Versions Compared

Version Old Version 1 New Version Current
Changes made by

Panna .

Panna .

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName17.1
zoom1
custContentId7343912
pageId26775365
custContentId7343912
lbox1
contentVer1
revision1


 This feature supports queries for data in IPv4 and IPv6 reverse-mapping zones, as well as forward-mapping zones. Note that when a user with a Windows DNS client with IPv6 installed tries to access a domain name, the Windows client sends queries for AAAA records before queries for A records. After the DNS member sends a Refused response to the query for the AAAA record, the DNS client then sends a query for the A record. The DNS member then responds according to the blacklist rules.
When DNSSEC is enabled on the Infoblox DNS server, it does not redirect DNS clients that request DNSSEC data. (For information about DNSSEC, see Configuring DNSSEC.) If DNSSEC is not enabled and the query includes a request for DNS data, the appliance ignores the request for DNSSEC data and redirects the clients.
To apply the configured DNS blacklist rules regardless of whether a DNS query requests DNSSEC data, configure the appliance accordingly. For more information about how to configure this, see Applying Policies and Rules to DNS Queries that Request DNSSEC Data.
You can enable the blacklist feature at the Grid, member, and DNS view levels. Note that only recursive DNS servers can support this feature. For information on enabling recursion on a DNS member, seeEnabling Recursive QueriesEnabling Recursive Queries.

...

You can use the Blacklist wizard, described in Adding a Blacklist Ruleset, to add blacklist rulesets, but not rules. You can only add rules by importing them in a CSV file, as described in Importing and Exporting Data using CSV Import. Note that if a blacklist ruleset contains duplicate domain names, the DNS member loads the first rule in the ruleset and discards the other rules.

The following example illustrates how the DNS member applies blacklist rules. Ruleset 1:

Pattern

Action

a1.foo.com

PASS

foo.com

REDIRECT/BLOCK

  • If the DNS member receives a recursive query for a1.foo.com, it resolves the query and forwards the response to the client.

  • If the DNS member receives a recursive query for the A record of b1.foo.com, it redirects the DNS client to the specified IP address. If the query is for another record type, such as an MX record, the member sends a REFUSED response to the client.

...