Versions Compared

Old Version 5

changes.mady.by.user Shwetha S

Saved on

compared with

New Version 6

changes.mady.by.user Shwetha S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Based on your security needs, you can define custom rules using predefined rule templates. Custom rules are typically whitelisting or blacklisting rules. You can create up to 500 custom rules for each rule template offered by Infoblox Advanced DNS Protection . The appliance logs a syslog message if there are more than 500 rules for a specific rule category. You can remove some rules in order to create new ones for that category.

...

  • BLACKLIST FQDN lookup TCP: Use this rule template to create custom rules for blacklisting DNS queries by FQDN lookups on TCP. In the Rule Parameters table, complete the following:
    • Blacklisted FQDN: Enter the FQDN that you want the appliance to block over TCP traffic. NIOS supports anexact match or subdomain matches for the FQDN specified in the rule. For example, if "test.com" is specified as a custom rule, NIOS blocks “test.com” or “abc.test.com” but “abctest.com” will not be blocked.
  • BLACKLIST FQDN lookup UDP: Use this rule template to create custom rules for blacklisting DNS queries by FQDN lookups on UDP. In the Rule Parameters table, complete the following:
    • Blacklisted FQDN: Enter the FQDN that you want the appliance to block over UDP traffic. NIOS supports an exact match or subdomain matches for the FQDN specified in the rule. For example, if "test.com" is specified as a custom rule, NIOS blocks “test.com” or “abc.test.com” but “abctest.com” will not be blocked.
  • BLACKLIST IP TCP Drop prior to rate limiting: Use this rule template to create rules for blocking IPv4 or IPv6 addresses on TCP before the appliance drops the packets based on rate limiting rules you have defined using the BLACKLIST IP TCP Drop prior to rate limiting template. In the Rule Parameters table, complete the following:
    • Blacklisted IP address/network: Enter the IPv4 or IPv6 address from which packets sent are dropped before any relevant rate limiting rules take effect. Note that all TCP traffic from the specified Ipv4 and IPv6 addresses and networks will be blocked. Enter network addresses in address/CIDR format.
  • BLACKLIST IP UDP Drop prior to rate limiting: Use this rule template to create rules for blocking IPv4 or IPv6 addresses on UDP before the appliance drops the packets based on rate limiting rules you have defined using the BLACKLIST IP UDP Drop prior to rate limiting template. In the Rule Parameters table, complete the following:
    • Blacklisted IP address/network: Enter the IPv4 or IPv6 address from which packets sent are dropped before any relevant rate limiting rules take effect. Note that all UDP traffic from the specified Ipv4 and IPv6 addresses and networks will be blocked. Enter network addresses in address/CIDR format.
  • RATELIMITED FQDN lookup TCP: Use this template to create custom rules that contains rate limiting restrictions for blocking DNS queries by FQDN lookups on TCP traffic. In the Rule Parameters table, complete the following:
    • Packets per second: Enter the number of packets per second to define the rate limit for this rule. You define this value to control the rate of TCP traffic that consists of DNS lookups for the FQDN defined in this rule. The default is 5.
    • Drop interval: Enter the number of seconds for which the appliance drops packets.
    • Blacklist rate limited FQDN: Enter the FQDN that is affected by the rate limit value configured for this rule. The appliance drops the packets sent by this FQDN when the TCP traffic of DNS lookups for this FQDN exceeds the configured rate limit value.
  • RATELIMITED FQDN lookup UDP: Use this rule template to create custom rules that contains rate limiting restrictions for blocking DNS queries by FQDN lookups on UDP traffic. In the Rule Parameters table, complete the following:
    • Packets per second: Enter the number of packets per second to define the rate limit for this rule. You define this value to control the rate of UDP traffic that consists of DNS lookups for the FQDN defined in this rule. The default is 5.
    • Drop interval: Enter the number of seconds for which the appliance drops packets.
    • Blacklist rate limited FQDN: Enter the FQDN that is affected by the rate limit value configured for this rule. The appliance drops the packets sent by this FQDN when the UDP traffic of DNS lookups for this FQDN exceeds the configured rate limit value.

