Infoblox DNS / IPAM Adapter — Adapter Technical Specification
Infoblox DNS / IPAM Adapter — Adapter Technical Specification
Status: reserved · Class: modernization · Mission: integration · Phase: phase-planning
Canon source: canon/modernization-registry.yaml (propagated by uiao/tools/sync_canon.py).
The YAML frontmatter and this banner are regenerated from canon on every sync. Do not hand-edit. Author new material only below the ## Overview heading.
This document is a stub. Replace every _TODO — ..._ block with authored content that is consistent with UIAO canon. Canon invariants (gcc-boundary, ssot-mutation: never, etc.) must never be contradicted.
Overview
The Infoblox Adapter is an integration-class modernization adapter for DNS and IP Address Management. It consumes Infoblox WAPI data to produce canonical claims for DNS records, DHCP scopes, and IP allocations.
Key capabilities: DNS record enumeration by network view, proposed DNS change reporting (change-making surface), and KSI-anchored evidence generation. Requires on-prem-self-hosted runner with network access to the Infoblox grid master.
Implementation: uiao/src/uiao/adapters/infoblox_adapter.py. Conformance: 30/30 PASS.
Scope
Target surfaces / subsystems: dns-records, dhcp-scopes, ip-allocations, network-views
Reads: Infoblox WAPI v2.12 for DNS records (A, CNAME, etc.), network views, and zones. Emits: ClaimSet with one claim per DNS record, DriftReport for proposed changes, EvidenceObject with record count. Does NOT: modify DNS records without explicit push_dns_change() invocation, access DHCP lease data, or operate outside the configured network view.
Controls
NIST SP 800-53 Rev 5 controls this adapter supports: SC-20, SC-21, CM-8
| Control | Role | Adapter capability |
|---|---|---|
| SC-20 Secure Name/Address Resolution | Primary | DNS record enumeration provides evidence of authoritative name resolution state. |
| SC-21 Secure Name/Address Resolution (Recursive) | Supporting | Zone configuration tracking supports recursive resolution governance. |
| CM-8 Component Inventory | Supporting | DNS/IP record enumeration supports network component inventory. |
Operational profile
| Field | Value |
|---|---|
| Runtime | python-3.12 |
| Runtime pin | TBD |
| Runner class | on-prem-self-hosted |
| Tenancy | per-customer |
| Evidence class | baseline |
| Retention | 3 year(s) |
Canon invariants
gcc-boundary: gcc-moderatessot-mutation: nevercertificate-anchored: trueobject-identity-only: true
Notes from canon
Tier 4 adapter. Requires on-prem-self-hosted runner with network access to Infoblox WAPI.
References
- UIAO-CANON-003
Generated by uiao/tools/sync_canon.py. See uiao/ARCHITECTURE.md §4 for the cross-repo sync contract. See uiao-docs/_quarto.yml for rendering configuration.