01-29-2013 03:36 AM
Hi All, Greetings.
Can we block "any" query for specific domain i.e. yahoo.com by Infoblox, any option in the infoblox
or how could we stop this type of query.
01-29-2013 09:44 AM
01-29-2013 09:51 AM
Hi, Thanks chuq...
I've gone through the DNS Firewall option and as per datasheet it should, but i didn't get understand that
where shoud we configured that query type "ANY" for any domain and from any host/ip to block.
Please can you help me in this.
Thankss once again......Jay
01-30-2013 12:37 AM
Since you are not giving much detail on what is your use case, I guess you are requesting this in order to block dns amplification attacks.
I'm not sure you can do this right on the appliance, beside of course turning off recussion for any clients beside yours.
I've seen arcane iptable config which claims to do this : http://serverfault.com/questions/418810/public-facing-recursive-dns-servers-iptables-rules but these are a bit too custom for my taste.
Hope it helps.
01-30-2013 11:46 AM
maybe a little trick could help. whats about creating an empty authoritative zone,
in your case yahoo.com, and forbid queries or redirect queries into nirvana.
01-31-2013 10:08 AM
Jay, I had a chance to talk to the product managers. The DNS firewall doesn't do what you're asking; it's designed to handle outbound-only DNS traffic at this point. That would be functionality that would have to be added to support what you're trying to do.