...

  • RATELIMITED IP TCP: Use this rule template to create custom rules that contains rate limiting restrictions for blacklisting IP addresses on TCP. If there are certain IP addresses that you want to block before its traffic reaches the rate limit restrictions, you can create a rule using the RATELIMITED IP TCP template. In the Rule Parameters table, complete the following:
    • Packets per second: Enter the number of packets per second to define the rate limit for this rule. You define this value to control the rate of TCP traffic that consists of DNS lookups for the IP address or network defined in this rule. The default is 5.
    • Drop interval: Enter the time interval in seconds the appliance drops IP packets sent by the rate limited IP address or network defined for this rule. The default is 30 seconds.
    • Rate limited IP address/network: Enter the IP address or network that is affected by the rate limit value configured for this rule. The appliance drops the packets sent by this IP address based on the drop interval when the TCP traffic of DNS lookups for this IP address exceeds the configured rate limit value.
  • RATELIMITED IP UDP: Use this rule template to create custom rules that contains rate limiting restrictions for blacklisting IP addresses on UDP. If there are certain IP addresses that you want to block before its traffic reaches the rate limit restrictions, you can create a rule using the RATELIMITED IP UDP template. In the Rule Parameters table, complete the following:
    • Packets per second: Enter the number of packets per second to define the rate limit for this rule. You define this value to control the rate of UDP traffic that consists of DNS lookups for the IP address or network defined in this rule. The default is 5.
    • Drop interval: Enter the time interval in seconds the appliance drops IP packets sent by the rate limited IP address or network defined for this rule. The default is 30 seconds.
    • Rate limited IP address/network: Enter the IP address or network that is affected by the rate limit value configured for this rule. The appliance drops the packets sent by this IP address based on the drop interval when the TCP traffic of DNS lookups for this IP address exceeds the configured rate limit value.
  • WHITELIST IP TCP Pass prior to rate limiting: Use this rule template to create custom rules for allowing certain IP addresses on TCP before the appliance drops the packets based on rate limiting rules you have defined using the RATELIMITED IP TCP template. In the Rule Parameters table, complete the following:
    • Whitelisted IP address/network: Enter the IPv4 or IPv6 address from which packets sent are allowed before any relevant rate limiting rules take effect.
  • WHITELIST IP UDP Pass prior to rate limiting: Use this rule template to create custom rules for allowing certain IP addresses on UDP before the appliance drops the packets based on rate limiting rules you have defined using the RATELIMITED IP UDP template. In the Rule Parameters table, complete the following:
    • Whitelisted IP address/network: Enter the IPv4 or IPv6 address from which packets sent are allowed before any relevant rate limiting rules take effect.
  • WHITELIST TCP Domain: Use this rule template to create custom rules to allow DNS queries by FQDN lookups on TCP. In the Rule Parameters table, complete the following:
    • Whitelist FQDN: Enter the FQDN that you want the appliance to allow over TCP traffic. NIOS supports anexact match or subdomain matches for the FQDN specified in the rule. For example, if "test.com" is specified as a custom rule, NIOS blocks allows “test.com” or “abc.test.com” but “abctest.com” will not be blocked.
  • WHITELIST UDP Domain: Use this rule template to create custom rules to allow DNS queries by FQDN lookups on UDP. In the Rule Parameters table, complete the following:
    • Whitelist FQDN: Enter the FQDN that you want the appliance to allow over UDP traffic. NIOS supports anexact match or subdomain matches for the FQDN specified in the rule. For example, if "test.com" is specified as a custom rule, NIOS blocks allows “test.com” or “abc.test.com” but “abctest.com” will not be blocked.
  • BLACKLIST TCP FQDN lookup for DNS Message Type: Use this rule template to create custom rules for blacklisting FQDN lookups on TCP for the specified DNS message type. In the Rule Parameters table, complete the following:
    • DNS Record Type: Select the DNS record type from the drop-down list or enter a valid ENUM for the DNS record. You can enter a value between 1 and 65534. The following DNS resource records are not supported by this rule template: MD (3), MF (4), MB (7), MG (8), MR (9), WKS (11), HINFO (13), MINFO (14), IXFR (251), and AXFR (252) record.
    • Blacklisted FQDN substring: Enter the FQDN from which the packets received are blocked over TCP for the specified DNS message type.
  • BLACKLIST UDP FQDN lookup for DNS Message Type: Use this rule template to create custom rules for blacklisting FQDN lookups on UDP for the specified DNS message type. In the Rule Parameters table, complete the following:
    • DNS Record Type: Select the DNS record type from the drop-down list or enter a valid ENUM for the DNS record. You can enter a value between 1 and 65534. The following DNS resource records are not supported by this rule template: MD (3), MF (4), MB (7), MG (8), MR (9), WKS (11), HINFO (13), MINFO (14), IXFR (251), and AXFR (252) record.
    • Blacklisted FQDN substring: Enter the FQDN from which the packets received are blocked over UDP for the specified DNS message type.
  • Pass TCP DNS MessageT ypes: Use this rule template to create custom rules to allow TCP DNS packets that contain the specified DNS record type. In the Rule Parameters table, complete the following:
    • DNS Record Type: Select the DNS record type from the drop-down list or enter a valid ENUM for the DNS record. You can enter a value between 1 and 65534. The following DNS resource records are not supported by this rule template: MD (3), MF (4), MB (7), MG (8), MR (9), WKS (11), HINFO (13), MINFO (14), IXFR (251), and AXFR (252) record.
  • Pass UDP DNS Message Types: Use this rule template to create custom rules to allow UDP DNS packets that contain the specified DNS record type. In the Rule Parameters table, complete the following:
    • DNS Record Type: Select the DNS record type from the drop-down list or enter a valid ENUM for the DNS record. You can enter a value between 1 and 65534. The following DNS resource records are not supported by this rule template: MD (3), MF (4), MB (7), MG (8), MR (9), WKS (11), HINFO (13), MINFO (14), IXFR (251), and AXFR (252) record.
  • RATE LIMITED TCP DNS Message Type: Use this rule template to create custom rules that contain rate limiting restrictions for blacklisting TCP DNS packets that contain the specified DNS record type. In the Rule Parameters table, complete the following:
    • Packets per second: Enter the number of packets per second to define the rate limit for this rule. You define this value to control the rate of TCP traffic that consists of DNS packets with the DNS record type defined in this rule. The default is 5.
    • DNS Record Type: Select the DNS record type from the drop-down list or enter a valid ENUM for the DNS record. You can enter a value between 1 and 65534. The following DNS resource records are not supported by this rule template: MD (3), MF (4), MB (7), MG (8), MR (9), WKS (11), HINFO (13), MINFO (14), IXFR (251), and AXFR (252) record.
    • Drop interval: Enter the number of seconds for which the appliance drops packets.
  • RATE LIMITED UDP DNS Message Type: Use this rule template to create custom rules that contain rate limiting restrictions for blacklisting UDP DNS packets that contain the specified DNS record type. In the Rule Parameters table, complete the following:
    • Packets per second: Enter the number of packets per second to define the rate limit for this rule. You define this value to control the rate of UDP traffic that consists of DNS packets with the DNS record type defined in this rule. The default is 5.
    • DNS Record Type: Select the DNS record type from the drop-down list or enter a valid ENUM for the DNS record. You can enter a value between 1 and 65534. The following DNS resource records are not supported by this rule template: MD (3), MF (4), MB (7), MG (8), MR (9), WKS (11), HINFO (13), MINFO (14), IXFR (251), and AXFR (252) record.
    • Drop interval: Enter the number of seconds for which the appliance drops packets.

...

Infoblox Advanced DNS Protection provides a few rule templates from which you can create custom rules. For information about the list of rule templates that you can use, see Custom Rule Templates.
To create a custom rule:

...