Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Security

Reply

ANY query type blocking on Infoblox

JSingh
Techie
Posts: 11
4136     0

Hi All, Greetings.

Can we block "any" query for specific domain i.e. yahoo.com by Infoblox, any option in the infoblox

or how could we stop this type of query.

Thanks......Jay Shankar

Re: ANY query type blocking

I-Team Employee
Employee
Posts: 171
4137     0

Jay,

You should look at our DNS Firewall product that we just announced. It should do what you're asking.

 

http://www.infoblox.com/products/dns-dhcp-services/dns-firewall

 

 

Re: ANY query type blocking

JSingh
Techie
Posts: 11
4137     0

Hi, Thanks chuq...

I've gone through the DNS Firewall option and as per datasheet it should, but i didn't get understand that

where shoud we configured that query type "ANY" for any domain and from any host/ip to block.

Please can you help me in this.

Thankss once again......Jay

 

Re: ANY query type blocking

Adviser
Posts: 63
4137     0

Jay,

Since you are not giving much detail on what is your use case, I guess you are requesting this in order to block dns amplification attacks.

I'm not sure you can do this right on the appliance, beside of course turning off recussion for any clients beside yours.

I've seen arcane iptable config which claims to do this : http://serverfault.com/questions/418810/public-facing-recursive-dns-servers-iptables-rules but these are a bit too custom for my taste.

Hope it helps.

 

Re: ANY query type blocking

Expert
Posts: 42
4137     0

Hi Jay,

maybe a little trick could help. whats about creating an empty authoritative zone,

 in your case yahoo.com, and forbid queries or redirect queries into nirvana.Smiley Happy

greetings

markus

 

Re: ANY query type blocking

I-Team Employee
Employee
Posts: 171
4137     0

Jay, I had a chance to talk to the product managers. The DNS firewall doesn't do what you're asking; it's designed to handle outbound-only DNS traffic at this point. That would be functionality that would have to be added to support what you're trying to do. 

Chuq

Showing results for 
Search instead for 
Do you mean 

Recommended for You