To avoid the possibility of DNS outage resulting from errors in the RPZ rules received from external sources by the RPZ feed or due to errors in the RPZ rules added to local RPZ, Infoblox provides an option to set the prefix length limit for RPZ-IP triggers. This enables the appliance to ignore RPZ-IP rules with prefix lengths that are less than the configured minimum prefix length, and to enforce only those RPZ-IP rules whose prefix lengths are equal to or greater than the configured minimum prefix length, thus accepting legitimate queries instead of dropping all queries. For example, if you configure 24 as the minimum IPv4 prefix length, the Grid enforces only those RPZ-IP rules with prefix length equal to or greater than 24 and the RPZ-IP rules with prefix lengths less than 24 are not enforced on queries that originate from external sources.
You can configure the prefix length limit for IPv4 and IPv6 prefixes at the Grid level and override it for a member, DNS view, or RPZ zone. The appliance logs a warning message in the syslog when RPZ-IP rules with prefix length less than the configured minimum prefix length are added to the local RPZ and, when an RPZ feed receives RPZ-IP rules with prefix length less than the configured prefix length from external sources.
To configure the prefix length limit for RPZ-IP triggers:
To override the Grid settings, click Override. To retain the same settings as the Grid, click Inherit.
4. Save the configuration and click Restart if it appears at the top of the screen.
This page has no comments.