Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

BloxOne Threat Defense and Threat Intelligence

Reply

Would the option for Add client IP to outgoing recursive queries work for on premise forwarded too?

Authority
Posts: 18
1427     0

Hi;

 

Would the option for "Add client IP, MAC addresses, and DNS View name to outgoing recursive queries", which is there for BloxOne Threat Defence, woulld this option also work in a situation in which there is a recursive DNS server "acting as a DNS proxy" by forwarding the query "recursively" to an on premise forwarder? 

 

I mean would the on premise forwarder see the client IP inserted by the DNS proxy and apply RPZ zone policies based on this client IP if needed? This is despite the fact that on layer 3, it only sees the IP address of the DNS Proxy as the source IP.

 

Kindly

Wasfi

Re: Would the option for Add client IP to outgoing recursive queries work for on premise forwarded t

Techie
Posts: 17
1428     0

Hi BounniW,

 

It would depend on the device receiving the traffic from NIOS. If NIOS is forwarding traffic to BloxOne directly a security policy can be assigned to the traffic coming from NIOS. If the NIOS is not forwarding traffic to BloxOne, the device recieving the DNS traffic would need to be able to parse EDNS0 and handle the additional data accordingly. For more information on this mechanism please see our documentation regarding EDNS0: https://docs.infoblox.com/space/nios85/35483175/Using%20Extension%20Mechanisms%20for%20DNS%20(EDNS0).

 

Thank you,

David

Showing results for 
Search instead for 
Did you mean: 

Recommended for You