOS for KVM functions as a hardware
virtual machine guest on the Linux system. It provides core network services and a framework for
integrating all components of the modular Infoblox solution. You can configure some of the supported
vNIOS for KVM appliances as independent or HA (high availability) Grid Masters, Grid Master Candidates,
and Grid members. For information about vNIOS for KVM hypervisor, refer to the Infoblox Installation
Guide for vNIOS for KVM Hypervisor and KVM-based OpenStack.
NOTE: KVM-based OpenStack deployments are supported on the Newton RHOSP 10 (Red Hat Enterprise
Linux 7.4), Queens RHOSP 13 (Red Hat Enterprise Linux 7.6), Rocky RHOSP 14 (Red Hat Enterprise Linux
7.6), and Stein PackStack (Red Hat Enterprise Linux 7.6) platforms.
• vNIOS for AWS (Amazon Web Services)

The Infoblox vNIOS for AWS is a virtual Infoblox appliance designed for operation as an AMI (Amazon
Machine Instance) in Amazon VPCs (Virtual Private Clouds). You can deploy large, robust, manageable, and
cost effective Infoblox Grids in your AWS cloud, or extend your existing private Infoblox NIOS Grid to your
virtual private cloud resources in AWS. You can use vNIOS for AWS virtual appliances to provide carrier-
grade DNS and IPAM services across your AWS VPCs. Instead of manually provisioning IP addresses and DNS
name spaces for network devices and interfaces, an Infoblox vNIOS for AWS instance can act as a
standalone Grid appliance to provide DNS services in your Amazon VPC, as a virtual cloud Grid member tied
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
to an on-premises (non-Cloud) NIOS Grid, or as a Grid Master synchronizing with other AWS-hosted vNIOS
Grid members in your Amazon VPC; and across VPCs or Availability Zones in different Amazon Regions. For
more information about vNIOS for AWS, refer to the Infoblox Installation Guide for vNIOS for AWS.
• vNIOS for Azure

Infoblox vNIOS for Azure is an Infoblox virtual appliance designed for deployments through Microsoft Azure,
a collection of integrated cloud services in the Microsoft Cloud. The vNIOS for Azure enables you to deploy
robust, manageable, and cost effective Infoblox appliances in the Microsoft Cloud. Infoblox NIOS provides
core network services and a framework for integrating all the components of the modular Infoblox solution.
It provides integrated, secure, and easy-to-manage DNS (Domain Name System) and IPAM (IP address
management) services. You can deploy one or more Infoblox vNIOS for Azure instances through the
Microsoft Azure Marketplace and provision them to join the on-premises NIOS Grid. You can then use the
vNIOS for Azure instance as the primary DNS server to provide carrier-grade DNS and IPAM services in the
Microsoft Cloud. You can also utilize Infoblox Cloud Network Automation with your vNIOS for Azure
instances to streamline with IPAM, improve visibility of your cloud networks, and increase the flexibility of
your cloud environment. For more information about vNIOS for AWS, refer to the Infoblox Installation
Guide for vNIOS for Microsoft Azure.
• vNIOS for GCP

Infoblox vNIOS for GCP is an Infoblox virtual appliance that enables you to deploy robust, manageable, and
cost-effective Infoblox appliances in the Google Cloud. Infoblox vNIOS provides core network services and a
framework for integrating all the components of the modular Infoblox solution. It provides integrated,
secure, and easy-to-manage DNS (Domain Name System) and IPAM (IP address management) services. For
more information, see the Infoblox Installation Guide for vNIOS for GCP.
• vNIOS for Nutanix AHV

Infoblox vNIOS for Nutanix enables you to deploy large, robust, manageable, and cost-effective Grids.
Infoblox NIOS virtual appliance for Nutanix functions as a hardware virtual machine guest on the Linux
system. It provides integrated, secure, and easy-to-manage DNS, DHCP, and IPAM services and a framework
for integrating all the components of the modular Infoblox solution. For more information, see the Infoblox
Installation Guide vNIOS for Nutanix AHV.
NOTE: Infoblox NIOS virtual appliances support any hardware that provides the required Hypervisor version,
memory, CPU, and disk resources. To maintain high performance on your NIOS virtual appliances and to avoid
not having enough resources to service all the NIOS virtual appliances, do not oversubscribe physical resources
on the virtualization host. Required memory, CPU, and disk resources must be adequately allocated for each
virtual appliance that is running on the virtualization host. For information about the required specification for
each NIOS virtual appliance model, see the following table.
NOTE: Deploying vNIOS on Xen Hypervisor is not supported, but you can upgrade from 7.x versions to 8.3 and
then upgrade to 8.5.x.
The following table lists the required memory, CPU, and disk allocation for each supported Infoblox virtual
appliance model:
NIOS Primary # of Memory Recommended NIOS for NIOS for NIOS for NIOS for NIOS for Supported as
Virtual Disk CPU Allocation CPU Per Core VMware MS KVM Azure, Nutanix Grid Master
Appliances (GB) Cores (GB) Clock Rate Hyper-V AWS, AHV and Grid
* GCP Master
Candidate
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
IB-V815 ** 250 2 16 1100 MHz ✓ ✓ ✓1  ✓ Yes
IB-V825 ** 250 2 16 1600 MHz ✓ ✓ ✓1 ✓ ✓ Yes
IB-V1415 ** 250 4 32 1200 MHz ✓ ✓ ✓1  ✓ Yes
IB-V1425 ** 250 4 32 1800 MHz ✓ ✓ ✓1 ✓ ✓ Yes
IB-V2215 ** 250 8 64 2100 MHz ✓ ✓ ✓1  ✓ Yes
IB-V2225 ** 250 8 64 2100 MHz ✓ ✓ ✓1 ✓ ✓ Yes
IB-V4015 ** 250 14 128 2400 MHz ✓ ✓ ✓1   Yes
IB-V4025 ** 250 14 128 2400 MHz ✓ ✓ ✓1   Yes
Network Overall # of CPU Memory Recommended NIOS NIOS NIOS NIOS NIOS for Supported as
Insight Disk (GB) Cores Allocation CPU Per Core for for MS for for Nutanix Grid Master
Virtual (GB) Clock Rate VMware Hyper KVM AWS, AHV and Grid
Appliances -V * Azure Master
, GCP Candidate
ND-V805 ** 500 2 32 2700 MHz ✓ ✓ ✓1   No
ND-V1405 ** 500 4 32 3600 MHz ✓ ✓ ✓1  ✓ No
ND-V2205 ** 500 8 64 2100 MHz ✓ ✓ ✓   No
ND-V4005 ** 500 14 128 2400 MHz ✓ ✓ ✓   Yes
The overall disk space in NIOS reporting virtual appliances is the value mentioned in the Overall Disk column
plus user defined reporting storage.
NIOS Overall # of CPU Memory Recommended NIOS NIOS NIOS NIOS NIOS for Supported as
Reporting Disk (GB) Cores Allocation CPU Per Core for for MS for for Nutanix Grid Master
Virtual (GB) Clock Rate VMware Hyper KVM AWS, AHV and Grid
Appliances -V * Azure Master
, GCP Candidate
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
IB-V805 ** 250 2 32 2700 MHz ✓ ✓ ✓1   No
IB-V1405 ** 250 4 32 3600 MHz ✓ ✓ ✓1   No
IB-V2205 ** 250 8 64 2100 MHz ✓ ✓ ✓1   No
IB-V4005 250 14 128 2400 MHz ✓     No

(+ 1500
GB
reporting
storage)
IB-V5005 User User User N/A ✓ ✓ ✓  ✓ No

defined defined defined
reporting
storage
Cloud Overall # of Memory Recommended NIOS for NIOS for NIOS NIOS NIOS for Supported
Platform Disk CPU Allocation CPU Per Core VMware MS for for Nutanix as Grid
Appliances (GB) Cores (GB) Clock Rate Hyper-V * KVM AWS, AHV Master and
Azure, Grid
GCP Master
Candidate
CP-V805 250 2 16 2000 MHz ✓ ✓ ✓ ✓ ✓ No
CP-V1405 250 4 32 6000 MHz ✓ ✓ ✓ ✓ ✓ No
CP-V2205 250 8 64 12000 MHz ✓ ✓ ✓ ✓ ✓ No
NOTE:
* When running NIOS in MS Hyper-V with dynamic memory allocation enabled, your system might experience
high memory usage. To avoid this issue, Infoblox recommends that you disable dynamic memory allocation.
** To achieve best performance on your virtual appliances, follow the recommended specifications and allocate
your resources within the limits of the licenses being installed on the appliances.
1
NIOS for KVM is supported in the following environments: OpenStack, RHEL, SUSE Enterprise and Cloud, and
CentOS. Note that only IB-V1405 as a Reporting server has been qualified for OpenStack.
The following table lists the required CPU and memory allocation for each supported Infoblox appliance model
when Threat Protection is enabled:
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS Virtual # of Memory

Appliances CPU Allocation
Cores (GB)
IB-V1415 4 32
IB-V1425 8 32
IB-V2215 16 64
IB-V2225 16 64
IB-V4015 28 128
IB-V4025 28 128
NOTE:
For the IB-V1425, IB-V4015, and IB-V4025 appliances, the # of CPU Cores column indicates the number of
virtual CPUs assuming that hyperthreading is enabled.
NEW FEATURES
This section lists new features in the 8.5.x releases.
NIOS 8.5.1
Additional Validation on Host Names (RFE-7507)

You can now enable or disable additional validation on host names when creating zones, subzones, and records
of type A, AAAA, host record, ALIAS, CAA, MX, and NS. The following new CLI commands have been introduced
to enable or disable the additional validation:
• set extra_dns_name_validations: Enables or disables additional DNS name validation
• show extra_dns_name_validations: Displays the status of the additional DNS name validation
Additional validation is disabled by default. For more information about these commands, see the “set
extra_dns_name_validations” and “show extra_dns_name_validations” topics in the NIOS 8.5 online
documentation.
High Performance Query Logging (RFE-7747)

You can now use the dnstap log format to achieve performance query logging. NIOS logs all valid DNS queries
and responses that are not dropped by Advanced DNS Protection. You can configure high performance query
logging by using the Logging tab in the Grid DNS Properties or Member DNS Properties editor.
The following new commands have been introduced to configure the use of dnstap:
• set enable_dnstap: Enables or disables using dnstap to log DNS queries and responses
• show dnstap-status: Displays the status of the dnstap configuration
• show dnstap-stats: Displays the statistics of the dnstap configuration
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
For information about configuring high performance query logging, see the “Capturing DNS Queries and
Responses” topic in the NIOS 8.5 online documentation. For information about the new commands, see the “set
enable dnstap”, “show dnstap-status”, and “show dnstap-stats” topics in the NIOS 8.5 online documentation.
Support for More Intel NICs (RFE-8677)

NIOS now supports SR-IOV Virtual Function drivers for Intel®️ Ethernet Controller XL710 and Intel Ethernet
Network Adapter XXV710 NICs. These NICs are supported on KVM platforms.
Configuring the edns-udp-size and max-udp-size Attributes (RFE-4795)

You can now configure the edns-udp-size and max-udp-size attributes by entering byte values in the EDNS0
Buffer Size and UDP Buffer Size fields in the Grid DNS Properties/Member DNS Properties/DNS View > General
> Advanced tab. The minimum and maximum values of both these attributes are 512 and 4096 respectively. By
default, the buffer size is set to 1220 bytes. For information about configuring these attributes, see the “Using
Extension Mechanisms for DNS (EDNS0)” topic in the NIOS 8.5 online documentation.
Configuring Root Name Server Inheritance (RFE-10347)

You now have the option to configure whether customized root name servers must apply only to the default
DNS view or to all DNS views. You can do this using the Applies to default DNS view only and the Applies to all
DNS views on this member options in Member DNS Properties > Root Name Servers > Basic tab.
Capturing CSV Errors After NetMRI Synchronization (RFE-9097)

After an IPAM synchronization in NetMRI, CSV import errors if any are now logged in a separate file named
discovery_csv_error.log.xxxxxx located at /infoblox/var/discovery_csv_error
Collecting NIOS Database Performance Data (RFE-9550)

You can now download Ptop log files that comprise database metrics which you can use to determine the
health of the NIOS database and baseline its performance. Based on the database performance, you can
ascertain the impact of changes such as adding a Grid member or enabling features such as Grid replication for
DNS zones or multi-master DNS, on the database performance. You can download the Ptop log files by using a
WAPI call. For more information, see the “Collecting Database Performance Data” topic in the NIOS 8.5 online
documentation.
Adding TLSA Records in Unsigned Zones (RFE-10324)

