Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

local RPZ zone working locally only

[ Edited ]
New Member
Posts: 1
838     1

Hi,

I am trying to test local RPZ functionality on my lab. I followed this guide https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-implementing-infoblox-dns-fire...

it is working locally only! (using dig from grid master cli)

Infoblox > dig x.x.com

; <<>> DiG 9.11.3-S3 <<>> +noedns x.x.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51460
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;x.x.com.                       IN      A

;; ANSWER SECTION:
x.x.com.                28800   IN      A       2.2.2.2

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 22 16:49:00 CET 2022
;; MSG SIZE  rcvd: 41

But it is not working from my machine in the same subnet

# dig @<SERVER-IP> x.x.com

; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> @<SERVER-IP> x.x.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 45716
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;x.x.com.                       IN      A

;; Query time: 2 msec
;; SERVER: <SERVER-IP>#53(<SERVER-IP>)
;; WHEN: Tue Mar 22 16:50:32 CET 2022
;; MSG SIZE  rcvd: 36

Here is the message I got from syslog:

client @0x7f5cbc4c19b0 <Client-IP>#50213 (x.x.com): query 'x.x.com/A/IN' denied

By checking the member config, I can see that there is indeed an auto created list with the localhost only 

Alghouth I didn't have this option while creating the zone!!

 

zone "x.com" in { # x.com
	# default TTL = 28800;
	type master;
	database infoblox_zdb;
	masterfile-format raw;
	file "azd/db.x.com._default";
	allow-update { any;  };
	allow-query { 127.0.0.1; };
	notify yes;
    };

I tried changing "Match cleints" from "None" to "Named ACL" with "allow all" @the Grid level/member/DNS view levels with no lock

How can I remove this entry and allow it from any client?

Re: local RPZ zone working locally only

[ Edited ]
New Member
Posts: 1
839     1

Hi,

 

Not sure if your issue got resolved !

 

When you create a Local RPZ feed, make sure you don't have the RPZ zone names same as the FQDN that you are configuring.

 

Instead have a unique names for the Local RPZ zones.

 

Eg: local-rpz

 

Link: https://www.infoblox.com/wp-content/uploads/infoblox-deployment-guide-implementing-infoblox-dns-fire.....

 

Also, Enable RPZ in the logging, you would be able to see the CEF logs in the syslog messages .

Showing results for 
Search instead for 
Did you mean: 

Recommended for You