Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

local RPZ zone working locally only

[ Edited ]
New Member
Posts: 1
1079     1

Hi,

I am trying to test local RPZ functionality on my lab. I followed this guide https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-implementing-infoblox-dns-fire...

it is working locally only! (using dig from grid master cli)

Infoblox > dig x.x.com

; <<>> DiG 9.11.3-S3 <<>> +noedns x.x.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51460
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;x.x.com.                       IN      A

;; ANSWER SECTION:
x.x.com.                28800   IN      A       2.2.2.2

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 22 16:49:00 CET 2022
;; MSG SIZE  rcvd: 41

But it is not working from my machine in the same subnet

# dig @<SERVER-IP> x.x.com

; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> @<SERVER-IP> x.x.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 45716
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;x.x.com.                       IN      A

;; Query time: 2 msec
;; SERVER: <SERVER-IP>#53(<SERVER-IP>)
;; WHEN: Tue Mar 22 16:50:32 CET 2022
;; MSG SIZE  rcvd: 36

Here is the message I got from syslog:

client @0x7f5cbc4c19b0 <Client-IP>#50213 (x.x.com): query 'x.x.com/A/IN' denied

By checking the member config, I can see that there is indeed an auto created list with the localhost only 

Alghouth I didn't have this option while creating the zone!!

 

zone "x.com" in { # x.com
	# default TTL = 28800;
	type master;
	database infoblox_zdb;
	masterfile-format raw;
	file "azd/db.x.com._default";
	allow-update { any;  };
	allow-query { 127.0.0.1; };
	notify yes;
    };

I tried changing "Match cleints" from "None" to "Named ACL" with "allow all" @the Grid level/member/DNS view levels with no lock

How can I remove this entry and allow it from any client?

Re: local RPZ zone working locally only

[ Edited ]
New Member
Posts: 1
1080     1

Hi,

 

Not sure if your issue got resolved !

 

When you create a Local RPZ feed, make sure you don't have the RPZ zone names same as the FQDN that you are configuring.

 

Instead have a unique names for the Local RPZ zones.

 

Eg: local-rpz

 

Link: https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-implementing-infoblox-dns-fire.....

 

Also, Enable RPZ in the logging, you would be able to see the CEF logs in the syslog messages .

Showing results for 
Search instead for 
Did you mean: 

Recommended for You