You can now add TLSA records in both DNSSEC signed zones or unsigned zones.
NIOS 8.5.0
Infoblox Customer Experience Improvement Program

The Infoblox Customer Experience Improvement program is an alert feature that sends encrypted network
infrastructure and product usage data to Infoblox on a periodic basis. Infoblox uses this data to improve
product functionality and to provide better customer service.
The Infoblox Customer Experience Improvement Program screen is displayed only when you login for the first
time. You can choose whether or not you want to participate in the program. You can configure the Infoblox
Customer Experience Improvement program on the Grid Properties > Edit > CSP Config > Advanced tab.
vDCA Support on 22x5 and 40x5 Appliances (RFE-9242)

vDCA is now supported on the IB-2215, IB-2225, IB-V2215, IB-V2225, IB-4015, IB-4025, IB-V4015, and IB-V4025
appliances. For more information, see the “Configuring DNS Cache Acceleration” topic in the NIOS 8.5 online
documentation.
CSV Import for Subscriber Records (RFE-8672)

You can now import subscriber site data by using the CSV Import option and export subscriber site data by
using the Export Subscriber Data option. However, you cannot perform merge, custom, and replace operations
for subscriber records. For information about supported object types for subscriber records and their
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
corresponding fields for CSV import and export, see the “Subscriber Record” topic in the NIOS 8.5 online
documentation.
You can also add, update, and delete subscriber records using NIOS APIs. For more information, see the NIOS
WAPI documentation.
Scalable Installer Image on IB-FLEX (RFE-7533)

The NIOS 8.5 installer image files are available in the following two variants:
• Default image files of size 250 GB
• Resizable files of size 68 GB. You can resize these images depending on your requirement and
deployment. You can resize up to a maximum of 2.5 terabytes.
For more information, see the “Installing NIOS” topic in the NIOS 8.5 online documentation. For limitations
about the scalable installer image, see the “Limitations of Using the Scalable Image File” section in the
“Installing NIOS” topic.
vNIOS Support on Nutanix AHV (RFE-7970)

vNIOS is now supported on the Nutanix AHV platform. For more information, see the vNIOS on Nutanix AHV
documentation at https://docs.infoblox.com/display/nutanix/About+Infoblox+vNIOS+for+Nutanix+AHV
Infoblox IPAM Driver for Terraform (RFE-7614)

NIOS is now supported on Infoblox IPAM Driver for Terraform version 1.0. For installation details, see the
Infoblox IPAM Driver for Terraform online documentation at
https://docs.infoblox.com/display/ipamdriverterraform10/Infoblox+IPAM+Driver+for+Terraform+1.0
Splunk Upgrade (RFE-9484)

NIOS 8.5 now works with the upgraded Splunk version 7.2.6.
DHCP Support for Subscriber Policy (RFE-8538)

You can now use extensible attributes to populate the subscriber cache with subscriber policies. Fixed
addresses, reserved addresses and networks can use extensible attributes to add a subscriber policy during
creation and remove the subscriber policy when they are removed. Supported extensible attributes are
Subscriber-Secure-Policy, Parental-Control-Policy, PC-Category-Policy, User-Name, Proxy-All, Black-List and
White-List. The DHCP member serving subscriber services must belong to a single subscriber secure site. This
feature is not supported when the Allow NATed Subscribers only option is enabled in the subscriber site.
New Dashboard Reports

This release of NIOS introduces the following new reports:
• DNS QPS Usage Report: Displays the five-day rolling average of the total peak DNS queries per second
calculated for all Grid members.
• IP Address Usage Report: Displays the five-day rolling average of peak values of the total count of IP
addresses aggregated across all networks in the Grid.
• DHCP LPS Usage Report: Displays the five-day rolling average of the total peak DHCP leases per second
calculated for all Grid members.
For more information, see the “DNS Dashboards”, “IPAMv4 Utilization Dashboards”, and “DHCP Dashboards”
topics in the NIOS 8.5 online documentation.
Configuring LAN1/LAN2 for Automated Failover (RFE-9114)

LAN1 and LAN2 interfaces both support DNS recursion in such a way that if the default route interface goes
down, the route redundancy feature removes the failed interface so that there is automatic failover of
recursion traffic. This provides for a seamless flow of recursive traffic movement.
You can configure automated failover by selecting the Enable default route redundancy on LAN1/LAN2 check
box on the Network tab of the Grid Member Properties editor. For more information, see the “Using the LAN2
Port” topic in the NIOS 8.5 online documentation.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
New Match Rule Filters for Outbound ObjectChange Events
This release of NIOS introduces two new rule filters in the Match the following rule section when you add
notification rules. The new filters are Username and Usergroup. These filters are applicable only to the
ObjectChange events.
New Cisco ISE Endpoint (RFE-9236)

You can now add a Cisco ISE endpoint using the Grid > Ecosystem > Outbound Endpoint > Add Cisco ISE
Endpoint option. For more information, see the “Configuring Outbound Endpoints” topic in the NIOS 8.5 online
documentation.
HA Support for Outbound Notifications
NIOS now provides HA support and performs a failover to a standby node without loss of data when a large
number of Outbound events are triggered.
Support for Bulk CSV Operations (RFE-8789)

NIOS 8.5 supports bulk CSV operations for heavy loads of DBChange objects.
Testing the Grid Master Candidate Connection Before Promotion (RFE-1737)

You can now test the connection and also schedule a test connection of the Grid Master Candidate with the
other Grid members before promoting it to Grid Master. You can do this either by using the GMC Promote Test
option on the Grid Manager or by using the NIOS CLI. The following new commands have been introduced to
test the connection:
• show test_promote_master: Enables you to view the results of the test promotion of a Grid Master
Candidate to Grid Master.
• set test_promote_master: Enables you to check whether the Grid Master Candidate is connected
to the rest of the Grid members.
You need the new ADP ruleset version to use this feature. For information about the GMC Test option, see the
“Managing a Grid” topic in the NIOS 8.5 online documentation. For information about the CLI commands, see
the “show test_promote_master” and the “set test_promote_master” commands.
SSH CLI Access to Non Super Users (RFE-504)

Super users can now give SSH and CLI access to non-super users by selecting the CLI option in the Allowed
Interfaces section of Admin Group Wizard. For more information, see the “About Admin Groups” topic in the
NIOS 8.5 online documentation.
Faster Refresh Rates for DNS Traffic Control Status Updates (RFE-6258)
DNS Traffic Control status updates are now refreshed every 10 seconds compared to the earlier refresh rate of
2 minutes. Therefore, you can now view the latest DNS Traffic Control update every 10 seconds.
Selecting NOERROR/NODATA or NXDOMAIN as a Response (RFE-7113)

You can now select NOERROR/NODATA or NXDOMAIN as a Destination/Response option when configuring a
topology ruleset for destination types other than pools or servers. For more information, see the “Configuring
Topology Rules and Rulesets” topic in the NIOS 8.5 online documentation.
Increase in the DNS Traffic Control Scale (RFE-8771)

DNS Traffic Control now is more scalable and supports more numbers of DTC objects and health monitors.
Increase in the DNS Traffic Control Persistency (RFE-9150)

You can now enter a value up to 2 hours in the Persistence field of the DTC LBDN wizard. This has been
increased from the maximum persistence value of 30 minutes in earlier releases.
DNS Forwarding Proxy as a Service (RFE-9137)

DNS Forwarding Proxy is now a NIOS service called DFP and automatically handles DNS query forwarding. You
can start and stop the DFP service just like other NIOS services. You can configure the connection between
NIOS and BloxOne Threat Defense Cloud Services Portal by using the new CSP Config tab in Grid Properties
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
Editor or Grid Member Properties Editor. For more information, see the Using Forwarders topic in the NIOS 8.5
online documentation.
NIOS Grid Connector

NIOS 8.5 enables the BloxOne DDI NIOS Grid Connector that allows you to view NIOS Grid DHCP and IPAM data
from the SaaS based Infoblox Cloud Services Portal. You can configure access to Cloud Services Portal in NIOS
through the CSP Config tab in the Grid Properties editor. The NIOS Grid Connector service is then configured
using the Cloud Services Portal GUI. Viewing the NIOS Grid Connector in the Cloud Services Portal requires
BloxOne DDI licensing using BloxOne DDI 2.3 or later.
Discovery of SDN and SD-WAN Devices
You can now discover SDN and SD-WAN devices from Cisco ACI and Cisco Meraki using Network Insight. For more
information, see the “Configuring Discovery Properties” topic in the NIOS 8.5 online documentation.
Enabling or Disabling RPZ Logging (RFE-7574)

You can now enable or disable RPZ logging for an RPZ zone by using the RPZ logging check box on the Logging
tab of the Response Policy Zone editor. For more information, see the “Managing RPZs” topic in the NIOS 8.5
online documentation.
Inheritance Permissions for Host Objects Not Enabled in DHCP and DNS (RFE-9521)
You can now apply permissions to a network and have those permissions inherited by a host object that is not
enabled in DHCP and DNS.
NAT Port as IPSD (RFE-9527)

This release of NIOS supports CGNAT (Carrier Grade NAT). Multiple subscribers share the same public IP
address. In specific NATing algorithms that use port block (known port range allocation), the IP address and the
first usable port (which is a new AVP called Deterministic-NAT-Port ) for the subscriber are provided in a
RADIUS accounting AVP. You can select this AVP from the IP Space Discriminator drop-down list. For more
information, see the “Scaling Using Subscriber Sites” topic in the NIOS 8.5 online documentation.
Searching Host by IP Addresses or Networks (RFE-9231)

You can now search for hosts by IP addresses or networks using the NIOS API. For more information, see the
NIOS WAPI documentation.
Viewing CPU Utilization and Top N Processes (SPTYRFE-18)

