In Case You Missed It
Last month’s product updates can be found in October’s Communication.
Now Available
- Infoblox Universal DDI™ Management:
- Simplify Management of Microsoft DNS and DHCP, without Disruption
- External DNS Integration with Cloudflare and Akamai
- Integration with Google Internal Range
- New Network Perspective and Address Space Perspective
- Infoblox Universal Asset Insights: CMDB Reconciliation
- NIOS DDI: Infoblox DNS Infrastructure Protection (formerly Advanced DNS Protection)
- Infoblox Threat Defense™: Endpoint 2.6.0 for Windows, macOS and Linux
- Ecosystem:
- VMware Aria Automation Provider for Infoblox Universal DDI
- Terraform Provider Updates for Infoblox NIOS DDI
- Google SecOps SIEM
- Splunk SOAR Playbooks
Coming Soon
- NIOS DDI: NIOS 9.0.8 Adds Proxmox Support, UI Naming Updates
- Ecosystem:
- Palo Alto XSOAR Playbooks
- Test Connectivity for Automations
- Palo Alto Networks XSIAM (SIEM)
End-of-Life / End-of-Support Announcements
- NIOS 9.0.0-9.0.5: End-of-Life Announcement
- Infoblox Endpoint Agent: End-of-Support Announcement for Windows 10
Infoblox Threat Intelligence
- Detour Dog – DNS Malware Powers Strela Stealer
NETWORKING
As part of Infoblox’s Networking Momentum launch on November 3, we released an expanded set of enhancements to the Universal DDI platform. From tighter Microsoft DNS/DHCP integration to unified internal/external DNS management, these features deliver faster deployments, greater operational simplicity and the scalability required for dynamic hybrid, multi-cloud environments. Read on to explore the latest updates and check out the launch blog for the full story: Building More Resilient, AI-Ready Networks with Infoblox Universal DDI™.
Infoblox Universal DDI™ Management: Simplify Management of Microsoft DNS and DHCP, without Disruption
Now Available
When it comes to the DNS and DHCP services that keep networks running, many companies use Windows Server, which bundles those mission-critical services with Microsoft Active Directory. However, this aging deployment model was never intended for hybrid, multi-cloud environments. Now, customers can transform how they manage their Microsoft DNS and DHCP environments, even while keeping the same underlying infrastructure. With the latest enhancements to the Infoblox Universal DDI™ Product Suite, Microsoft DNS and DHCP servers can fully co-exist with Universal DDI in the same environment. Network teams can modernize DNS and DHCP infrastructure at their own pace or continue running both systems in parallel while gaining new visibility into assets and utilization across on-premises environments. Meanwhile, with the ability to instantly attribute network devices to specific users, troubleshooting gets faster, manual lookups are minimized and compliance reporting becomes much simpler.
Infoblox Universal DDI Management: External DNS Integration with Cloudflare and Akamai
Now Available
Universal DDI Management gave customers the ability to manage DNS records across AWS, Microsoft Azure, Google Cloud and Infoblox from a single dashboard. Now, with the latest Universal DDI enhancements, this unified DNS management plane also extends to two of the leading external DNS providers: Cloudflare and Akamai. With these enhancements, customers can use Universal DDI Management to control critical network services across their entire hybrid, multi-cloud estate, including external website DNS services and on-premises DNS and DHCP services on Microsoft networks, through a single API and the Infoblox Portal. The results: stronger resiliency, greater visibility, and faster, simpler operations for all DNS services across the business.
Infoblox Universal DDI Management: Integration with Google Internal Range
Now Available
As businesses scale more of their mission-critical applications and IT resources in Google Cloud, managing the IP address space consistently and efficiently becomes a business priority. Now, Universal DDI can help advance this objective through direct integration with Google Internal Range. With the ability to manage Google Cloud IP addresses directly from the Infoblox Portal, NetOps teams can apply the same consistent IP policies across Google Cloud, on-premises and other cloud environments. They can manage enterprise-wide IP addresses and policy from one central system to prevent outage-causing overlaps, routing issues and wasted resources. Meanwhile, CloudOps teams can deploy new Google Cloud environments and applications more quickly and with less risk.
