Product Updates & Enhancements

April 2026

In Case You Missed It

Last month's product updates can be found in March's communication.

Now Available

Infoblox Universal DDI™ Management
- Early Access Program DDI Integration for SASE
- Secondary Zone Visibility for Microsoft DNS Servers
- DHCP Split Ranges
- Host Object Sync
NIOS-X: Infoblox Trinzic X6 Appliance Support
Infoblox Universal Asset Insights™
- Enhanced Asset Details Experience
- Expanded Visibility Across Endpoint, Security and Edge
- Oracle Cloud Infrastructure Visibility in Infoblox Labs
Infoblox Threat Defense™: Microsoft Active Directory User Attribution
Latest Ecosystem Partner Integrations: Salesforce, Splunk, Palo Alto Networks and More

Coming Soon

Infoblox Portal: Updated UI Navigation
Infoblox Universal DDI Management
- Simplified DNS Zone-to-Server Configuration
- DNS Alias Records (NIOS, Cloudflare, Akamai)
- DHCP Shared Networks
- IPAM Data Export
NIOS-X as a Service: Auto Right-Sizing
NIOS-X and NIOS-X as a Service: Lease Migration
Infoblox Universal Asset Insights: Expanded Discovery Coverage
Infoblox Threat Defense: Detection Mode for Microsoft DNS
Infoblox Managed Rules for AWS Network Firewall

End-of-Life/End-of-Support Announcements

RPZ Feed Revamp: Update Enforcement for Infoblox Threat Defense
RPZ Feed Revamp: Update for NIOS

Infoblox Threat Intelligence

Inside Keitaro Abuse: A Persistent Stream of AI-Driven Investment Scams
Abusing .arpa: The TLD That Isn't Supposed to Host Anything

NETWORKING

Early Access Program: DDI Integration for SASE

Now Available

As organizations adopt SASE or SD-WAN, core DDI services like DNS, DHCP and IP address management are often left behind leading to configuration drift, DNS latency and outages that are difficult to diagnose.

Infoblox is partnering with leading SASE and SD-WAN providers to bring cloud-delivered DDI directly into the platforms you’re already using.

With the Early Access Program, you can validate guided DDI activation, automated branch configuration and consistent DDI operations across distributed environments, playing a part in shaping the experience before broader availability. Learn more, in the blog or register for Early Access.

Infoblox Universal DDI™ Management: Secondary Zone Visibility for Microsoft DNS Servers

Now Available

The Infoblox Portal now provides visibility into the contents of secondary zones served by Microsoft DNS servers. This enhancement streamlines the planning and execution of migrations from Microsoft DNS by enabling a centralized review of records before cutover.

Infoblox Universal DDI Management: DHCP Split Ranges

Now Available

Split ranges let you migrate existing DHCP deployments without redesigning your High Availability (HA) strategy and are compatible with additional existing HA modes. If you currently use split scopes or plan to migrate from another DHCP platform, contact your Infoblox account team or partner to review design options and migration guidance for Split Range mode.

Infoblox Universal DDI Management: Host Object Sync

Now Available

You can now manage NIOS host records with Universal DDI through the NIOS Grid Connector (NGC). Synced host records are viewed and edited directly from the Infoblox Portal. This allows for a more gradual path for migration of services over time. If you are running NIOS and are interested in managing it from the Infoblox Portal, reach out to your Infoblox account team to discuss enabling host object sync and recommended best practices for mixed NIOS/Universal DDI environments.

NIOS-X: Infoblox Trinzic X6 Appliance Support

Now Available

NIOS-X now supports deployment on the Trinzic X6 TE-906 and TE-1506 hardware, aligning with modern data center standards. NIOS‑X servers on X6 strengthen branch and remote site resiliency by maintaining critical DNS and DHCP services even if connectivity to the core data center is disrupted. To explore converting a NIOS server X6 appliance to NIOS-X, refer to our documentation.

Infoblox Universal Asset Insights™: Enhanced Asset Details Experience

Now Available

Universal Asset Insights now delivers an enhanced experience that makes it easier to understand, compare and trust data across providers. The improvements provide deeper transparency, improved usability, and richer cross-provider visibility.