You can now monitor the top number of processes and the CPU utilization of all individual CPU cores in the
System Activity Monitor widget. You can either track the live CPU utilization data or you can view the CPU
utilization data for up to a maximum of the past 60 minutes based on the time range you specify. You can also
determine the frequency with which the Ptop tool must run and collect data and also configure the number of
top processes to be displayed. For more information, see the “Status Dashboard” topic in the NIOS 8.5 online
documentation.
You can configure the number of top processes and the Ptop interval only for the Grid Master. It is mostly for
use of the Infoblox Technical Support team.
CHANGES TO DEFAULT BEHAVIOR
This section lists changes to the default behavior in NIOS 8.x releases.
NIOS 8.5.x
• In the System Activity Monitor widget, you can now view CPU utilization data for up to a maximum of
the past 30 minutes.
• You can now configure the number of top processes and the Ptop interval not only for the Grid Master
but also for Grid members.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS 8.4.x
• When you change the member assignment of DHCP ranges from a failover association to a Grid member
and then back to failover association, the leases in the primary and secondary server fall out of sync.
To resynchronize the peers, the failover association of the secondary server is now put in the Recover-
Wait state for the entire duration of MCLT (Maximum Client Lead Time) and a recovery is forced.
During this period, only the IP addresses allocated to the primary server are available for lease.
• If you choose to manually update a Threat Analytics whitelist set, it now gets activated automatically.
• The VMXNET virtual network adapter for vNIOS is not supported from NIOS 8.4.x onwards.
• If you select the Enable DNSSEC validation check box and add a trust anchor, the Responses must be
secure check box is no longer enabled by default. (RFE-6478)
• Threat Insight whitelists have been updated and are now synchronized with the whitelists on BloxOne
Threat Defense Cloud. (RFE-9171)
• You can now perform traffic capture on multiple members at the same time. For more information see
the “Monitoring Tools” topic in the NIOS online documentation.
NIOS 8.3.x
• Threat Insight in the Cloud now uses credentials instead of an API key for authorization. If you use
Threat Insight in the Cloud, you must configure the email address and password for ActiveTrust Cloud
integration in the Grid Properties Editor > ActiveTrust Cloud Integration tab. The Cloud Services
Portal uses these credentials for authorization when you enable the cloud client for Threat Insight in
the Cloud or ActiveTrust Cloud for Outbound.
• You can override the Grid or member zone transfer setting at the zone level. Due to an implementation
issue in previous releases, when you set the zone transfer setting at the zone level to “None,” the zone
still inherited the Grid or member setting. For example, the appliance would still perform zone
transfers when you overrode the zone transfer setting to “None” at the zone level if your Grid or
member setting allowed zone transfers. When you set zone transfers to “None” at a zone level, the
appliance denies zone transfers, and all zone transfers for that zone will fail.
• From NIOS 8.3 onwards, RPZ events require more storage to enable detailed reporting. If you
experience a high level of RPZ events, you must either acquire more reporting capacity or change your
RPZ configuration to reduce event generation. Post upgrade from NIOS 8.2.7, RPZ hits consume greater
memory.
NIOS 8.2 and Later
• OpenSSH disabled certain legacy vulnerable ciphers that some Cisco devices and versions relied on for
CLI collection. To ensure successful CLI collection for such devices, download and install the hotfix
referenced as NIOS-69328 in the Infoblox Knowledge Base article 10068 at
http://support.infoblox.com.
NIOS 8.2.x
• In NIOS 8.2.x, the appliance adds IP addresses of the external secondary servers to the “also-notify”
statement for all master zones. You will see this change when you install or upgrade to NIOS 8.2.x.
NIOS 8.0.0
• The Infoblox DNS Traffic Control solution delivers an enhanced user interface through Grid Manager.
Starting with this release, you will experience the following changes:
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
➢ The DTC Server wizard has been integrated with IPAM and DNS. DNS records can be selected
under DNS or IPAM, and you can launch the DTC Server wizard. The wizard will then use
information from the selected record to create a DTC server. Also, when the DTC server wizard
is launched from the Traffic Control tab, you can select a DNS record to provide information
for creating a DTC Server.
➢ Management of Health Monitors and Topology Rulesets have been moved to dialogs that are
launched from the Traffic Control tab.
➢ The Traffic Control Visualization can now be viewed in two panels: A panel that is displayed
next to the Traffic Control list view or in an expanded full size panel.
➢ The visualization panel has many improvements for visualizing and managing traffic control
structures, including tooltip menus for directly editing Traffic Control objects.
➢ New menu actions have been added to the Action menu (the gear icon) and the visualization
tooltip. You can use these actions to quickly add servers to pools and pools to LBDNs.
• Starting with this release, the IB-4030 and IB-4030-10GE appliances use the cache pre-fetch option to
replace the old cache refresh. Cache pre-fetch detects cached records that are about to expire and
fetch another copy before the actual expiration. When a query asks for data that has been cached, in
addition to returning the data, the appliance fetches a fresh copy from the authoritative server if the
pre-fetch condition (Eligible and Trigger settings) is met. This option helps minimize the time window
in which no answer is available in the cache.
• When configuring DNSSEC, you can select the resource record type (NSEC or NSEC3) you want to use
for handling non-existent names in DNS for the Resource Record Type for Nonexistent Proof option.
The default is now NSEC3 versus NSEC in previous releases.
• In previous releases, bloxTools is not supported on NIOS virtual appliances. bloxTools is now supported
on NIOS virtual appliances.
• In previous release, when port redundancy was configured and if LAN1 was not available, the
Infoblox appliance failed over to LAN2. Once the LAN1 connection was available, the appliance
reverted to LAN1 automatically. Starting with this release, this behavior has changed. After a failover,
the appliance no longer reverts automatically back from LAN2 to LAN1. You can select the Use LAN1
when available option when you enable port redundancy to always use LAN1 when it is available. If this
option is not selected, the appliance does not automatically revert from LAN2 to LAN1 even when the
LAN1 interface is available.
CHANGES TO INFOBLOX API and RESTFUL API (WAPI)
This section lists changes made to the Infoblox RESTful API. For detailed information about the supported
methods and objects, refer to the latest versions of the Infoblox WAPI Documentation, available through the
NIOS products and on the Infoblox documentation web site.
NOTE: The Perl API (PAPI) has been deprecated. The PAPI functionality since NIOS 8.3 is still supported.
However, API calls enhancements after version 8.3 will only be introduced through the RESTful API (WAPI). The
latest available WAPI version is 2.11.1.
This NIOS release supports the following WAPI versions: 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.4, 1.4.1, 1.4.2, 1.5, 1.6,
1.6.1, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 2.0, 2.1, 2.1.1, 2.1.2, 2.2, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4, 2.5, 2.6,
2.6.1, 2.7, 2.7.1, 2.7.2, 2.7.3, 2.8, 2.9, 2.9.1, 2.9.5, 2.9.7, 2.10, 2.10.1, 2.10.2, 2.10.3, 2.10.5, 2.11, and
2.11.1.
The following table describes the mapping of NIOS versions to WAPI versions:
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS Version WAPI Version
8.0.0 to 8.0.9 2.5
8.1 to 8.1.8 2.6.1
8.2.0 to 8.2.3 2.7
8.2.4 to 8.2.5 2.7.1
8.2.6 to 8.2.9 2.7.3
8.3.0 to 8.3.1 2.9
8.3.2 to 8.3.5 2.9.1
8.3.6 2.9.5
8.3.7 to 8.3.8 2.9.7
8.4.0 to 8.4.1 2.10
8.4.2 to 8.4.3 2.10.1
8.4.4 2.10.3
8.4.5 to 8.4.7 2.10.5
8.5 2.11
8.5.1 2.11.1
WAPI Deprecation and Backward Compatibility Policy
This policy covers the interfaces exposed by the Infoblox WAPI and the protocol used to communicate with it.
Unless explicitly stated in the release notes, previously available WAPI versions are intended to remain
accessible and operative with later versions.
The planned deprecation of a given version of the WAPI will normally be announced in the release notes at
least one year in advance. Upon deprecation, the announced WAPI version and all prior versions will no longer
be supported in subsequent releases. For example, if the current WAPI release is v3.4 and the release notes
contain an announcement of the v1.5 deprecation, v1.4, and v1.5 API requests would continue to work with
later releases for one year from the announcement date. After that, some or all requests for these deprecated
versions may not work with versions later than v1.5. API requests adherent to versions later than v1.5 (v2.0 for
example) would continue to work with subsequent releases. Infoblox seeks to avoid any deprecation that has
not been announced in advance, however product modifications and enhancements may affect specific API
requests without a prior announcement; Infoblox does not warrant that all API requests will be unaffected by
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
future releases. This policy applies to both major and minor versions of the WAPI. Infoblox reserves the right to
change this policy.
NIOS 8.5
NIOS 8.5 includes the following WAPI changes:
New Structures:
• csp_grid_setting
• csp_member_setting
New Objects:
• admingroup:admin_set_commands
• admingroup:admin_show_commands
• admingroup:admin_toplevel_commands
• admingroup:cloud_set_commands
• admingroup:database_set_commands
• admingroup:database_show_commands
• admingroup:dhcp_set_commands
• admingroup:dhcp_show_commands
• admingroup:dns_set_commands
• admingroup:dns_show_commands
• admingroup:dns_toplevel_commands
• admingroup:docker_set_commands
• admingroup:docker_show_commands
• admingroup:grid_set_commands
• admingroup:grid_show_commands
• admingroup:licensing_set_commands
• admingroup:licensing_show_commands
• admingroup:machine_control_toplevel_commands
• admingroup:networking_set_commands
• admingroup:networking_show_commands
• admingroup:security_set_commands
• admingroup:security_show_commands
• admingroup:trouble_shooting_toplevel_commands
• parentalcontrol:subscriberrecord
• pxgrid:endpoint
UPGRADE GUIDELINES
• The Infoblox Docker bridge uses the 172.17.0.0/16 network by default. If this network is used in your
environment, you must change the Infoblox Docker bridge network. Use the show docker_bridge
CLI command to view the current setting and the set docker_bridge CLI command to change the
setting. For information about these CLI commands, see the “show docker_bridge” and the “set
docker_bridge” topics in NIOS online documentation.
• If there are Threat Protection members in your Grid for the 8.3 and later features (Infoblox Subscriber
Services, forwarding recursive queries to BloxOne Threat Defense Cloud, and CAA records), ensure that
you upload the latest Threat Protection ruleset for these features to function properly.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
• Infoblox recommends that you enable DNS Fault Tolerant Caching right after you upgrade to NIOS
8.2.x and later and keep this feature enabled to handle unreachable authoritative servers. Note that
enabling this feature requires a DNS service restart, which will clear the current cache. Therefore, if
you enable this when you are trying to mitigate an ongoing attack on an authoritative server that is
outside of your control, it will clear the DNS cache, which will magnify the issues that your system is
experiencing.
• During a scheduled full upgrade to NIOS 8.1.0 and later versions, you can use only IPv4 addresses for
NXDOMAIN redirection. You cannot use IPv6 addresses for NXDOMAIN redirection while the upgrade is in
progress.
• If you set up your Grid to use Infoblox Threat Insight but have not enabled automatic updates for
Threat Analytics module sets, you must manually upload the latest module set to your Grid or enable
automatic updates before upgrading. Otherwise, your upgrade will fail.
• If you are upgrading from 7.3.200 or 7.3.201 to NIOS 8.0.x or later and have reporting clustering
configured, you must download and upgrade to IBRA 1.2.0 (for the Splunk app) after the NIOS upgrade.
• There are special restrictions for configuration changes when upgrading to NIOS 8.0.0 and later
releases. For detailed information about the restrictions, see the “Upgrading NIOS” section at
https://docs.infoblox.com/
BEFORE YOU INSTALL
Infoblox supports the following upgrade paths:

