...
Any public DNS request that reaches Infoblox Platform and resolves to a private IP address could be a sign of a DNS rebinding attack. If the option Block DNS Rebinding attacks is enabled, Infoblox Platform will respond with "No Error - No Data" for such DNS requests, and Infoblox will remove the private IP addresses from the responses. This may result in a NODATA response if there are no other records included in the response.Informed the SA about “private-ip” which does not have a Threat Class assigned and the
Note: When the "Block DNS Rebinding Attacks" option
...
is enabled in the security policies, DNS requests to "Private-
...
IPs"
...
Please note the following regarding "Private-IP" in Security Activity reports:
...
"Private-IP" does not have a threat class assigned to it in the Security Activity report.
...
will be included in the threat feed "private-ip," threat class "Policy," and threat property "Rebind," which can be observed in the Infoblox Security Activity reports.