When DNS requests are blocked or redirected by a threat feed on the BloxOne Threat Defense Cloud, use the option to apply and enable a custom RPZ feed for smaller appliances. This option is available to BloxOne Threat Defense subscribers who have purchased and configured a hybrid DNS solution. The custom RPZ feed contains malicious threat indicators (domains and IP addresses) as well as wildcard rules for blocking all subdomains for a specific threat indicator. The custom RPZ feed is generated by a subscriber and must adhere to the following expiration policies specified in the RPZ rules. Be aware that Infoblox does not support the retrieval of cloud DNSFW hits onto on-premise appliances:
- Maximum Feed Entries: The maximum number of feed entries is limited to 10,000 or fewer records.
- Expiration Time (TTL): The TTL for entries must be from 1 day to 30 days. The RPZ feed can be fetched by using the account’s preconfigured TSIG key, which works only with the associated custom zone.
...
To retrieve data from the custom RPZ feed, use a preconfigured TSIG key for the account.
Infoblox does not support the retrieval of cloud DNSFW hits onto on-premise appliances.