• 8.5.0
• 8.4.7 and earlier 8.4.x releases
Even though Infoblox supports the upgrade paths mentioned above, Infoblox has tested and validated only
the following upgrade paths for NIOS 8.5.1. Infoblox recommends that you upgrade to NIOS 8.5.1 from
these tested and validated releases:
8.5.0, 8.4.7, 8.3.7, 8.2.9, 8.1.8, and 8.0.11
If you must upgrade from other NIOS releases, you must first upgrade to the validated paths before upgrading
to NIOS 8.5.1. For example, if you want to upgrade from 8.1.x to 8.5.1, you must first upgrade to 8.1.8, and
then upgrade to 8.5.1.
To ensure that new features and enhancements operate properly and smoothly, Infoblox recommends that you
evaluate the capacity on your Grid and review the upgrade guidelines before you upgrade from a previous NIOS
release.
Infoblox recommends that administrators planning to perform an upgrade from a previous release create and
archive a backup of the Infoblox appliance configuration and data before upgrading. You can run an upgrade
test before performing the actual upgrade. Infoblox recommends that you run the upgrade test, so you can
resolve any potential data migration issues before the upgrade.
Technical Support
Infoblox technical support contact information:
Telephone: 1-888-463-6259 (toll-free, U.S. and Canada); +1-408-625-4200, ext. 1
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
Email: support@infoblox.com
Web: https://support.infoblox.com
GUI Requirements
Grid Manager supports the following operating systems and browsers. You must install and enable Javascript for
Grid Manager to function properly. Grid Manager supports only SSL version 3 and TLS version 1 connections.
Infoblox recommends that you use a computer that has a 2 GHz CPU and at least 1 GB of RAM.
Infoblox has tested and validated the following browsers for Grid Manager:
OS Browser
Microsoft Windows 10® Microsoft Internet Explorer® 11.x*, Internet Explorer 10.x
Microsoft Edge 10 and later
Microsoft Windows 8® Google Chrome 61.0 and later
Microsoft Windows 7® Mozilla Firefox 59.x
Red Hat® Enterprise Linux® 7.4 Google Chrome 61.0 and later
Red Hat® Enterprise Linux® 7.3 Mozilla Firefox 59.x
Apple® Mac OS Safari 9, Safari 10, Safari 11
When viewing Grid Manager, set the screen resolution of your monitor as follows:
Minimum resolution: 1280 x 768
Recommended resolution: 1280 x 1024 or better
Training
Training information is available at https://training.infoblox.com
ADDRESSED VULNERABILITIES
This section lists security vulnerabilities that were addressed in the past 12 months. For vulnerabilities that are
not listed in this section, refer to Infoblox KB #2899. For additional information about these vulnerabilities,
including their severities, please refer to the National Vulnerability Database (NVD) at http://nvd.nist.gov/.
The Infoblox Support website at https://support.infoblox.com also provides more information, including
vulnerabilities that do not affect Infoblox appliances.
CVE-2019-11477
The TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when
handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of
service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11.
CVE-2019-6477
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The
update to this functionality introduced by CVE-2018-5743 changed how BIND calculates the number of
concurrent TCP clients from counting the outstanding TCP queries to counting the TCP client connections. On a
server with TCP-pipelining capability, it is possible for one TCP client to send a large number of DNS requests
over a single connection. Each outstanding query is handled internally as an independent client request, thus
bypassing the new TCP clients limit.
When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing
these multiple resources can cause it to become unresponsive, even for queries that can be answered
authoritatively or from the cache. (This is most likely to be perceived as an intermittent server problem).
CVE-2019-6471
A rare condition leading to denial of service was found in the way BIND handled certain malformed packets. A
remote attacker who could cause the BIND resolver to perform queries on a server could cause the DNS service
to exit.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
CVE-2019-6469
An error in the EDNS Client Subnet (ECS) feature for recursive resolvers could cause BIND to exit with an
assertion failure when processing a response that contained malformed RRSIGs.
CVE-2018-10239
A vulnerability in the “support access” password generation algorithm on NIOS could allow a locally
authenticated administrator to temporarily gain additional privileges on an affected device and perform
actions within the super user scope. A locally authenticated administrative user may be able to exploit this
vulnerability if the “support access” feature is enabled. This is because the administrator knows the support
access code for the current session and the algorithm to generate the support access password from the
support access code. “Support access” is disabled by default. When enabled, the access is automatically
disabled (and support access code will expire) after 24 hours.
CVE-2018-5743
The named DNS service fails to properly enforce limits on the number of simultaneous TCP connections.
CVE-2018-0732
During a key agreement in a TLS handshake using a DH(E) based ciphersuite, a malicious server can send a very
large prime value to the client. This will cause the client to spend an unreasonably long period of time
generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a
Denial Of Service attack.
CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid
authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c,
auth2-hostbased.c, and auth2-pubkey.c.
CVE-2018-5732
A specially constructed response from a malicious server could cause a buffer overflow in the DHCP client.
CVE-2018-5733
A malicious client that was allowed to send very large amounts of traffic (billions of packets) to a DHCP server
could eventually overflow a 32-bit reference counter, potentially causing the DHCP daemon to crash.
CVE-2018-5391
The Linux kernel versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified
packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending
specially crafted IP fragments. This vulnerability became exploitable in the Linux kernel with the increase of
the IP fragment reassembly queue size.
CVE-2018-5390
A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A
remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue()
and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which
could lead to a CPU saturation and hence a denial of service on the system.
CVE-2018-0739
Constructed ASN.1 type with a recursive definition (such as can be found in PKCS7) could eventually exceed the
stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are
no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.
CVE-2018-0733
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only
comparing the least significant bit of each byte. This allows an attacker to forge messages that would be
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the
scheme.
CVE-2018-8781
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and
including 4.15 had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to
obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-
bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered
just feasible, because most of the work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be significant. However, for an attack on
TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX
extensions like Intel Haswell (4th generation).
CVE-2017-3737
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a
fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately
fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions
(SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if
SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be
returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the
same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from
the SSL/TLS record layer.
CVE-2017-3735
If an X.509 certificate had a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer
overread, resulting in an erroneous display of the certificate in text format.
CVE-2016-10229
udp.c in the Linux kernel before 4.5 allowed remote attackers to execute arbitrary code via UDP traffic
that triggered an unsafe second checksum calculation during execution of a recv system call with the
MSG_PEEK flag.
CVE-2017-3143
An attacker who was able to send and receive messages to an authoritative DNS server and who had knowledge
of a valid TSIG key name for the zone and service being targeted might be able to manipulate NIOS into
accepting a dynamic update.
CVE-2017-3142
An attacker who was able to send and receive messages to an authoritative DNS server might be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed request packet.
CVE-2017-3140
RPZ policy handling could affect servers using RPZ policies that included NSIP or NSDNAME triggers, resulting in
additional recursions that consumed DNS resources indefinitely and caused performance issues or DNS outage.
Vulnerabilities for NTPD

Upgraded NTPD to ntp-4.2.8p10 to address the following medium to low severity vulnerabilities:
CVE-2017-6464, CVE02017-6463, CVE-2017-6462, CVE-2017-6460, CVE-2017-6459, CVE-2017-6458,
CVE-2017-6455, CVE-2017-6452, CVE-2017-6451, CVE-2016-9042, CVE-2016-7434.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
CVE-2017-3137
Processing a response containing CNAME or DNAME records in an unusual order could cause a DNS resolver to
terminate.
CVE-2017-3136
Using DNS64 with 'break-dnssec yes' could cause the DNS service to exit with an assertion failure.
CVE-2017-3135
Under some conditions when using both DNS64 and RPZ to rewrite query responses, the querying process could
resume in an inconsistent state, resulting in either an INSIST assertion failure or an attempt to read through a
NULL pointer.
CVE-2016-10126
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before
6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allowed remote attackers to conduct HTTP request injection
attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-
128840.
CVE-2016-9444
An unusually-formed answer containing a DS resource record could trigger an assertion failure and cause the
DNS service to stop, resulting in a denial of service to clients.
CVE-2016-9147
An error handling a query response containing inconsistent DNSSEC information could trigger an assertion
failure and cause the DNS service to stop, resulting in a denial of service to clients.
CVE-2016-9131
A malformed response to an ANY query can trigger an assertion failure during recursion and cause the DNS
service to stop, resulting in a denial of service to clients.
CVE-2016-8864
While processing a recursive response that contained a DNAME record in the answer section, “named” could
stop execution after encountering an assertion error in resolver.c.
CVE-2016-6306
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause
a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVE-2016-6304
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a,
allowed remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request
extensions.
CVE-2016-5696
The net/ipv4/tcp_input.c in the Linux kernel before 4.7 did not properly determine the rate of challenge ACK
segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window
attack.
CVE-2016-1285
A defect in the control channel input handling could cause the DNS service to fail due to an assertion failure in
sexpr.c or alist.c when a malformed packet was sent to the control channel.
CVE-2016-1286
An attacker who controlled a server to make a deliberately chosen query to generate a response that contained
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
RRSIGs for DNAME records could cause the DNS service to fail due to an assertion failure in resolver .c or db.c,
resulting in a denial of service to clients.
CVE-2015-8705
In some versions of BIND, an error could occur when data that had been received in a resource record was
formatted to text during debug logging. Depending on the BIND version in which this occurred, the error could
cause either a REQUIRE assertion failure in buffer.c or an unpredictable crash (e.g. segmentation fault or other
termination). This issue could affect both authoritative and recursive servers if they were performing debug
logging. Note that NIOS 7.1.0 through 7.1.8 and NIOS 7.2.0 through 7.2.4 were affected by this vulnerability.
CVE-2015-8704
A DNS server could exit due to an INSIST failure in apl_42.c when performing certain string formatting
operations. Examples included, but might not be limited to, the following:
▪ Slaves using text-format db files could be vulnerable if receiving a malformed record in a zone transfer
from their masters.
▪ Masters using text-format db files could be vulnerable if they accepted a malformed record in a DDNS
update message.
▪ Recursive resolvers were potentially vulnerable when logging, if they were fed a deliberately
malformed record by a malicious server.
▪ A server which had cached a specially constructed record could encounter this condition while
performing 'rndc dumpdb'.
CVE-2015-8605
A badly formed packet with an invalid IPv4 UDP length field could cause a DHCP server, client, or relay
program to terminate abnormally, causing a denial of service.
CVE-2015-8000
If responses from upstream servers contained an invalid class parameter for certain record types, DNS service
might terminate with an assertion failure.
CVE-2015-7547
The glibc DNS client side resolver was vulnerable to a stack-based buffer overflow when the getaddrinfo()
library function was used. Software using this function might be exploited with attacker-controlled domain
names, attacker-controlled DNS servers, or through a man-in-the-middle attack.
CVE-2015-6564
Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the
pre-authentication process for remote code execution
CVE-2015-6563
Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise
the pre-authentication process for remote code execution and who had valid credentials on the host could
impersonate other users.
CVE-2015-5986
An incorrect boundary check could cause DNS service to terminate due to a REQUIRE assertion failure. An
attacker could deliberately exploit this by providing a maliciously constructed DNS response to a query.
CVE-2015-5722
Parsing a malformed DNSSEC key could cause a validating resolver to exit due to a failed assertion. A remote
attacker could deliberately trigger this condition by using a query that required a response from a zone
containing a deliberately malformed key.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
CVE-2015-5477
A remotely exploitable denial-of-service vulnerability that exists in all versions of BIND 9 currently supported.
It was introduced in the changes between BIND 9.0.0 and BIND 9.0.1.
CVE-2015-6364 and CVE-2015-5366

A flaw was found in the way the Linux kernel networking implementation handled UDP packets with incorrect
checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel,
resulting in a denial of service on the system, or causing a denial of service in applications using the edge
triggered epoll functionality.
CVE-2015-1789
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1
before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (out-of-bounds
read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against
a server that supported client authentication with a custom verification callback.
CVE-2015-1790
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s,
1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a PKCS#7 blob that used ASN.1 encoding and lacks inner
EncryptedContent data.
CVE-2015-1792
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1
before 1.0.1n, and 1.0.2 before 1.0.2b allowed remote attackers to cause a denial of service (infinite loop) via
vectors that triggered a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for
a hash function.
CVE-2015-1781
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed
the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any
of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute
arbitrary code with the permissions of the user running the application.
CVE-2015-4620
A recursive resolver configured to perform DNSSEC validation, with a root trust anchor defined, could be
deliberately crashed by an attacker who could cause a query to be performed against a maliciously constructed
zone.
CVE-2015-0235
Addressed an internal issue in C library (GNU C Library gethostbyname*). Although it was not possible to exploit
this as a security issue in NIOS, it could cause some incorrect error conditions and messages while administering
the product.
CVE-2014-9298
An attacker could bypass source IP restrictions and send malicious control and configuration packets by
spoofing ::1 addresses because NTP's access control was based on a source IP address.
CVE-2014-8500
Failure to place limits on delegation chaining could allow an attacker to crash named or cause memory
exhaustion by causing the name server to issue unlimited queries in an attempt to follow the delegation.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
CVE-2014-8104
The OpenVPN community issued a patch to address a vulnerability in which remote authenticated users could
cause a critical denial of service on Open VPN servers through a small control channel packet.
CVE-2014-3566
SSL3 is vulnerable to man-in-the-middle-attacks. SSL3 is disabled in NIOS, and connections must use TLSv1
(which is already used by all supported browsers). Note that SSL3 is still used for transmission of reporting
data, but you can disable SSL3 on your reporting server to protect it from the vulnerability.
CVE-2014-3567
A denial of service vulnerability that is related to session tickets memory leaks.
CVE-2014-7187
Off-by-one error in the read_token_word function in parse.y in GNU BASH through v. 4.3 allowed remote
attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly an
unspecified impact through deeply nested for loops (also known as the "word_lineno" issue).
CVE-2014-7186
The redirection implementation in parse.y in GNU BASH through v. 4.3 allowed remote attackers to cause a
denial of service (out-of-bounds array access and application crash) or possibly an unspecified impact through
the "redir_stack" issue.
CVE-2014-6271, CVE-3014-6277, CVE-2014-6278, AND CVE-2014-7169

