07-24-2022 06:56 PM
Would the option for "Add client IP, MAC addresses, and DNS View name to outgoing recursive queries", which is there for BloxOne Threat Defence, woulld this option also work in a situation in which there is a recursive DNS server "acting as a DNS proxy" by forwarding the query "recursively" to an on premise forwarder?
I mean would the on premise forwarder see the client IP inserted by the DNS proxy and apply RPZ zone policies based on this client IP if needed? This is despite the fact that on layer 3, it only sees the IP address of the DNS Proxy as the source IP.
Solved! Go to Solution.
07-29-2022 12:06 PM
It would depend on the device receiving the traffic from NIOS. If NIOS is forwarding traffic to BloxOne directly a security policy can be assigned to the traffic coming from NIOS. If the NIOS is not forwarding traffic to BloxOne, the device recieving the DNS traffic would need to be able to parse EDNS0 and handle the additional data accordingly. For more information on this mechanism please see our documentation regarding EDNS0: https://docs.infoblox.com/space/nios85/35483175/Using%20Extension%20Mechanisms%20for%20DNS%20(EDNS0).