The updated interface includes:

Comprehensive Asset Details Panel: A more intuitive view with organized tabs (Overview, Network, User, Security, Provider Comparison and History) so you can quickly navigate and analyze asset intelligence
Network Interfaces View: Interface-level visibility into network devices such as switches and routers, giving you deeper operational context for troubleshooting and analysis
Provider Comparison and Raw Attributes: Side-by-side comparison of asset data from multiple discovery providers, plus access to the full set of raw, unnormalized attributes collected by each source. You can search, copy and export provider-specific metadata to improve transparency and confidence in multi-provider asset correlation

Together, these enhancements reinforce Universal Asset Insights as a trusted, authoritative system of record, giving you the visibility, context and confidence needed to manage your asset data effectively.

Infoblox Universal Asset Insights: Expanded Visibility Across Endpoint, Security and Edge

Now Available

Infoblox Universal Asset Insights enhances authoritative IP address management (IPAM) with new secure API integrations with Jamf Pro, Microsoft Intune, Microsoft Defender for Endpoint and HPE Aruba EdgeConnect. These integrations continuously ingest up-to-date endpoint, mobile device, security and edge network intelligence, giving NetOps and SecOps teams a complete and accurate view of managed assets across hybrid environments.

By correlating this data with DNS, DHCP and IPAM, Universal Asset Insights creates a single, trusted, authoritative inventory spanning infrastructure, endpoints, security tools and SD-WAN edge environments. The result is faster asset discovery, improved IPAM accuracy, streamlined CMDB reconciliation and quicker identification of stale, unmanaged or misconfigured devices. With updated visibility across unified endpoint management (UEM), endpoint detection and response (EDR) and edge platforms, teams can accelerate operational workflows, strengthen compliance posture and improve response readiness.

To try the new integration as part of a free Infoblox Universal Asset Insights trial, register here. For more information, visit the Infoblox Ecosystem Portal.

Infoblox Universal Asset Insights: Oracle Cloud Infrastructure Visibility in Infoblox Labs

Now Available

Oracle Cloud Infrastructure (OCI) Discovery is now available in Infoblox Labs, delivering automated visibility into compute instances, networks and IP addresses across multi-region and multi-compartment OCI environments. Universal Asset Insights enriches each discovered asset with relevant metadata and relationships, improving alignment with asset management and IPAM. With scheduled and on-demand discovery, you can identify configuration gaps, orphaned resources and unused IP addresses, strengthening governance and operational efficiency across your OCI footprint. Visit the Infoblox Labs page for additional information.

Infoblox Universal DDI Management: Simplified DNS Zone-to-Server Configuration

Coming Soon

Managing DNS zone assignments across a mix of server types and environments can get complex fast, especially in hybrid setups where consistency matters most. A redesigned DNS zone-to server configuration experience is coming soon to provide a more intuitive, NIOS-aligned user interface for assigning DNS servers to zones. The updated UI lets you mix server types within a single zone, providing greater architectural and operational flexibility across environments. A clear map of zones to DNS servers improves visibility, reduces the risk of misconfiguration. This is especially valuable in hybrid environments where coordinated DNS service delivery is critical to maintaining resilience and operational consistency. Once the release is live visit the Universal DDI documentation page to learn more.

Infoblox Universal DDI Management: DNS Alias Records (NIOS, Cloudflare, Akamai)

Coming Soon

Managing DNS alias records across NIOS, Cloudflare and Akamai will soon be available through the Infoblox Portal. Managing alias records from a single, consistent UI reduces configuration drift, decreases the risk of manual errors and eliminates the need to switch between provider consoles. To learn more, see the Universal DDI Management data sheet.

Infoblox Universal DDI Management: DHCP Shared Networks

Coming Soon

When a subnet runs out of space, the traditional fix is expanding or renumbering networks, a time-consuming and disruptive task. DHCP allocates from a unified pool of IP addresses without expanding or renumbering existing networks. You will soon be able to add new subnets non-disruptively when existing ones run out of space, conserve fragmented address blocks and reduce routing and relay complexity with a single shared configuration. Once the release is live visit the Universal DDI documentation page to learn more.

Infoblox Universal DDI Management: IPAM Data Export

Coming Soon

Universal DDI will soon let you export IP subnets, ranges and addresses directly from the Infoblox Portal in formats. To learn more about IPAM Data Export, contact your Infoblox account team or visit the Universal DDI documentation page to learn more.