GNU Bash through v. 4.3 processed trailing strings after function definitions in the values of environment
variables, which allowed remote attackers to execute arbitrary code via a crafted environment (also known as
the "ShellShock" vulnerability)."
CVE-2014-3470
Enabling anonymous ECDH cipher suites on TLS clients could cause a denial of service.
CVE-2014-0224
A specially crafted handshake packet could force the use of weak keying material in the SSL/TLS clients,
allowing a man-in-the-middle (MITM) attack to decrypt and modify traffic between a client and a server.
CVE-2014-0221
Remote attackers could utilize DTLS hello message in an invalid DTLS handshake to cause a denial of service.
CVE-2014-0198
Enabling SSL_MODE_RELEASE_BUFFERS failed to manage buffer pointer during certain recursive calls that
could cause a denial of service.
CVE-2014-0195
Remote attackers could trigger buffer overrun attack through invalid DTLS fragments to an OpenSSL DTLS
client or server, resulting in a denial of service.
CVE-2014-0591
A crafted query against an NSEC3-signed zone could cause the named process to terminate.
RESOLVED ISSUES
The following issues were reported in previous NIOS releases and resolved in this release. The resolved issues
are listed by severity. For descriptions of the severity levels, refer to Severity Levels.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
Fixed in NIOS 8.5.1
ID Severity Summary
NIOS-73535 Critical Under a rare circumstance, the system swap usage exceeded the critical
threshold value.
NIOS-73445 Critical Unable to log on to SSH using TACACS+ after a NIOS upgrade.
NIOS-73400 Critical After a NIOS upgrade, the reporting license limits dropped from 5 GB to 500 MB.
NIOS-73118 Critical Under a rare circumstance, DNS members dropped queries and generated slower
responses.
NIOS-73010 Critical After a NIOS upgrade, there was an increase in memory utilization, and in turn
swap usage, on some Grid members.
NIOS-72523 Critical Under a rare circumstance, single-site reporting cluster backup failed.
ID Severity Summary
NIOS-74042 Major After a NIOS upgrade, the status of DNS forwarding proxy on an HA node was
inactive.
NIOS-74039 Major Unable to add NIOS Grid members to the Cloud Services Portal after a NIOS
upgrade.
NIOS-73943 Major Under certain circumstances, performing a global search did not return results
for NIOS on Microsoft Azure but returned results for NIOS on VMware.
NIOS-73900 Major Under certain circumstances, a new nameserver could not be added to a zone.
NIOS-73890 Major The NIOS documentation did not state that existing extensible attributes are
automatically enrolled for cloud usage when cloud licensed are installed.
NIOS-73862 Major A vDiscovery job with a non-breaking space character could be created.
NIOS-73800 Major The Discovery Status table displayed an incorrect controller type in the Type
column.
NIOS-73794 Major Fastpath and virtual DNS Cache Acceleration were not started; however, their
status was displayed as green in the DNS Cache Acceleration tab.
NIOS-73730 Major Supported GCP parameters for the The DNS name will be computed from the
formula field were not documented in the NIOS documentation.
NIOS-73705 Major The NIOS documentation erroneously mentioned that when DNS forwarding
proxy is enabled on a NIOS member, queries are forwarded to BloxOne DDI
instead of BloxOne Threat Defense.
NIOS-73670 Major After a NIOS upgrade, the SSO Login button was hidden in the NIOS login page.
NIOS-73664 Major The ufclient log file had to be updated to establish a connection through a proxy
server.
NIOS-73653 Major Unable to use WAPI to update or get a network template that has an extensible
attribute with no value.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-73645 Major Grid Manager displayed different versions of the module set for module sets
downloaded manually versus those downloaded automatically.
NIOS-73612 Major After a NIOS upgrade, disk usage from both the active and passive nodes of an
HA pair reached almost 100%.
NIOS-73545 Major Unable to view records in the Data Management > DNS > Members > Records
tab.
NIOS-73541 Major Configuration changes were not synchronized with the Network Insight
consolidator (type, time, and interfaces).
NIOS-73540 Major The SDN API refresh did not take into account the difference between the local
time and the Cisco ACI controller clock.
NIOS-73531 Major The threat analytics service kept restarting continuously.
NIOS-73515 Major Both physical and virtual IP addresses were not getting synchronized with NIOS.
NIOS-73501 Major A Microsoft Azure vDiscovery job failed for all subscriptions when a valid but
inactive free trial subscription was found during vDiscovery.
NIOS-73499, Major The threat protection service was in a failed status for several second and then
NIOS-73478 restarted unexpectedly.
NIOS-73465, Major During a Grid replication, the SOA serial number was different between the
NIOS-73231 primary and secondary Grid members.
NIOS-73464 Major Testing a domain against the EDNS Compliance Tester displayed a timeout error
message.
NIOS-73462 Major End host device information was missing on the IPAM tab for networks that were
not included in discovery but for which the VRFs were mapped with network
views.
NIOS-73397 Major The Attached Device Port Name and Device Port Name fields on the IPAM tab
contained different values.
NIOS-73318 Major The NIOS 8.3.0 EA upgrade path and the CAA record upgrade restriction needed
to be removed.
NIOS-73281 Major The Last Queried column on the Records tab did not display Not Monitored for
shared records.
NIOS-73266, Major Both, latency and traffic increased on LAN1 and LAN2 interfaces after a hotfix
NIOS-73151 installation.
NIOS-73260 Major The End Hosts Present field displayed an incorrect interface name.
NIOS-73246 Major The NIOS documentation did not contain a note that L2 packets were dropped
on the bond0 passive interface if port redundancy was enabled.
NIOS-73234 Major A KSK rollover caused issues with LBDN records.
NIOS-73215 Major The set interface_mtu command did not work when port redundancy was
enabled.
NIOS-73173 Major PTR records were not getting resolved after being converted to host records.
NIOS-73168 Major The reporting data restore operation was being triggered inadvertently resulting
in loss of reporting data.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-73137 Major Unable to create a TLSA record in an unsigned zone.
NIOS-73108 Major MTU size needed to be added for OpenVPN tunnels between consolidators and
probes.
NIOS-73068 Major WAPI calls performed against a cloud member failed.
NIOS-73022 Major The set reset_rabbitmq CLI command needed to be modified.
NIOS-72972 Major Under certain circumstances, the system swap space usage exceeded the critical
threshold value.
NIOS-72967 Major Under certain circumstances, CPU usage was high on a passive HA node.
NIOS-72955 Major The computation of the database cache size needed to be based on a formula.
NIOS-72945 Major Non-superusers were unable to view data using the global smart folders search
but could view the same data on the Data Management > Devices tab.
NIOS-72926 Major Perl modules had to be upgraded to download third-party data using the HTTPS
protocol.
NIOS-72839 Major Notification emails to inactive users were not sent as per schedule.
NIOS-72783 Major After a NIOS upgrade, if you tried to edit the properties of a Grid member, the
"Must be a fully qualified domain name" message was displayed next to the Host
Name field.
NIOS-72627 Major Bookmarks and customization of columns were lost for users using SAML
authentication who logged out and logged in back again.
NIOS-72616 Major DNS latency occurred in upstream communication when a single forwarder
failed.
NIOS-72615 Major Certain CLI commands were vulnerable to SSH implementation security.
NIOS-72562 Major DNS message compression did not take place after a NIOS upgrade.
NIOS-72520 Major An error message was displayed when users belong with roles with limited
permissions tried to edit DNS zones.
NIOS-72447 Major The set snmptrap command used 0 as the value of the
msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime
variables and this caused the trap receiver to drop traps.
NIOS-71004 Major A service restart took a long time to complete in certain Grid members.
NIOS-70653 Major Unable to update or get a network template using WAPI when assigned an
extensible attribute with no value.
NIOS-70588 Major Core files were generated and subsequent HA failovers occurred after viewing a
DHCP range.
NIOS-72447 Major The set snmptrap command used 0 as the value of the
msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime
variables and this caused the trap receiver to drop traps.
NIOS-71385 Major Unable to set time-based retention policy for the ib_security_summary summary
index.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-71199 Major The IP map did not display the DHCP exclusion range.
NIOS-71169 Major A SAML authentication login redirected the host name to the IP address thus
breaking the SSL certificate.
NIOS-71029 Major Grid Manager was unable to download the third-party category information
data.
NIOS-70558 Major Secondary name servers that were made primary did not have the new SOA
record.
NIOS-70149 Major Unable to use PuTTY to SSH into NIOS after disabling cipher suites.
NIOS-70047 Major Under certain circumstances, CPU usage was high on an HA passive node.
NIOS-69878 Major Automatically updating resource records according to conversion rules did not
work correctly if several associated objects existed.
NIOS-68195 Major The MAC address of the client system was displayed as the MAC address of VIP in
the security report.
NIOS-63430 Major NIOS was susceptible to certain vulnerabilities that did not have a CVE number.
ID Severity Summary
NIOS-74413 Minor The NIOS Release Notes did not state that the Infoblox Docker bridge uses the
172.17.0.0/16 network by default and if this network is being used, to change
the Docker bridge network.
NIOS-73817 Minor The NIOS documentation incorrectly stated that a NetBIOS discovery returned
the MAC address and the operating system.
NIOS-73682 Minor After a NIOS upgrade, one of the Grid members displayed an error on the DNS
Cache Acceleration tab.
NIOS-73494 Minor End host information was not displayed on the IPAM tab.
NIOS-73428 Minor The Microsoft Azure vDiscovery configuration steps were not documented
correctly.
NIOS-73425 Minor The NIOS Release Notes did not document CVE-2019-11477 as an addressed
vulnerability.
NIOS-73329 Minor The show date command did not display the correct time zone for Indiana
(East) Time Zone even though this time zone was set in Grid Manager.
NIOS-73317 Minor On the IPAM tab, Network Insight displayed a VLAN configured against an
interface even though no such VLAN was configured.
NIOS-72885 Minor Stopping and restarting the DNS service increased the zone serial number.
NIOS-72834 Minor The set snmptrap CLI command did not work if ibTrapDesc contained special
characters such as a single quote (').
NIOS-72704 Minor When Advanced DNS Protection was not running, a vulnerability was detected on
port 8089.
NIOS-72276 Minor A disabled network was not greyed out on the Members tab.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-72274 Minor After every successful Grid Manager login, an HTTP 500 server error was
displayed in the response log.
NIOS-72273 Minor The color scheme for the DHCP range on the IP map did not match with the
color scheme in the legend.
NIOS-72177 Minor The PDF file of the reporting help was not formatted correctly.
NIOS-72172 Minor The count of the number of events on the reporting dashboard was not displayed
correctly.
NIOS-71362 Minor Sending the enable command at the device level was possible.
NIOS-71171 Minor NIOS always returned 0 as the value of ibSystemMonitorSwapUsage.
NIOS-70691 Minor An RPZ configured to block data did not work when DNS64 was enabled.
NIOS-67066 Minor Unable to create a TLSA record correctly.
Fixed in NIOS 8.5.0
ID Severity Summary
NIOS-73150 Critical The DNS service did not start after a NIOS upgrade.
NIOS-73127 Critical Under a rare circumstance, RPZs were not refreshed after a zone transfer and
alerts were generated.
NIOS-73091, Critical When events occurred, responses were delayed.
NIOS-73044
NIOS-73002 Critical DNS query responses for EDNS-enable queries were dropped when DNS Cache
Acceleration was enabled.
NIOS-72810 Critical The Infoblox Installation Guide vNIOS for VMware did not contain information
about installing temporary licenses while deploying Trinzic virtual appliances.
NIOS-72797 Critical After a NIOS upgrade, the named.conf file contained syntax errors.
NIOS-72789 Critical Splunk instances failed to recognize timestamps that start from January 1, 2020.
NIOS-72553 Critical DNS views were erroneously populated in the DNS member configuration even
though recursion was disabled and the DNS member was not authoritative for
any zones within those views.
NIOS-72441 Critical Restoring accidentally deleted objects from the Recycle Bin took a very long
time.
NIOS-72396 Critical The subscriber ID needed to be unescaped before adding it to the proxy API.
NIOS-72388 Critical Fatal error messages were displayed in the log files in a vNIOS KVM-based
OpenStack Newton deployment and numerous core files were generated.
NIOS-71567 Critical Under certain circumstances, Grid Master's disk space usage had reached up to
82%.
NIOS-71216 Critical RPZ local zones were not transferred to Grid members that joined the Grid with
the IPv6 only MGMT port.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-71069 Critical NIOS encountered a high swap issue after setting the server for consolidated
health monitor settings.
NIOS-70956 Critical The Grid Manager LAN1 interface failed during a NIOS upgrade.
NIOS-70917 Critical Unable to start threat protection service because it was greyed out.
NIOS-70903, Critical Statistics for the DNS Effective Peak Usage Trend for Flex Grid License report
NIOS-70764 were incorrect and the QPS did not represent the actual value.
NIOS-70786, Critical Devices at two sites went down and a restart did not recover the systems.
NIOS-70738
NIOS-70770 Critical Unable to upload the NIOS image file on the Upgrade tab of Grid Manager.
NIOS-70762 Critical A NIOS test upgrade failed and the “upgrade cannot proceed since
/mnt/usr/conf/dhcp_fingerprints.conf not found” error message was displayed
in the syslog file.
NIOS-70698 Critical An IPv6 loopback address that was not assigned to an area in OSPFv3 caused it
to be displayed as LSA type 5 in the neighboring router instead of LSA type 1.
NIOS-70657 Critical Under certain circumstances, the name server configuration was removed for
AWS zones.
NIOS-70654 Critical Editing workflows in the BloxTools environment caused an internal error
message to be displayed.
NIOS-70650 Critical The Identity Mapping feature did not work correctly even after a hotfix was
applied.
NIOS-70577 Critical The join WAPI function did not work on IB-FLEX appliances.
NIOS-70573 Critical On an HDD failure, SSD was reformatted.
NIOS-70547 Critical A NIOS upgrade test failed and the “Test status DB Import Fail” error message
was displayed.
NIOS-70484 Critical During a failover in an HA cluster, the virtual IP address became unavailable.
NIOS-70336 Critical Editing fields in the SAML Authentication Service dialog box did not work.
NIOS-70331 Critical DNS Forwarding Proxy on NIOS did not work as Docker containers failed to start.
NIOS-70324 Critical Restarting DNS services on Grid members took 20 minutes or longer.
NIOS-70234 Critical A local RPZ zone with 150 records was slow to open.
NIOS-70222 Critical During a NIOS upgrade, the “Member is not connected” error message was
displayed even though there were no offline members.
NIOS-70008 Critical A Grid member that was evicted after the vNIOS license expired was not able to
rejoin the Grid until you restarted Grid Master.
NIOS-69995 Critical Under certain circumstances, NIOS upgrade on IB-4010 systems failed.
NIOS-69887 Critical The DCHP service crashed soon after it started, went into a restart loop, and
generated core files.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-69883 Critical Reporting of Subscriber Services categories for DNS resolutions by CNAME was
incorrect.
NIOS-69755 Critical PTR records were removed from Microsoft DNS as a result of changes to TTL
values.
NIOS-69742 Critical Modifying the configuration of a Grid member took longer than 10 minutes.
NIOS-69711 Critical The OCSP two-factor authentication could easily be bypassed.
NIOS-69676 Critical Modifying extensible attributes caused Grid members to go offline.
NIOS-69668 Critical Custom extensible attributes in Cisco ISE and NIOS did not synchronize.
NIOS-69650 Critical Many RPZ refresh failure error messages were generated in the log files after
cleaning up some invalid records.
NIOS-69606 Critical Some SNMP trap CLI commands did not work as expected.
NIOS-69250 Critical DDNS updates made using the GSS-TSIG authentication did not work Apple Mac
clients.
NIOS-69052 Critical The system swap space usage exceeded the critical threshold value on the Grid
Master Candidate.
NIOS-68305 Critical Under certain circumstances, the DNS latency was too high and caused service
disruption.
NIOS-68297 Critical Under certain circumstances, the Test SNMP button did not send an SNMP trap.
NIOS-67997 Critical Under certain circumstances, Grid Master restarted every 10 minutes.
NIOS-67742 Critical Under certain circumstances, some Grid members were dropped from the Grid
after a NIOS upgrade.
NIOS-67562 Critical A bloxTools member reported high memory utilization after a NIOS upgrade.
NIOS-67488 Critical During a NIOS upgrade, an error message was displayed on the Grid Master
Candidate stating that the passive node had to be upgraded even though the
passive node upgrade was complete.
NIOS-67412 Critical High CPU utilization caused by an intermittent DNS resolution problem.
NIOS-67150 Critical Converting a Grid Master and a Grid Master Candidate to IPv6 displayed an error
message.
NIOS-66179 Critical Active Directory automatically created underscore zones did not inherit DNZ
scavenging last queried time configurations in the named.conf file.
NIOS-65869 Critical Under certain circumstances, a high replication queue caused a DNS outage.
NIOS-65678 Critical Some of the Grid members in a Grid went down, came up again, and tried to
rejoin the Grid leading to a high replication queue.
NIOS-64851 Critical On vNIOS for OpenStack, LAN2 was unavailable when LAN1 was allowed to
obtain an IP address from the DHCP server.
NIOS-62679 Critical The CVE-2016-10126 vulnerability was fixed.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
ID Severity Summary
NIOS-73272 Major Network Insight did not populate IPAM information across network views.
NIOS-73103 Major DNS queries and ICMP requests were unresponsive when port redundancy was
enabled.
NIOS-72864 Major SAML authenticated users were unable to access or edit objects on the DHCP >
IPv4 Filters tab and the DHCP > Option Spaces tab.
NIOS-72808 Major DHCP fingerprinting scanned devices that were excluded from discovery.
NIOS-72746 Major Unable to collect management and virtual IP addresses.
NIOS-72729 Major After a NIOS upgrade, some domains were resolved with an increase in latency.
NIOS-72723 Major Unable to add an external secondary name server to a name server group and an
error message was displayed.
NIOS-72720 Major Unable to collect IP address data from VRF using SNMP.
NIOS-72718 Major An offline IP address that was previously connected to a leaf network was still
being discovered.
NIOS-72698 Major DNS Traffic Control health check failed because multiple search heads
responded to a TCP port.
NIOS-72696, Major Running certain commands enabled NIOS administrators to gain root access.
NIOS-72614
NIOS-72695 Major The NIOS documentation did not contain enough information about the Retry Up
Count field.
NIOS-72693 Major The MAC Address filter type is ignored after a DHCP fingerprint filter type is
added to the same DHCP range.
NIOS-72688 Major A hardcoded password was found in the libibone_authenticate.so library.
NIOS-72686 Major Under certain circumstances, making changes in Grid Manager displayed an error
message.
NIOS-72657 Major NIOS did not have a mechanism to check for deprecated VMXNET virtual network
adapters.
NIOS-72637 Major Running the show rpz_recursive_only command caused the serial console
to crash.
NIOS-72634 Major Under certain circumstances, Grid Master failed to join the Multi-Grid Master.
NIOS-72534 Major Non-superusers were unable to create a smart folder with the Type Equals
Device filter.
NIOS-72513 Major Perl modules had to be upgraded to download third-party data.
NIOS-72483 Major NIOS changed the load balance split of the Microsoft failover association thus
causing synchronization issues.
NIOS-72473 Major An LBDN object was resolving with an offline DTC server.
NIOS-72415 Major The set hotfix CLI command allowed full root access to the NIOS system.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-72403 Major Under certain circumstances, running the set certificate_auth_services

