automate RPZ download to non-infoblox server

pmeyerson · ‎06-27-2017

I'm trying to download our RPZ feeds to a seperate splunk server for analysis. Is it possible to export the records via API or some other automated method?

Thanks.

SSieber · ‎06-27-2017

You can use dig the following way:

dig axfr <rpz-name> @<server-ip> -y 'name:keydata'

where -y is the TSIG Key Name and Key Data.

pmeyerson · ‎07-18-2017

To have a TSIG key I would need to have the server I am querying from added as an external secondary name server, is that right (since it is not already a dns server)?
Thank you!

SSieber · ‎07-18-2017

I'm not sure I understand you right.

The original question was about downloading the RPZ feed to a external server. This is what you can do with the DIG command in a shell-script and have it scheduled with cron.

> To have a TSIG key I would need to have the server I am querying from added as an external secondary name

> server, is that right (since it is not already a dns server)?

You would know the TSIG key from Infoblox (as you would have purchased the RPZ feeds as a license).

Now if you want to use RPZ, you would add it as an External Primary Server and use Infoblox Members as Grid Secondaries

pmeyerson · ‎07-19-2017

Thanks I understand now, I forgot there was a key listed in the CSP portal. Working as advertised, thanks for your help!

API & Integration

automate RPZ download to non-infoblox server

Re: automate RPZ download to non-infoblox server

Re: automate RPZ download to non-infoblox server

Re: automate RPZ download to non-infoblox server

Re: automate RPZ download to non-infoblox server