Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

local RPZ zone working locally only

[ Edited ]
hazemshoeib
New Member
Posts: 1

‎03-22-2022 08:54 AM - edited ‎03-22-2022 08:58 AM

231     1

Hi,

I am trying to test local RPZ functionality on my lab. I followed this guide https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-implementing-infoblox-dns-fire...

it is working locally only! (using dig from grid master cli)

Infoblox > dig x.x.com

; <<>> DiG 9.11.3-S3 <<>> +noedns x.x.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51460
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;x.x.com.                       IN      A

;; ANSWER SECTION:
x.x.com.                28800   IN      A       2.2.2.2

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 22 16:49:00 CET 2022
;; MSG SIZE  rcvd: 41

But it is not working from my machine in the same subnet

# dig @<SERVER-IP> x.x.com

; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> @<SERVER-IP> x.x.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 45716
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;x.x.com.                       IN      A

;; Query time: 2 msec
;; SERVER: <SERVER-IP>#53(<SERVER-IP>)
;; WHEN: Tue Mar 22 16:50:32 CET 2022
;; MSG SIZE  rcvd: 36

Here is the message I got from syslog:

client @0x7f5cbc4c19b0 <Client-IP>#50213 (x.x.com): query 'x.x.com/A/IN' denied

By checking the member config, I can see that there is indeed an auto created list with the localhost only 

Alghouth I didn't have this option while creating the zone!!

 

zone "x.com" in { # x.com
	# default TTL = 28800;
	type master;
	database infoblox_zdb;
	masterfile-format raw;
	file "azd/db.x.com._default";
	allow-update { any;  };
	allow-query { 127.0.0.1; };
	notify yes;
    };

I tried changing "Match cleints" from "None" to "Named ACL" with "allow all" @the Grid level/member/DNS view levels with no lock

How can I remove this entry and allow it from any client?

Labels:
Reply

Re: local RPZ zone working locally only

[ Edited ]
mjavidtm
New Member
Posts: 1

‎02-09-2024 05:25 AM - edited ‎02-09-2024 05:26 AM

231     1

Hi,

 

Not sure if your issue got resolved !

 

When you create a Local RPZ feed, make sure you don't have the RPZ zone names same as the FQDN that you are configuring.

 

Instead have a unique names for the Local RPZ zones.

 

Eg: local-rpz

 

Link: https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-implementing-infoblox-dns-fire.....

 

Also, Enable RPZ in the logging, you would be able to see the CEF logs in the syslog messages .

Reply
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community