CLI command caused memory corruption.
NIOS-72402 Major Under certain circumstances, running the set admin_group_acl CLI
command caused memory corruption.
NIOS-72384 Major DNS resolution stopped; however, after some time the DNS service recovered by
itself.
NIOS-72369 Major Under certain circumstances, high CPU utilization was observed.
NIOS-72351 Major Multiple records were not obtained for the same IP address behind the home
gateway (CPE).
NIOS-72349 Major The CVE-2019-6477 vulnerability issue was fixed.
NIOS-72348 Major The Advisor tab displayed errors in the Last Scheduled Execution Result and
Last Run Now Result fields.
NIOS-72328 Major Unable to discover VMs in an Azure vDiscovery environment.
NIOS-72321 Major vDiscovery failed on a VMware endpoint.
NIOS-72315 Major Console login was denied to groups that contained a named ACL.
NIOS-72282 Major Grid Manager displayed the status incorrectly as Running even when DNS
Forwarding Proxy did not work.
NIOS-72280 Major If you disabled synchronization for a Microsoft managed server, it was not
grayed out in Grid Manager.
NIOS-72278 Major CSV export failed and an error message was displayed.
NIOS-72277 Major Disabled zones were not grayed out in Grid Manager.
NIOS-72271 Major The NOERR and NODATA response types did not work with subnet rules.
NIOS-71665 Major Subscriber services was logging a report of all guests irrespective of whether
their CPE had the opt-in policy or not.
NIOS-71660 Major Assigning proxy addresses to a subscriber policy included multiple sets of IP
addresses.
NIOS-71659 Major Multiple core files that were generated caused one of the Grid members to
hang.
NIOS-71616 Major Under certain circumstances, a test NIOS upgrade failed and displayed error
messages in the log files.
NIOS-71613 Major The system swap space usage exceeded the critical threshold and increased
constantly on PT-2205 systems.
NIOS-71597 Major When a non-superuser tried to access a global smart folder, an error message
was displayed.
NIOS-71497 Major Under certain circumstances, vDiscovery did not run on Google Cloud Platform.
NIOS-71479 Major Adding entries to an ACL (Access Control List) caused a DNS outage.
NIOS-71477 Major The DHCPv6 service failed to restart.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-71474 Major Legitimate domains were automatically added to blacklisted RPZs.
NIOS-71454 Major Delegated name servers via Microsoft synchronization were being deleted.
NIOS-71398 Major Wildcard A records with a second label were prevented from being created by
the default host name policy.
NIOS-71395, Major Running Discover Now on the networks or IP addresses caused the status to be in
NIOS-71009 a pending state.
NIOS-71375 Major The “Primary drive is full” warning message was displayed for a consolidator.
NIOS-71356 Major Enabling a threat protection ruleset displayed an error message during a zone
transfer.
NIOS-71330 Major The Threat Analytics log files filled up 100% of the disk space.
NIOS-71298 Major Software ADP dropped external notification messages.
NIOS-71277 Major The VRRP priority was always 1 in the traffic capture file after a NIOS upgrade.
NIOS-71263 Major The Member Selector dialog box took a very long time to load.
NIOS-71251 Major Accessing the DNS tabs in Grid Manager displayed an error message.
NIOS-71217 Major DTC load balancing did not work as expected with DNSSEC.
NIOS-71209 Major An ND appliance encountered high CPU utilization.
NIOS-71208 Major The RouteLimit variable had to be added to the CLI route collection.
NIOS-71197 Major Upgrading NIOS caused excessive messages to be logged in the syslog file.
NIOS-71192, Major When DNS Cache Acceleration was enabled on a DNS server, the infoblox-
NIOS-71184 dtc-enable yes line was removed from the DNS configuration and the status
of the hosts in the pool were displayed as Unlicensed in the DTC LBDN
Visualization window.
NIOS-71191 Major A disabled zone caused a DNS outage.
NIOS-71174 Major The NIOS 8.3.4 Release Notes contained internal issues in the Resolved Issues
section.
NIOS-71155, Major After a NIOS upgrade, Grid members went offline causing a DNS outage.
NIOS-71142
NIOS-71153, Major After a NIOS upgrade, the Go to IPAM View and Go to DHCP View options were
NIOS-71198 not visible in Grid Manager.
NIOS-71152 Major ARP, route and IP address data collection needed to be added in NIOS.
NIOS-71141 Major A new appliance was stuck at startup with the "Fatal error during Infoblox
startup" error message.
NIOS-71128, Major The DNS service was in a restart loop because of DTC configuration issues.
NIOS-67706
NIOS-71053, Major The NIOS documentation had to be updated with a note that regular expressions
NIOS-70614 cannot be used in a basic global search.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-71107 Major Under certain circumstances, a bunch of SNMP alerts was generated.
NIOS-71086 Major The maximum value of maximum concurrent transfers was too low and had to
be increased.
NIOS-71029 Major Category information data was unavailable for some Grid members.
NIOS-70989 Major Reporting volume usage thresholds and the associated GUI banner were
incorrect for single or multiple site clusters.
NIOS-70984 Major A DHCP service outage occurred due to multiple segmentation fault.
NIOS-70955 Major Running the show subscriber_secure_data command closed the SSH
connection to the server.
NIOS-70943 Major A memory error caused Grid Manager to reset.
NIOS-70929 Major Unable to run Discover Now on a physical probe.
NIOS-70927 Major Performing operations such as adding a record caused the Grid Manager to hang.
NIOS-70888 Major The admin status under Administration >Administrators > Admins was disabled
if you tried to modify a setting for the admin.
NIOS-70835 Major NIOS crashed during DTC health monitoring and a critical message was displayed
on the Syslog tab.
NIOS-70832 Major The DNS service stopped responding and a manual service restart had to be
performed.
NIOS-70809 Major If you selected the Enable DNSSEC validation check box and added a trust
anchor, the Responses must be secure check box was enabled by default.
NIOS-70774 Major Adding a new CA certificate broke the existing session along with the Certificate
Authentication Service.
NIOS-70765 Major Adding a new zone after a data import caused Grid Manager to slow down.
NIOS-70729 Major Health checks did not function correctly after a NIOS upgrade.
NIOS-70726 Major Under certain circumstances, an IB-1410 member restarted unexpectedly.
NIOS-70713 Major Running the set promote_master CLI command did not display the Primary
reporting site candidates input.
NIOS-70705 Major After a NIOS upgrade, in IB-810 and IB-820 platforms, members in a Grid Master
or Grid Master Candidate role needed to be displayed in yellow in Grid Manager.
NIOS-70671 Major The reporting license usage exceeded after a NIOS upgrade.
NIOS-70635 Major Certain configured parameters for the SIP health monitor did not work during
the health monitor checks.
NIOS-70633 Major Unable to add an IP address in the Virtual TFTP Root tab.
NIOS-70619 Major During a NIOS upgrade, the internal version was displayed.
NIOS-70609 Major Using WAPI, unable to create records in a shared record group.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-70604 Major Information about restrictions on addition and deletion of DS records was
required.
NIOS-70592 Major Synchronization of delegate zones between Microsoft and NIOS did not work as
expected.
NIOS-70591 Major Unable to access the IPMI interface.
NIOS-70581 Major The NIOS documentation incorrectly mentioned the presence of a Notification
Address field.
NIOS-70579 Major The service status of Grids fluctuated between online and offline.
NIOS-70569 Major Unable to import LBDN records using CSV import.
NIOS-70557 Major Removing system generated records caused shared delegated records to also be
removed thus resulting in an outage.
NIOS-70502 Major Under certain circumstances, high disk usage was reported on the IB-1410
appliance.
NIOS-70476 Major Using a non-superuser account to edit the port interface displayed an internal
error message.
NIOS-70473 Major IB-820 appliances encountered a memory leak with high swap disk usage.
NIOS-70445 Major The NIOS documentation did not contain information about the way to
determine whether an extensible attribute is required or not.
NIOS-70441 Major Using an API query returned an error message.
NIOS-70434 Major An HA Grid member went offline after the Threat Protection monitoring mode
was disabled.
NIOS-70411 Major Certain IPAM interfaces displayed incorrect VLAN information.
NIOS-70392 Major A software distribution caused the HA passive node to randomly restart.
NIOS-70365 Major A warning message had to be added in Grid Manager if IB-820 or IB-810 were
upgraded into a Grid Master or Grid Master Candidate.
NIOS-70351 Major The “err infoblox_find_host_by_haddr” message was displayed in the syslog file.
NIOS-70346 Major If you modified the MAC address associated with a host record, the update did
not get logged in the audit log file.
NIOS-70341 Major The delete leases command did not work.
NIOS-70340 Major Unable to log on to NIOS using Citrix NetScaler.
NIOS-70328 Major The SNMP engine ID displayed different values in Grid Manager versus a WAPI
call.
NIOS-70322 Major Threat Analytics did not block tunneling traffic.
NIOS-70313 Major The Data Management > IPAM tab displayed incorrect VLAN information.
NIOS-70295 Major The hardserver.log file was large and did not get truncated or rotated.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-70278 Major When both the alias record and the host record are present in the same zone,
the zone failed to load.
NIOS-70276 Major Under certain circumstances, the Threat Analytics service kept restarting
continuously.
NIOS-70228 Major The Threat Protection log file logged a DROP error message even though the
transfer was successful.
NIOS-70138 Major Unable to find the network view using the Include Extensible Attributes Values
filter on the Smart Folders tab.
NIOS-70128 Major The OSPF protocol did not work after a NIOS upgrade.
NIOS-70116 Major AD authentication for a nested group query failed for a canonical name that
contained commas.
NIOS-70108 Major The DNS integrity check failed after signing a zone with DNSSEC.
NIOS-70091 Major Modifying an LBDN record displayed an SOA response.
NIOS-70085 Major A NIOS upgrade failed and the database reset took longer than 1.5 hours to
complete.
NIOS-70081 Major Pre-provisioned clients were hitting a non-subscriber RPZ.
NIOS-70075 Major Using WAPI, MAC address filters and MAC addresses could be added in the Grid
Master Candidate that read-only API access enabled.
NIOS-70020 Major Running the set reporting_reset_license CLI command caused the SSH
session to close.
NIOS-70000 Major Unable to edit a Grid member during SNMPv3 configuration.
NIOS-69980 Major Logic filter lists were not inherited dynamically in the DHCP range template.
NIOS-69975 Major If ARP data was collected using the CLI, then it was not collected using SNMP
after disabling CLI access.
NIOS-69966 Major The Data Connectors documentation contained incorrect information about hard
disk drives for the Data Connector VM.
NIOS-69954 Major The DNS Cache Hit Ratio widget in the dashboard displayed data for only the last
5 minutes.
NIOS-69929 Major The NIOS upgrade failed on multiple members of a Grid.
NIOS-69898 Major The Threat Analytics service kept restarting on a Grid member.
NIOS-69896 Major A Grid member was not visible in reports and neither was it visible in the
Members drop-down list on the Reporting tab.
NIOS-69891 Major DNS fault tolerant caching did not work when the Enable Recursive ECS option
was selected.
NIOS-69860 Major DNS did not start on an HA Grid member and generated a message in the IBAP
log file.
NIOS-69859 Major The zone-signing key rollover did not happen as scheduled.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-69857 Major Reporting traffic was sent over the MGMT interface irrespective of the selected
interface.
NIOS-69855 Major NIOS did not accept the BGP advertised default route for IPv6.
NIOS-69844 Major File uploads failed after two-factor authentication was enabled.
NIOS-69831 Major On the IPAM tab, the device model for certain Cisco devices did not display
correctly.
NIOS-69825 Major DHCP failover peer offered a new dynamic lease to a client that had an existing
lease in the same shared network.
NIOS-69785 Major The DNS integrity check did not account for the fact that DNS is not case-
sensitive.
NIOS-69773 Major When query monitoring was enabled to use the data in DNS scavenging, the last
queried data was modified without a DNS query towards the authoritative
servers.
NIOS-69759 Major Unable to create A record in Grid Manager.
NIOS-69734 Major Reports did not display data for all the days.
NIOS-69717 Major The NIOS documentation needed detailed information about synchronizing
Active Directory domains on a domain controller.
NIOS-69712 Major The CSV import had to be manually broken down into multiple files to avoid
errors.
NIOS-69677 Major The set snmp trap command did not include the sysUpTime variable.
NIOS-69651 Major High CPU utilization on Grid Manager caused an HA failover.
NIOS-69623 Major Amazon Route 53 synchronization groups did not synchronize to AWS and
because of this, zone data was not updated.
NIOS-69578 Major Pending changes on the View Pending Changes tab were not logged in the audit
log files.
NIOS-69532 Major Unable to download the support bundle using both Grid Manager and the CLI.
NIOS-69519 Major A newly configured LDAP authentication for remote admins failed.
NIOS-69499 Major Running the set dns transfer command displayed an error message.
NIOS-69412 Major You had to enter the OPSF authentication key each time you edited the system
properties.
NIOS-69377 Major A WAPI call that does not have extarrs added is successful even though the
Required column on the Extensible Attributes tab is set to Yes.
NIOS-69307 Major The AD authentication nested group query failed for a canonical name that
contained parenthesis.
NIOS-69306 Major The wrong certificate was displayed when connecting to the Splunk API.
NIOS-69248, Major Performance when adding a DHCP member to a network needed to be improved.
NIOS-69239
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-69236 Major The DHCP service stopped working after a failover to a passive node.
NIOS-69219 Major Non-Superuser users are not getting data when trying to access a global Smart
folder filtered with the Location extensible attribute.
NIOS-69093 Major Access to Grid Manager was lost after emptying the Recycle Bin.
NIOS-69080 Major A user not associated with any role or permission was able to view the host
record in Grid Manager as well as by using the WAPI.
NIOS-69054 Major On the Data Management > Devices tab, the list of devices did not load.
NIOS-69051 Major Unable to search for the FQDN of records using the search WAPI object.
NIOS-69022 Major Able to access blocked settings of Splunk when the reporting appliance was very
