Infoblox On-Prem DNS Firewall employs DNS RPZs (Response Policy Zones), a technology developed by ISC (Internet System Consortium), for allowing reputable sources to dynamically communicate domain name reputation so that you can implement policy controls for DNS lookups.
The Data Exfiltration, Malware, Command & Control, and Summary reports are not tied to your organization's custom whitelist and should not be reported as RPZ events. As such, they are reporting Threat Intelligence detections and exist independent of the DNS Firewall. If you have your DNS Threat policy set to "log, allow," these will continue to show up. To remedy this, only the Security Report should be used when interpreting DNS Firewall activity
Infoblox On-Prem DNS Firewall can be accessed from the Cloud Services Portal at https://csp.infoblox.com. Once logged in to CSP, On-Prem DNS Firewall can be found under the policies tab (Policies -> On-Prem DNS Firewall).
For information on On-Prem DNS Firewall Service, see the following:
- Configuring On-Prem DNS Firewall Service
- Infoblox Threat Intelligence Feed Deployment Guide (downloadable PDF)
- Selecting a TSIG Key Format
For information on using DNS Firewall with NIOS, see the following:
This page has no comments.