NIOS-X as a Service: Auto Right-Sizing

Coming Soon

NIOS-X as a Service will soon introduce automatic right-sizing for instances, enabling capacity to expand seamlessly as demand increases, instead of requiring manual size adjustments. This enhancement reduces the need for hands-on token and license management, lowers administrative overhead and helps ensure server sizing keeps pace with growing workload requirements.

NIOS-X and NIOS-X as a Service: Lease Migration

Coming Soon

Reassigning subnets between servers during a planned migration or disaster recovery event used to mean risking service disruption and IP conflicts. Soon, when you reassign a subnet from one NIOS-X Virtual Server or NIOS-X as a Service instance to another, your active lease database moves with it automatically. Services stay up, your devices keep their existing IP addresses wherever possible and you dramatically reduce the risk of duplicate IP assignments and unplanned outages.

Infoblox Universal Asset Insights: Expanded Discovery Coverage

Coming Soon

To provide deeper visibility into IP-connected assets across on-premises and hybrid cloud environments, including enterprise IoT devices, Universal Asset Insights will soon expand API-based discovery. Upcoming integrations include:

Fortinet FortiCloud Nozomi Networks Ordr Palo Alto Prisma SentinelOne	Tenable VMware ESXi/vCenter Zoom Zebra

These additional integrations further strengthen Universal Asset Insights as an authoritative source of truth for asset discovery, helping your teams surface stale or misconfigured assets and manage complex hybrid environments with confidence. To learn more about these upcoming integrations and how they apply to your environment, review the Universal Asset Insights documentation.

Quick Links for Universal DDI

Quick Links for NIOS DDI

Subscribe to the Infoblox Status page to receive real-time notifications on maintenance upgrades.

SECURITY

Infoblox Threat Defense™: Microsoft Active Directory User Attribution

Now Available

When suspicious DNS activity hits, Infoblox Threat Defense Microsoft Active Directory User Attribution gives your security teams user-level visibility into DNS-based activity and security events. Without changing DNS resolution or adding a captive portal, it collects sign-in information from Microsoft Active Directory on-premises and correlates those events with client IP addresses and devices in the Infoblox cloud. That mapping annotates Threat Defense and SOC Insights data with user identity, to provide visibility into who generated suspicious DNS activity without manually pivoting into separate Active Directory logs or endpoint tools. The result: shorter investigations, less guesswork on shared systems and an intact DNS architecture. To learn more, visit the Infoblox Threat Defense documentation.

Infoblox Threat Defense: Detection Mode for Microsoft DNS

Coming Soon

Detection Mode for Microsoft DNS is coming to Infoblox Threat Defense, providing DNS-layer threat detection for Microsoft DNS environments without changing your DNS resolution path or adding latency. By ingesting Microsoft DNS Analytic Events directly from your Microsoft DNS Servers, it preserves true client IP attribution and focuses on external, security-relevant traffic, so your SecOps team can investigate suspicious activity and close visibility gaps more quickly. This is especially valuable if you need to meet emerging guidance such as the new NIST protective DNS recommendations without changing resolution, or if you already have an inline DNS security solution and want to see what additional threats it may be missing. It is also useful when you are onboarding new environments, such as recently acquired businesses, where you need fast visibility before making DNS architecture changes.

Quick Links for Security

Subscribe to the Infoblox Status page to receive real-time notifications on maintenance upgrades.

ECOSYSTEM

Latest Ecosystem Partner Integrations—Salesforce, Splunk, Palo Alto Networks and More

Now Available

Infoblox helps you manage and secure your most mission-critical network services, and a growing ecosystem of software and technology partners keeps expanding what’s possible. New integrations help you automate workflows, streamline operations and get more value from your security and network investments. Here are some of the latest highlights:

Automate DNS and IP Management with Salesforce IT Service Management (ITSM): Use the Infoblox action for Salesforce Flow to create, update and clean up DNS records and IP assignments in Infoblox Universal DDI as part of ticket and change workflows, without extra manual work.
Detect Threats Earlier and Respond Faster with Palo Alto Networks Cortex XSOAR: Two new integrations Infoblox NIOS for Cortex XSOAR and Infoblox Threat Defense with DDI for Cortex XSOAR make the Cortex XSOAR platform even more powerful, helping your network and security teams stay ahead of evolving threats and accelerate incident response.
Unify and Automate Security Operations with Splunk SOAR: Infoblox NIOS for Splunk SOAR now directly integrates with NIOS, adding to existing integrations with Universal DDI and Threat Defense, so you can automatically block malicious domains using network and DNS intelligence.
Detect and Fix IP Address Mismatches with ScienceLogic: The Infoblox NIOS Integration for ScienceLogic network configuration and change management (NCCM) platform now supports bidirectional IP address and device synchronization with Infoblox NIOS DDI.
Automate Certificate Provisioning with Infoblox DNS: Use NIOS with the Keyfactor ACME AnyCA Gateway plugin to automatically validate domains and issue trusted TLS certificates without manual DNS updates.

For the full list of Infoblox integrations, visit the Infoblox Ecosystem Portal.

Infoblox Managed Rules for AWS Network Firewall

Coming Soon

Curated, predictive DNS-based rule groups will soon be delivered directly into your AWS Network Firewall policies with no additional infrastructure required. These Suricata-compatible rule groups will be continuously refreshed with Infoblox DNS threat intelligence, drawing on millions of indicators to deliver preemptive security across your VPCs while keeping operations simple.

To join the free preview once live, subscribe to Infoblox Managed Rules directly from the AWS Network Firewall console or via the AWS Marketplace.

END-OF-LIFE / END-OF-SUPPORT

RPZ Feed Revamp: Update Enforcement for Infoblox Threat Defense

Projected Date: April 30, 2026

The new RPZ Feed Revamp for Infoblox Threat Defense delivers a simplified feed structure, more threat indicators and intuitive feed names with built‑in risk levels so you can better align policy actions with risk tolerance. To reduce complexity and keep innovation focused on the new model, Infoblox will automatically migrate any remaining policies still using the old feeds to the new feeds starting April 30, 2026. After which, the old feeds will be removed and fully deprecated. With an extended transition window of more than one and a half months, upgrading ahead of April 30, 2026, lets you manage this change on your own schedule. The upgrade can be completed with a single click on the Policy screen. For more information, refer to the Configuration Guide.

RPZ Feed Revamp: Update for NIOS

Projected Date: April 30, 2026

The new RPZ Feed Revamp for NIOS provides a simplified response policy zone (RPZ) structure, more threat indicators and intuitive RPZ names with built‑in risk levels so you can better align policy actions with risk tolerance. To focus on innovation and reduce the complexity of supporting legacy RPZs, Infoblox will stop updating the old RPZs with new indicators starting April 30, 2026, and those RPZs will eventually carry no indicators. To maintain effective protection, Infoblox strongly recommends updating your NIOS RPZ configurations by removing the old RPZs and replacing them with the new ones. For more information, refer to the Configuration Guide.

INFOBLOX THREAT INTELLIGENCE

New Research Available

Infoblox Threat Intel is the leading creator of original DNS threat intelligence, uniquely able to interpret DNS at scale and discover what others can’t. Using deep visibility into the internet’s inner workings, the team predicts, uncovers and disrupts threat actors before they strike.

Visit the redesigned Infoblox Threat Intel microsite to access the latest research directly and stay up to date on new findings:

Inside Keitaro Abuse: A Persistent Stream of AI-Driven Investment Scams:

Keitaro, a legitimate advertising tracking platform, is being widely abused by threat actors to cloak malicious campaigns and route victims to scams. The research found over 15,000 domains abused. Combined with AI-generated content, deepfakes and ad networks, threat actors scaled highly convincing and targeted scams globally. The combination of cloaking, automation and AI makes the campaigns difficult to detect and allows cybercriminals to operate persistent, large-scale fraud ecosystems. More on this threat campaign discovered by Infoblox and Confiant in this blog post.

Abusing .arpa: The TLD That Isn't Supposed to Host Anything:

Infoblox Threat Intel discovered how threat actors obtain control of IPv6 reverse DNS zones and create improper DNS records that allow phishing sites to be hosted under .ip6.arpa domains. The .arpa top-level domain is normally reserved for internet infrastructure and is not intended to host web content, making it a trusted, rarely monitored namespace that attackers can exploit to evade traditional security detections. Read more.