Grid Communication with "Threat Analytics" and "DNS Firewall" running on the same Grid Member

Posts: 107
961     0



Let's say that the Threat Analytics service and the DNS Firewall service were running on the same Grid Member. When The Threat Analytics service detects a DEX violation and updates the RPZ for the DNS Firewall, does it do the update locally "I mean internally within the box" or does the update go to the Grid Master first then comes back to the box via BloxSync?


I know this may sound like a very straight forward answer but I just wanted to double check. If the update happens internally between the box and itself or using BloxSync via the Grid Master?


If the update happens internally, how does it happen?





Re: Grid Communication with "Threat Analytics" and "DNS Firewall" running on the

Posts: 2
962     0

Each appliance has its own database, with changes gathered and  updated locally first and then it is synchronized back to the Grid Master.

So yes it would add it to itself first, then the Grid Master would get notified of a change and pull the change back.


Then the Grid Master would determine what other Recusive DNS Grid applainces need this update and instantly push it to them


The Infoblox Grid is a hub and spoke model, where the Master is the database hub.

Logically it is one database for the Grid, but each appliance only holds what data it serves.


Re: Grid Communication with "Threat Analytics" and "DNS Firewall" running on the

Posts: 159
962     0

The only addition to this is if you have more than one member running the RPZ feed.   RPZ zones ONLY transfer and update to other grid members via the "normal" bind UDP \ TCP port 53 zone notifies and transfers.   So I'm not sure how this would work if the RPZ zone for Threat Analytics is mastered on 3rd box,  (not the GM or the Threat Analytics member with the new update).   I'm thinking the update would get to the master via the grid replication, but the updates would come back around to the other grid members via standard bind zone transfers.

This was actually a question I had for Infoblox when I started looking at Threat Analytics.  Depending on how this works, and on which side of firewalls you RPZ and Threat Analytics boxes are on, you could need a spider web of new firewall rules to get the notifies and updates to the correct members.

Showing results for 
Search instead for 
Do you mean 

Recommended for You