Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific


Accepted Solution

Inconsistent RPZ Results

Posts: 5
1168     0

I configured some test local RPZ rules, however it seems it only works for some of the sites listed.


For example, I set it to block,, and

But the only one that's blocked effectively is


If I attempt an nslookup for any of the blocked sites it comes back "Non-existent domain".

But I'm able to browse to facebook and cnn.  I did an ipconfig /flushdns and cleared the browser cache, as well.  No change.



Any ideas?

Re: Inconsistent RPZ Results

Posts: 77
1169     0

If you make a packet trace what do you see there?

Re: Inconsistent RPZ Results

TTiscareno Community Manager
Community Manager
Posts: 360
1169     0

RPZ can be a little confusing because it gives you control over whether to act on the domain name, or everything that falls underneath the domain. In the example that you provided, your policy is set to act on the domain name only and to block everything else underneath, you would add a second rule with a wildcard character- *


As a result, you will have two rules for every domain name. Doing this through the GUI is fine for small updates but if you are setting a large number of rules, I would recommend using the CSV import feature. This would allow you to simplify the process using your standard spreadsheet application before uploading it into NIOS.




Re: Inconsistent RPZ Results

Posts: 5
1169     0

Looks like that did the trick. (adding *


Thanks Tony.



Showing results for 
Search instead for 
Do you mean 

Recommended for You