Infoblox Universal DDI Management: New Network Perspective and Address Space Perspective
Now Available
Universal IP Address Management introduces two powerful views to simplify and enhance IP address management (IPAM) across hybrid and multi-cloud environments:
- Network Perspective provides a unified, hierarchical view of IP addresses across the entire network, highlighting overlapping IP addresses.
- Address Space Perspective organizes IP addresses by address spaces, streamlining management across both on-premises and cloud deployments.
The new IPAM views improve user experience and visibility across hybrid, multi-cloud environments.
Infoblox Universal Asset Insights: CMDB Reconciliation
Now Available
This capability analyzes your ServiceNow CMDB data and compares it against Infoblox’s comprehensive asset inventory, helping customers see where CMDB records align with what’s on the network and where data gaps exist. Assets will be classified as either present in ServiceNow and verified on the network, assets that exist only in ServiceNow or assets missing from ServiceNow despite being active on the network. These insights make it easier to identify consistency and highlight areas that may need attention. A summary monitor shows counts at a glance, with detailed reports highlighting individual assets that need updates. Reports can be exported or scheduled to run automatically, providing ongoing visibility into CMDB data health. By surfacing these insights, Asset Insights enables you to enrich your CMDB and keep records accurate.
NIOS DDI: Infoblox DNS Infrastructure Protection (formerly Advanced DNS Protection)
Now Available
Many customers use NIOS DDI, not just for internal DNS but for the external authoritative DNS services that keep their websites, email and other internet-connected applications online. However, for a business’ public-facing apps to be reachable by users, external DNS servers must be exposed to the internet, where they’ll face DNS DDoS attacks, attempted hijacks, cache poisoning and other DNS exploits—cyberthreats that can knock web apps offline for days. Customers that self-host their external DNS servers can use Infoblox DNS Infrastructure Protection (formerly Advanced DNS Protection or ADP) to safeguard exposed DNS infrastructure. Infoblox DNS Infrastructure Protection offers advanced protection against volumetric and non-volumetric attacks and other DNS threats, while ensuring that DNS servers will continue processing legitimate queries, even when under attack.
NIOS DDI: NIOS 9.0.8 Adds Proxmox Support, UI Naming Updates
Coming Soon
In December, look for the following two changes in the latest version of NIOS, NIOS 9.0.8:
- NIOS support on Proxmox: With NIOS 9.0.8, NIOS will be fully qualified for Proxmox Virtual Environment. This gives organizations using virtualization even more choice in how they deploy NIOS, in addition to existing support on VMware, KVM and other hypervisor platforms. With this qualification, which also extends to previous releases in the NIOS 9.X train, customers can be confident they'll see the performance and resiliency they expect from NIOS virtualized deployments.
- New names, same great products in NIOS UI: Customers may notice two naming updates in NIOS Grid Manager. Infoblox DNS Infrastructure Protection is the new name for Infoblox Advanced DNS Protection, or ADP, the NIOS add-on service that provides DDoS protection and DNS security for customers self-hosting external DNS on NIOS. Additionally, the name of Infoblox's real-time DNS traffic inspection and analytics solution will now be displayed as Infoblox Threat Insight, instead of Threat Analytics. Users will see no change in these products’ features or functionality.
Quick Links for Universal DDI
Quick Links for NIOS DDI
Subscribe to the Infoblox Status Page to receive real-time notifications on maintenance upgrades.
SECURITY
Infoblox Threat Defense™: Endpoint 2.6.0 for Windows, macOS and Linux
Now Available
Infoblox Endpoint now supports customer-defined internal resolvers, allowing organizations to specify trusted internal DNS servers—whether on the local network or accessible via VPN or Zero Trust solutions. This ensures reliable internal domain resolution even in restricted environments.
Additionally, the new customer-defined fallback resolvers feature allows customers to define trusted recursive DNS resolvers for use when Infoblox Cloud is unreachable. Combined with offline security, this maintains protection and connectivity without cloud dependency. Both features support fail-open and fail-closed modes, giving customers flexibility to balance security and availability.
