Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

RPZ configuration and licensing

[ Edited ]
Adviser
Posts: 9
5393     0

(NIOS 8.2.9) I am replacing our old grid master with new hardware.  The old grid master has an RPZ license installed and the new one does not.  All grid members have RPZ licenses installed.  Our clients only use the grid member anycast address as resolvers, the grid master is hidden/stealth.  If I don't change any configuration settings, will the RPZ functionality break when I swap the equipment?

 

UPDATE:  Under the RPZ configuration there is a tab for Name Servers.  I can see the External Primary is set to the IP of the external RPZ service provider.  I also see all our grid members listed as Grid Secondaries.  Our grid master is also listed as a Grid Secondary.  I'm thinking I need to remove our grid master from that list but I'm not sure.

Re: RPZ configuration and licensing

Adviser
Posts: 65
5393     0

Performing this swap will not break the RPZ functionality but there is a corner case where this could break your updates. If your Grid Master is configured to be the "lead secondary" then it is the node fetching the RPZ feed and redistributing the data to other secondaries in your grid. If you are not using a lead secondary then each secondary will transfer the feed from the remote server. (And will keep doing so even if the GM does not have an RPZ license)

Re: RPZ configuration and licensing

[ Edited ]
Adviser
Posts: 9
5394     0

Our grid master is configured as a lead secondary.  Does that mean we need to purchase more RPZ licenses?  We can't change the lead secondary option.  If we need to purchase more RPZ licenses this will be a problem.

 

There are four possible solutions:

1) Stop using RPZ

2) Make a different grid member the lead secondary

3) Buy more RPZ licenses

4) Stop using a lead secondary

Re: RPZ configuration and licensing

Adviser
Posts: 9
5394     0

I just noticed that under the RPZ settings, under Name Servers, the grid secondaries can be set up as a "Lead Secondary."  If I change the "Lead Secondary" status for any grid secondary will this only affect this RPZ zone?   If this is the case my problem is solved.  Seems to me the "Lead Secondary" option applies to a zone and it should not affect any other zone that has a Lead Secondary configured.   Just want to verify this.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You