Reply
Highlighted
Accepted Solution

Configuration RPZ Infoblox

Authority
Posts: 20
1226     0

Hi Guys,

 

We have 4 Box Infoblox and we configure as below

 

2 BOX as DC and we configure as HA and also Grid Master

2 BOX as DRC and we configure as HA and also Grid Master Candidate

 

each box have license Response Policy Zone ( RPZ ) so totally we have 4 license RPZ. We already tested for domain with indication malicious domain ( ex: 61paris.fr ) we used command dig for detail as below :

 

BOX 1 DC :

 

Infoblox > dig @XX.XX.XX.XX 61paris.fr

; <<>> DiG 9.10.2-ECS-M3 <<>> +noedns @XX.XX.XX.XX 61paris.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38704
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;61paris.fr.                    IN      A

;; ANSWER SECTION:
61paris.fr.             86400   IN      A       213.186.33.107

;; Query time: 1268 msec
;; SERVER: XX.XX.XX.XX#53(XX.XX.XX.XX)
;; WHEN: Fri Aug 24 18:51:54 ICT 2018
;; MSG SIZE  rcvd: 44

Infoblox >

BOX 2 DC


Infoblox > dig @XX.XX.XX.XX 61paris.fr

; <<>> DiG 9.10.2-ECS-M3 <<>> +noedns @XX.XX.XX.XX 61paris.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32303
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;61paris.fr.                    IN      A

;; ADDITIONAL SECTION:
base.rpz.infoblox.local. 7200   IN      SOA     ns1-rpz.csp.infoblox.com. support.infoblox.com. 1535107231 7200 3600 2592001 7200

;; Query time: 0 msec
;; SERVER: XX.XX.XX.XX#53(XX.XX.XX.XX)
;; WHEN: Fri Aug 24 18:54:43 ICT 2018
;; MSG SIZE  rcvd: 119

Infoblox >

 

 

We got different result for the test dig from BOX 1 failed to blocking and from BOX 2 successfull blocking ( got respond from  ns1-rpz.csp.infoblox.com. support.infoblox.com . Our expectation is each BOX should be blocking because each BOX have license RPZ. My question as below :

 

1. Whether this is behavior for RPZ ?

2. Any configuration will be modify / changes in side Infoblox   ?

 

 

Thanks advance,

 

Regards,

Re: Configuration RPZ Infoblox

Adviser
Posts: 92
1227     0

Hello Again,

 

Isn't this a duplicate of the post to which I replied here ? Just trying to avoid duplicates. Ignore my question if this is something different from what you've posted to this link .

 

Best regards,

Mohammed Alman.

Re: Configuration RPZ Infoblox

Authority
Posts: 20
1227     0
Dear Mohammed Alman, Yes duplicate, thank you so much for your guidence for this issue. Thank You

Re: Configuration RPZ Infoblox

Fabio
Techie
Posts: 3
1227     0

Hi

I have a problem with the entry "www.bpplus.com" inside 'antimalware.rpz.infoblox.local' wich have order 1

The Web site seems to be good, why is blocked?

 

The rpz update are recent.

 

There is a way to exclude a single entry inside the rpz file in order to permit the traffic?

 

Thanks in advance

 

Fabio

Showing results for 
Search instead for 
Do you mean 

Recommended for You