MacOS 26 “Tahoe” Support
Infoblox Endpoint for macOS is now certified for macOS 26 “Tahoe,” ensuring full compatibility and a seamless upgrade experience for users adopting the latest operating system.
Enhanced Versioning and Stability
Starting with 2.6.0, Infoblox Endpoint includes a build number in its versioning for greater transparency and precision in tracking fixes and enhancements. This release also delivers important bug fixes and performance improvements, enhancing stability and streamlining user experience across key workflows.
Quick Links for Security
Subscribe to the Infoblox Status Page to receive real-time notifications on maintenance upgrades.
ECOSYSTEM
Ecosystem: VMware Aria Automation Provider for Infoblox Universal DDI
Now Available
Infoblox has released the VMware Aria Automation Provider for Universal DDI, delivering seamless integration between Infoblox Universal DDI and VMware Aria Automation. This integration automates IP address management and DNS operations throughout the provisioning and deprovisioning lifecycle of virtual machines. With the provider, network administrators can dynamically allocate IP addresses, create DNS records, provision fixed addresses and DHCP reservations, and synchronize network configurations with Universal DDI, all directly from VMware Aria Automation. This end-to-end automation minimizes manual effort, reduces configuration errors and ensures consistent delivery of critical network services across hybrid and multi-cloud environments.
Ecosystem: Terraform Provider Updates for Infoblox NIOS DDI
Now Available
Infoblox has released NIOS Terraform Provider for Infoblox v2.11.0 with stability improvements. Data sources now treat “not found” as an empty result, making automation more reliable. The release also upgrades Go to 1.24.7, refreshes dependencies for compatibility and security and includes minor refactoring to simplify error handling and remove redundant checks.
Ecosystem: Google SecOps SIEM
Now Available
Infoblox has worked with Google Security Operations SIEM (SecOps) to centralize event logging and visibility, enabling deep search and correlation across DNS and network activity. Our partnership has produced a supported deployment guide for syslog integration with Google SecOps SIEM using the Infoblox Cloud Data Connector (CDC). This integration enables sending Infoblox IPAM asset data, threat data and insights to the SIEM for enrichment, assessment and response. Access the deployment guide for clear integration steps and assurance of integration support from the Ecosystem portal.
Ecosystem: Splunk SOAR Playbooks
Now Available
Infoblox Threat Defense has partnered with the Splunk SOAR team to develop a supported integration that delivers a unified, automated approach to modern security operations. By combining deep network visibility with powerful analytics and orchestration, organizations can detect threats earlier, orchestrate event enrichment and prioritization, and respond in a faster and more automated way to reduce operational overhead and delay. The solution enables security teams to stay ahead of evolving threats while maximizing the value of their existing investments. The integration leverages Infoblox Cloud APIs to share Threat Defense, DNS, DHCP, SOC Insights and security event logs with Splunk SOAR. It comes with a set of playbooks to immediately leverage Infoblox to enhance visibility, streamline triage and case management, and improve threat containment and prioritization.
Ecosystem: Palo Alto XSOAR Playbooks
Coming Soon
Infoblox Threat Defense is partnering with Palo Alto XSOAR to deliver a unified, automated approach to modern security operations. This new integration will combine deep network visibility with powerful analytics and orchestration to help security teams detect threats earlier, orchestrate event enrichment and prioritization, and respond in a faster, more automated way, all while reducing operational overhead. Leveraging Infoblox Cloud APIs, the integration enables seamless sharing of Threat Defense, DNS, DHCP, SOC Insights and security event logs with Palo Alto XSOAR. It will include a set of playbooks that allow teams to immediately leverage Infoblox to enhance visibility, streamline triage and case management and improve threat containment and prioritization. Together, Infoblox and Palo Alto Networks are empowering security operations teams to stay ahead of evolving threats while maximizing the value of their existing security investments.
