12-11-2018 05:39 AM
I need to come up with a solution to block TLD's and I was wondering if Infoblox can do this.
I have been looking at the blacklist option wthin Infoblox but this appears not to allow wild cards. I would be able to put entries such as "www.somewhere.work" for example but if I want to completely block the TLD "WORK", it won't allow it.
I want to be able to import a list of TLD's that if any of our users try to get to from our internal network, they will be blocked.
If the blacklist is definately not an option, what else would I be able to use?
Would Infoblox DNS Firewall have the same restrictions with wildcards?
Thanks in advance.
Solved! Go to Solution.
12-11-2018 07:41 AM
Using Wildcard entries in Blacklist ruleset is not Supported at the moment, however there is a feature enhancement request for the same.
However, you can make use of the DNS Firewall Response policy Zone (RPZ) feature's blacklist to block any communication to the Wildcard entries in question. You can tweak the RPZs rules such as Passthru, Block, Substitute to get your desired result. The response of a recursive query is modified if it matches any of the RPZ rules. The responses are first matched with the RPZ rules, and if there is a match, the rule defined at the RPZ level override is used.
RPZ feature requires RPZ license to be installed, so you might want to consult with your Infoblox Accounts team with regards to the same. You can also make use of the Temporary RPZ license for Testing purposes by issuing the “set temp_license” command from the CLI of your Infoblox DNS Server (preferably Test environment) and install the RPZ license.
The configuration of the Local RPZs and the Rules in concern are explained in detail in the NIOS Administrator Guide under “Configuring Local RPZs “ and “Configuring Rules for RPZs” sections respectively.
Hope this helps.