slow.
NIOS-68431 Major The start and stop performance of the DNS service from Grid Manager needed to
be improved.
NIOS-68414 Major Under certain circumstances, the DNS latency was too high and caused service
disruption.
NIOS-68294 Major The NIOS WAPI did not retrieve networks associated with an AD site that also
had a network container associated with it.
NIOS-68220 Major Under certain circumstances, high disk usage occurred on IB-VM-1410 Grid
members.
NIOS-68201 Major When creating a new range, Infoblox DHCP scope options were not replicated in
Microsoft DHCP.
NIOS-68085 Major Certain devices in Network Insight needed to be merged.
NIOS-67862 Major Environmental data and port control needed to be added in Network Insight.
NIOS-67854 Major The conflict_types field of an IP address always returned NONE irrespective of
whether there was a conflict or not.
NIOS-67707 Major The system primary hard disk usage was over the threshold value.
NIOS-67644 Major After rebooting the system, the DNS Cache Acceleration service failed and error
messages were displayed in the Infoblox.log file.
NIOS-67633 Major Under a rare circumstance, the performance of some NIOS appliances was very
slow.
NIOS-67601 Major Delay in communication occurred between the Grid Master and Grid members.
NIOS-67569 Major The primary hard disk usage of a system was over the threshold value on one of
the passive node of the Grid member.
NIOS-67494 Major Network Insight did not display the model number and serial number for certain
devices.
NIOS-67493 Major The number of routes during VRF collection had to be adjusted to the route
limit.
NIOS-67352 Major Unable to download the support bundle using both Grid Manager and the CLI.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-67280 Major Grid Master disk usage increased because of RabbitMQ files.
NIOS-67266 Major Signing a zone displayed an error message.
NIOS-67158 Major The DNS service crashed and many core files were generated.
NIOS-67067 Major Primary disk usage on the Grid Master increased.
NIOS-66960 Major Unable to access all the events in the audit log files.
NIOS-66866 Major The NIOS documentation did not contain information about the SNMP trap MIB.
NIOS-66658 Major The reporting server restarted the cluster.
NIOS-66478 Major The Grid Master disk usage was consistently increasing.
NIOS-66235 Major Newly added records were not propagated to some servers in the Grid.
NIOS-65915 Major Unable to access Grid Manager after promoting Grid Master Candidate to Grid
Master.
NIOS-65838 Major After enabling the LAN2 port on the vNIOS HA Grid Master, an error message was
displayed.
NIOS-65755 Major A NIOS appliance blocked ICMP requests and replies.
NIOS-65467 Major The Grid Master Candidate promotion failed and the Grid Master Candidate was
not set as the Grid Master after the promotion.
NIOS-65317 Major The Inactive IP Addresses report included active IP addresses.
NIOS-65279 Major An IB-1400 appliance was disconnected from Grid Master and later restarted.
NIOS-65222 Major Individual SSH ciphers that were to be disabled were not disabled.
NIOS-65197 Major Irrespective of the static routes used, SNMP traps were always sent through the
MGMT interface.
NIOS-64844 Major An autogenerated A record that was created with an IP address that belonged to
an external primary member existed in another nameserver group.
NIOS-64840 Major After upgrading BIOS on a TE-1415 appliance, it failed to start and displayed
error messages.
NIOS-64739 Major The API documentation for list_values parameters was incorrect.
NIOS-64397 Major The IB-14x5 and IB-8x5 systems failed to restart.
NIOS-63901 Major DDNS entries for newly added roaming hosts were removed from the log files.
NIOS-63790 Major A discovery member was deployed; however, the set temp_license
command returned licenses for a normal member type.
NIOS-63763 Major A synchronization failure was indicated by the 'hardware uncompatible' error
message.
NIOS-63655 Major A vulnerability assessment on the IB-4010 LOM interface yielded a number of
critical vulnerabilities with the SSL implementation.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-62203 Major After a NIOS upgrade, DNS reports did not contain data.
NIOS-61967 Major Host records in reverse zones did not resolve PTR queries.
NIOS-53575 Major Smart NIC crashed on the PT-2200 appliance.
NIOS-49787 Major A large number of multi-master DNS messages were logged in the syslog and
Infoblox.log files.
ID Severity Summary
NIOS-73038 Minor Horizontal scrolling on certain tables in Grid Manager does not work as
expected.
NIOS-72764 Minor The timestamp needed to be updated if the device was reachable using ICMP
ping.
NIOS-72748 Minor The Grid Manager banner displayed incorrect expiry days for temporary licenses.
NIOS-72692 Minor Running DiscoverNow on an inactive IPv4 address updates Grid Manager with the
last discovered timestamp.
NIOS-72648 Minor Synchronization between Grid Manager and ND devices was not successful.
NIOS-72410 Minor NIOS inserted backslashes when passing the fixed line ID for MAC address
formats.
NIOS-72376 Minor When merging ADP rulesets, Grid Manager hung and Java exceptions were
displayed in the Infoblox.log file.
NIOS-72272 Minor The threatanalytics:whitelist object was missing from the WAPI schema
output.
NIOS-72190 Minor When printing the Home Dashboard on the Reporting tab, the PDF generated
displayed the title as Home Dashboard | Splunk instead of Home Dashboard |
Infoblox.
NIOS-71480 Minor Global search did not yield results as expected.
NIOS-71478 Minor An alert trap sent the wrong severity level.
NIOS-71450 Minor The PDF link to the NIOS documentation pointed to an internal Google drive
location.
NIOS-71361 Minor Duplicate requests to the API needed to be eliminated when using the IfAddrs
API request.
NIOS-71178 Minor Apex records that were masked by LBDN did not display in strikethrough font.
NIOS-71115 Minor Devices of type NIOS and vNIOS needed to be excluded from CLI collection.
NIOS-71094 Minor The Enable DHCP option was almost hidden because of the default window size.
NIOS-71030 Minor Time zone changes related to Daylight Savings Time were incorrectly computed.
NIOS-70991 Minor The IPAM tab displayed VLAN as Multiple for networks even when the IP
addresses within the network have only one value for Discovered.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-70954 Minor High CPU utilization because certain consolidator queries were not optimized.
NIOS-70932 Minor The NIOS documentation contained incorrect information about CSV export limit
restrictions.
NIOS-70873 Minor The reporting service restarted every 30 minutes after a NIOS upgrade.
NIOS-70808 Minor Inheritance of DHCP threshold email settings at the network container level was
incorrect.
NIOS-70734 Minor The routing table index was reverted for certain devices.
NIOS-70659 Minor The Discover Now option displayed Failed for all devices and networks.
NIOS-70655 Minor The audit log entry for the set smartnic-debug command was incorrect.
NIOS-70534 Minor Deleting a record did not trigger an event for Outbound API.
NIOS-70531 Minor Tenant, bridge, and domain information was not available for networks in IPAM.
NIOS-70411 Minor Certain IPAM interfaces displayed incorrect VLAN information.
NIOS-70387 Minor The NIOS documentation did not contain information about the report
categories that are required for the DNS Effective Peak Usage Trend for Flex
Grid License dashboard.
NIOS-70368 Minor The Threat Protection Status for Member dashboard widget did not update the
Megabits Dropped value.
NIOS-70359 Minor A global search for a MAC or DNS name resulted in an error message being
displayed.
NIOS-70339 Minor The set license command accepted invalid licenses.
NIOS-70259 Minor Users with read-only access were able to modify extensible attributes.
NIOS-70202 Minor The IPAM > Network View > BGP AS column displayed both local and remote
values.
NIOS-70195 Minor The session timeout value set in the SAML Authentication Services dialog box
also sets the session timeout for the Grid.
NIOS-70179 Minor Selecting a string containing the & character from the IPAM Home > List >
Extensible Attributes > Value drop-down list displayed an error.
NIOS-70079 Minor Configuration synchronization between a Grid Manager and a Network Insight
virtual appliance failed.
NIOS-70030 Minor During a NIOS upgrade on a virtual machine, the IP address is not retained.
NIOS-69870 Minor After a NIOS upgrade, the RPZ report was missing several fields.
NIOS-69776 Minor The threshold at which smart NIC drops SNMP packets had to be lowered.
NIOS-69663 Minor The Enable GSS-TSIG authentication of clients option was available at the Grid
DNS level but took effect only when enabled at the member level.
NIOS-69397 Minor The grammatical mistake in the 'Forwarder is running but it fails to connect to
none of the indexers' message was fixed.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-69383 Minor Microsoft synchronization displays an ERROR status even though the
synchronization is successful.
NIOS-69376 Minor The Export visible data option did not export all the members during a Grid
upgrade.
NIOS-69311 Minor When creating a smart folder using the “VLAN ID – has a value” criteria, an HA
failover occurred.
NIOS-69160 Minor During a CSV import, the DHCP option 1 was added instead of DHCP option 52.
NIOS-69105 Minor In Grid Reporting Properties, the Used % column displayed 100 for the Device
category even though the device was unused.
NIOS-69102 Minor The exported PDF file of the reporting dashboard was not formatted correctly.
NIOS-68989 Minor The Send to Syslog alert action sent only the first line of the alert to the syslog
file.
NIOS-68400 Minor Under certain circumstances, devices are not being completely discovered by
Network Insight.
NIOS-68367 Minor NIOS time zones for certain locations had to be changed.
NIOS-68364 Minor Documentation about supported NIOS virtual appliances was incomplete.
NIOS-68272 Minor The DHCP fingerprint database needed to be upgraded.
NIOS-67921 Minor When creating rules in IPv4 option filters, the “An invalid value was entered”
error message was displayed.
NIOS-67559 Minor Some of the Grid members failed to upload DNS logs to the data collector VM.
NIOS-67479 Minor If LAN1 was down, the default route in the routing table was not being changed
to LAN2.
NIOS-65526 Minor Unable to update the IP address of a Grid member.
NIOS-65064 Minor Editing custom forwarders did not work.
NIOS-64958 Minor When updating the resource_type field of a permission object using the API,
although the update was successful, the reference returned as a response to the
update was incorrect.
NIOS-64810 Minor The "httpd config file generation failed" messages were displayed in the debug
log files.
NIOS-59901 Minor Unable to remove a blacklisted RPZ after removing the analytics node from the
Grid.
Severity Levels
Severity Description
Critical Core network services are significantly impacted.
Major Network services are impacted, but there is an available workaround.
Moderate Some loss of secondary services or configuration abilities.
Minor Minor functional or UI issue.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
Enhance An enhancement to the product.
KNOWN GENERAL ISSUES
ID Summary
NEPTUNESEC-31 After a Grid Master Candidate promotion, NIOS adds the deleted blacklisted domains once again
to the blacklisted RPZ zone in the new Grid Master. If you select the Configure Domain Level to
block Tunneling option, NIOS adds the new domains to the blacklisted RPZ zone based on the
top-level domain that you configured.
NIOS-73897 When running NIOS with Intel XXV710 cards on KVM, if you perform a product restart with
accelerated Advanced DNS Protection or DNS Cache Acceleration running, a kernel crash occurs.
Workaround: Terminate the NIOS instance and restart.
NIOS-73209 DNS compression does not work from NIOS 8.4.x onwards.
NIOS-73162 Deduplication does not work for Cisco APIC fabric devices previously added as regular network
devices.
NIOS-73088 After a NIOS upgrade, sometimes certain devices are displayed are duplicated on the Devices
tab.
NIOS-72977 If you add notification rules with RPZ or Software ADP event notifications, data publish fails.
NIOS-72871 In a multi-site reporting cluster, on the Reporting Clustering Status dashboard > Search Heads
tab, a reporting member from each site is displayed as an active search head in the following
scenarios:
• If you change the primary site using the Grid Reporting Properties > Clustering tab.
• If you upgrade a single-site cluster to multi-site and select the new members added to
the Grid primary site members.
Workaround: After the new configuration is completely active and the cluster master shows one
reporting member from each site as an active search head, restart the reporting service on the
secondary site.
NIOS-72791 NIOS is vulnerable to the Extended Master Secret TLS extension (TLS triple handshake).
NIOS-71369 When a Grid Master Candidate is selected as a subscribing member, then after the Grid Master
Candidate promotion, subscription still takes place through the previous Grid Master Candidate
member which is a new Grid member.
NIOS-70953 After enabling DNS Cache Acceleration, Grid Manager interfaces are not reachable on IB-FLEX
instances deployed on VMware ESXi 6.5.0 with SR-IOV enabled.
NIOS-70257 On some occasions during an upgrade or revert process, vNIOS on Azure might become non-
responsive.
Workaround: Reboot the VM to complete the upgrade or revert.
NIOS-69728 Cisco ISE extensible attributes are not configured for DHCP networks.
NIOS-61565 Object Change Tracking: In situations that involve a large database, performing a full
synchronization from the Grid Master Candidate while the previous file is still being synchronized
to the Grid Master might cause the deletion of the original synchronization file.
Workaround: Do not perform a full synchronization from the Grid Master Candidate until the file
from the previous synchronization is fully synchronized to the Grid Master.
400-0731-000 Rev. F 3/16/2021
NIOS 8.4
NIOS Release
8.5.1 Notes
Release Notes
NIOS-61562 Reporting and Analytics: The Destination Path is an optional field in a single-site cluster,
which might cause a second reporting indexer to go offline and not being upgraded.
Workaround: Ensure that you enter a value for the Destination Path field.
N/A Infoblox has upgraded the software for our user community (community.infoblox.com), which
will offer users enhanced features and a more robust experience. This new community software
however, is not compatible with our community dashboard widget. As a result, the functionality
of the Community Dashboard widget is inconsistent. The Community Dashboard widget will
subsequently be removed in the next NIOS maintenance release.
ISE-249 Cisco ISE: Unable to create a network active user if the user is configured with Cisco ISE server
using the standby server address.
400-0731-000 Rev. F 3/16/2021