Ecosystem: Test Connectivity for Automations
Coming Soon
Previously, Ecosystem integration flows that displayed connection health status did not include Ecosystem automations, which use a script to process data before sending. Now, Infoblox will provide bi-directional connectivity status for both automation and non-automation flows. This will close a key visibility gap, giving users clear confirmation that their integrations are properly configured and connected. Infoblox is updating all supported automation scripts to take advantage of this feature, and customer-built scripts can be easily updated using the provided documentation.
Ecosystem: Palo Alto Networks XSIAM (SIEM)
Coming Soon
Infoblox and Palo Alto Networks XSIAM have partnered to streamline event logging and enhance network visibility by integrating DNS and IPAM activity. This collaboration will enable deep event correlation and advanced search across network and security layers. To support this integration, a supported deployment guide is in development for configuring syslog output from Infoblox via the Cloud Data Connector (CDC) into the Palo Alto Networks SIEM environment. When available, users can access the deployment guide with clear integration steps and assurance of integration support from the Ecosystem portal. This integration will make it possible to feed enriched IPAM metadata, threat intelligence, and contextual insights directly into the SIEM, empowering more informed detection, investigation, and response.
END-OF-LIFE / END-OF-SUPPORT
NIOS 9.0.0-9.0.5: End-of-Life Announcement
Projected Date: March 30, 2026
Reminder: Older NIOS versions, NIOS 9.0.0-NIOS 9.0.5, will reach End-of-Life (EoL) and End-of-Support (EoS) on March 30, 2026. Limited Support (investigations, troubleshooting, workarounds and fixes for critical security issues only) will continue through March 29, 2026. To maintain a secure, reliable network with the best performance and ongoing protection, Infoblox recommends upgrading to NIOS 9.0.6 or later. For more information, please visit the Infoblox Support Portal's End-of-Life Announcements and subscribe to receive product lifecycle updates by email. For planning or upgrade assistance, please contact your preferred Infoblox partner or your Infoblox account team for service options.
Infoblox Endpoint Agent: End-of-Support Announcement for Windows 10
October 14, 2025
Microsoft announced that Windows 10 has reached the end of support as of October 14, 2025, meaning no more security patches or feature updates. Infoblox Endpoint Agent 2.5.0 will be the last version to support Windows 10; all future versions (2.6.0+) will not be compatible. Infoblox will provide limited support (troubleshooting and critical security fixes only) for Windows 10 agents until October 14, 2026. Full support will require upgrading to a supported operating system.
To maintain security, we strongly recommend migrating to Windows 11 or enrolling in Microsoft’s Extended Security Updates (ESU) program. For help with planning or upgrades, contact your preferred Infoblox partner or your Infoblox account team for service options. For more details, visit the Infoblox Support Portal.
INFOBLOX THREAT INTELLIGENCE
Detour Dog – DNS Malware Powers Strela Stealer
New Research Available
Infoblox has discovered tens of thousands of websites worldwide infected with malware that leverage the Domain Name System (DNS) to conditionally redirect visitors to infostealers.
The threat campaign has a significant impact on its victims for several reasons:
- Exposure to large-scale cybercrime ecosystem: DNS-coordinated malicious downloads deliver STRELA STEALER, an infostealer designed to compromise credentials. Access brokers then sell these stolen credentials on the dark web, enabling other cybercriminals to steal data and extort victims—sometimes in combination with ransomware.
- Detection evasion: Malicious DNS queries instruct infected websites on which malicious content to deliver, to whom and when. This technique hides malicious content from threat research teams, while the DNS activity remains invisible to victims, making the campaign resistant to traditional client-side detection controls.
This discovery highlights a new evolution in cybercrime, demonstrating how website malware has advanced from simple scam redirection to executing remote content via a DNS-based command-and-control (C2) system.
Infoblox is tracking the threat actor behind this malware, known as Detour Dog, who has operated this strain since August 2023.
Read more about the actor, the campaign’s tactics and the latest indicators on the Infoblox Threat Intel blog: Detour Dog – DNS Malware Powers Strela Stealer Campaign.
