In certain DNS domain hijacking scenarios, hijackers alter the DNS data of a domain after gaining control of it. They consequently redirect users to a fraudulent site, instead of the legitimate site, on the Internet. To protect your authoritative DNS server against this type of DNS domain hijacking, you can configure the appliance to periodically monitor DNS data for top-level or parent authoritative zones. Based on your configuration, the appliance periodically checks DNS data in the NS RRsets for these zones and compares the data with that in the appliance database. It then reports data discrepancies through SNMP traps and logs related events in the syslog. You can also monitor the status of DNS data discrepancies, if any, through the DNS Integrity Check widget on the Task Dashboard. The severity in data discrepancies can help identify possible domain hijacking.
DNS integrity check is supported on all Infoblox appliances, including Advanced Appliances used primarily for Infoblox . For information about Infoblox , see About Infoblox Advanced DNS Protection. You can configure DNS integrity check for any selected authoritative zones, but you cannot configure it at the Grid, member, or DNS view level.
When you enable this feature, the appliance queries the NS RRsets and glue records for the top-level authoritative zones and compare the data with that in the appliance database. It does not query data for sub zones or delegated zones in the Grid.
To configure the appliance to check NS and glue records for a top-level or parent authoritative domain, complete the following:
From the Data Management tab, select the DNS tab -> Zones tab -> top-level authoritative zone that you want to monitor, and then click the Edit icon from the Toolbar. Note that you can configure this feature only at the zone level. You can also configure zones that have the same name in different DNS views.
Once you configure a zone for DNS integrity check, you will not be able to add a parent zone above this zone. You must disable DNS integrity check for this zone before you can add the parent zone.
When the appliance detects DNS data discrepancies between the authoritative and delegated zones, it reports the discrepancies through SNMP traps and email notifications, if configured. For more information, see Setting SNMP and Email Notifications. The appliance classifies data discrepancies by severity, as follows:
When different Grid primaries report different severity levels for the same data check, the appliance reports the most severe discrepancy level. When different Grid primaries report the same severity for the data check, the appliance reports only the first check.
You can use the following methods to monitor DNS data discrepancies for selected authoritative zones:
This page has no comments.