The Infoblox Advanced DNS Protection solution employs threat protection rules to detect, report upon, and stop DoS (Denial of Service), DDoS (Distributed Denial of Service) and other network attacks targeting DNS authoritative applications. Infoblox Advanced DNS Protection helps minimize "false positives" and ensures that your mission-critical DNS services continue to function even when under attack. For information about possible DNS threats, see DNS and Network-Flood Threats.
You can deploy the Advanced DNS Protection solution on hardware-accelerated appliances (physical appliances only) as well as software-based appliances (both physical and virtual) in the Grid. Depending on the appliances you deploy, you must install applicable hardware-based licenses or Software ADP subscription licenses. For information about supported Infoblox appliances for Advanced DNS Protection and the applicable licenses, see Supported Threat Protection Appliances and Licensing Requirements.
Infoblox Advanced DNS Protection is designed to provide visibility and protection against network floods and DNS attacks. It detects DNS attacks through predefined and custom threat protection rules, and mitigates DNS threats by dropping problematic packets while responding only to legitimate traffic. With valid licenses installed, you can subscribe to automatic rule updates that deliver near real-time protection against new and emerging attacks. You may also manually perform the rule update process based on your configuration. For information about threat protection rules, see Understanding Threat Protection Rulesets and Rules.
Infoblox Advanced DNS Protection supports a set of predefined threat protection rules that detect and mitigate possible DNS threats. You can modify some of the parameters and assign actions such as logging events and applying mitigation to these rules. You can also create custom rules to suit your security needs. For more information, see Understanding Threat Protection Rulesets and Rules.
As illustrated in Figure 41.1, the threat protection appliance, acting as an authoritative DNS server, is added to the Grid. After installing valid threat protection licenses and configuring the appliance to serve as an Advance Appliance, it can now detect DNS threats and mitigate DNS threats based on threat protection rules. All threat protection related events, conformed to CEF (Common Event Format), are logged in the syslog on the Grid Master. To perform further investigation about possible threats, the reporting server generates specific threat protection related reports. For information about how to monitor threat protection related events and reports, see Monitoring Threat Protection Events.
Figure 41.1 Infoblox Advanced DNS Protection Solution
Hardware-based appliances support all existing DNS features (including HA support) that are applicable to DNS caching and authoritative applications, except the following:
Note: Even though you can configure static routes on the Infoblox-4030 Rev-2 appliance when DNS cache acceleration is enabled, cached DNS responses are always sent through the interface on which the queries arrive, not the interface that is configured for the static route.
Consider the following when the threat protection service is enabled on the Advance Appliances:
For Hardware ADP
For Software ADP
This page has no comments.