For BloxOne Threat Defense subscribers having purchased and configured a hybrid DNS solution, when When DNS requests are blocked or redirected by a threat feed on the BloxOne Threat Defense Cloud, use the option of applying to apply and enabling enable a custom RPZ feed for smaller appliances. This option is available to BloxOne Threat Defense subscribers who have purchased and configured a hybrid DNS solution. The custom RPZ feed contains malicious threat indicators (domains and IP addresses) as well as wildcard rules to block for blocking all subdomains for the a specific threat indicator. The custom RPZ feed is customer- generated by a subscriber and must adhere to the following RPZ-rule expiration policies specified in the RPZ rules:
- Maximum Feed Entries: The maximum number of feed entries is limited to 10,000 or fewer records.
- Expiration Time (TTL): The expiration time ( TTL ) for entries must be within the range of from 1 day to 30 days. The RPZ feed can be fetched by using the account’s preconfigured TSIG key in the account , which works only with the associated custom zone.
The To enable the custom RPZ feed is enabled when , turn on the BloxOne Hits RPZ Feed option on the : On the Distribution Server Details page by toggling , toggle the switch located at the top of the page from its default default Disabled position position to the the Enable position position. At When you enable the time the custom RPZ feed is enabled, you must also select the maximum number of entries contained within the RPZ feed must be selected ( =< 10,0000) along with the expiration time for the entries contained within of entries that the RPZ feed may contain, as well as the expiration time (1 to 30 days) for the entries.
Data To retrieve data from the custom RPZ feed can be retrieved by using , use a preconfigured TSIG key for the account.