NIOS 8.5.1 ReleaseNotes

Uploaded by

Copyright:

Available Formats

NIOS 8.5.1 ReleaseNotes

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NIOS 8.5.1 ReleaseNotes

Uploaded by

Copyright:

Available Formats

NIOS 8.

NEW FEATURES .................................................................................................................. 7

CHANGES TO DEFAULT BEHAVIOR ......................................................................................... 11

CHANGES TO INFOBLOX API and RESTFUL API (WAPI) ................................................................. 13

UPGRADE GUIDELINES ........................................................................................................ 15

BEFORE YOU INSTALL ........................................................................................................ 16

ADDRESSED VULNERABILITIES .............................................................................................. 17

RESOLVED ISSUES ............................................................................................................. 23

KNOWN GENERAL ISSUES .................................................................................................... 43

Please note the following:

Infoblox NIOS 8.5 is supported on the following platforms:

• Infoblox Advanced Appliances: PT-1405, PT-2205, PT-2205-10GE

NOTE: TE appliances are also known as the IB appliances.

• vNIOS for VMware on ESX/ESXi Servers

• vNIOS for KVM Hypervisor

• vNIOS for AWS (Amazon Web Services)

• vNIOS for Azure

• vNIOS for GCP

• vNIOS for Nutanix AHV

IB-V815 ** 250 2 16 1100 MHz ✓ ✓ ✓1  ✓ Yes

IB-V825 ** 250 2 16 1600 MHz ✓ ✓ ✓1 ✓ ✓ Yes

IB-V1415 ** 250 4 32 1200 MHz ✓ ✓ ✓1  ✓ Yes

IB-V1425 ** 250 4 32 1800 MHz ✓ ✓ ✓1 ✓ ✓ Yes

IB-V2215 ** 250 8 64 2100 MHz ✓ ✓ ✓1  ✓ Yes

IB-V2225 ** 250 8 64 2100 MHz ✓ ✓ ✓1 ✓ ✓ Yes

IB-V4015 ** 250 14 128 2400 MHz ✓ ✓ ✓1   Yes

IB-V4025 ** 250 14 128 2400 MHz ✓ ✓ ✓1   Yes

ND-V805 ** 500 2 32 2700 MHz ✓ ✓ ✓1   No

ND-V1405 ** 500 4 32 3600 MHz ✓ ✓ ✓1  ✓ No

ND-V2205 ** 500 8 64 2100 MHz ✓ ✓ ✓   No

ND-V4005 ** 500 14 128 2400 MHz ✓ ✓ ✓   Yes

IB-V805 ** 250 2 32 2700 MHz ✓ ✓ ✓1   No

IB-V1405 ** 250 4 32 3600 MHz ✓ ✓ ✓1   No

IB-V2205 ** 250 8 64 2100 MHz ✓ ✓ ✓1   No

IB-V4005 250 14 128 2400 MHz ✓     No

IB-V5005 User User User N/A ✓ ✓ ✓  ✓ No

CP-V805 250 2 16 2000 MHz ✓ ✓ ✓ ✓ ✓ No

CP-V1405 250 4 32 6000 MHz ✓ ✓ ✓ ✓ ✓ No

CP-V2205 250 8 64 12000 MHz ✓ ✓ ✓ ✓ ✓ No

NIOS Virtual # of Memory

This section lists new features in the 8.5.x releases.

Additional Validation on Host Names (RFE-7507)

High Performance Query Logging (RFE-7747)

Support for More Intel NICs (RFE-8677)

Configuring the edns-udp-size and max-udp-size Attributes (RFE-4795)

Configuring Root Name Server Inheritance (RFE-10347)

Capturing CSV Errors After NetMRI Synchronization (RFE-9097)

Collecting NIOS Database Performance Data (RFE-9550)

Adding TLSA Records in Unsigned Zones (RFE-10324)

Infoblox Customer Experience Improvement Program

vDCA Support on 22x5 and 40x5 Appliances (RFE-9242)

CSV Import for Subscriber Records (RFE-8672)

Scalable Installer Image on IB-FLEX (RFE-7533)

vNIOS Support on Nutanix AHV (RFE-7970)

Infoblox IPAM Driver for Terraform (RFE-7614)

Splunk Upgrade (RFE-9484)

DHCP Support for Subscriber Policy (RFE-8538)

New Dashboard Reports

Configuring LAN1/LAN2 for Automated Failover (RFE-9114)