Versions Compared

Version Old Version 16 New Version 17
Changes made by

Gary Leicht

Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NIOS RPZ feed recommendations to use after the feed revamp release in December 2024.

...

Feed Availability

Feed Name

Essentials

Business On-Prem

Advanced

Infoblox Base

Infoblox Base IP

NA

Infoblox High Risk

NA

NA

Infoblox Medium Risk

NA

NA

Infoblox Low Risk

NA

NA

Infoblox Informational

NA

For information for adding the new feeds and sizing requirements to your appliance, see Sizing Guidelines for Trinzic Appliances

...

Before adding the new NIOS RPZ feeds, you must first identify and remove the existing feeds approaching EOS. To do this, follow these steps:

  • In NIOS Grid Manager, navigate to Data Management > DNS > Response Policy Zones.

  • Identify the current NIOS feeds for removal. These can be identified by their

...

  • names:

    • base.rpz.infoblox.local

    • antimalware.rpz.infoblox.local

...

    • ransomware.rpz.infoblox.local

    • malware-dga.rpz.infoblox.local

    • antimalware-ip.rpz.infoblox.local

...

    • suspicious-med.rpz.infoblox.local

...

    • suspicious-lookalikes.rpz.infoblox.local

...

    • suspicious-noed.rpz.infoblox.local

...

    • noed.rpz.infoblox.local

...



    • Note: The

...

    • availability of the new RPZ feeds is dependent on subscription level. 

    The old NIOS RPZ feeds to be removed prior to replacing with the new feeds.Image Modified

    Note: If you have a large number of RPZs, use the search function to locate the feeds to be removed.

    Searching for specific RPZs to be removed.Image Modified

  • Select the checkbox associated with one of the feeds to be removed.

  • Click the trash can icon or the Delete button in the toolbar. 

    Removing the old RPZ feeds from NIOS.Image Modified

      

  • Click Yes in the Delete Confirmation dialogue. 

    Confirming the removal of the selected feeds. The removed feeds will be moved to the Recycle Bin.Image Modified

  • If you are removing multiple feeds, repeat steps 3-5 for each.

  • Deletion of RPZs requires a service restart.  Click Restart located in the top, yellow banner to perform a system restart. 

    image-20240506-205106.pngImage Modified

  • In the Restart Grid Services dialog, adjust Restart Method if desired and click Restart.

    Selecting a restart method from among the restart options.Image Modified

Adding the New NIOS RPZ Feeds to be Released on April 2024  

...

  1. In NIOS Grid Manager, navigate to Data Management > DNS > Response Policy Zones.

  2. Click the add icon or the Add button in the toolbar. 

    The new NIOS RPZ feeds added in order of recommended order (slots 0 through 5).

  3. On Step 1 of the Add Response Policy Zone Wizard, select Add Response Policy Zone Feed.

  4. Click Next.

    The first step of adding a response policy zone feed.

  5. On Step 2, paste the Name of the feed, as copied from the Infoblox Portal.

  6. Optionally, adjust Policy Override and Severity. Note: This should reflect the policy used on the SURBL feeds being replaced.

  7. Click Next.

    The second step of adding a response policy zone feed includes providing a name for the feed and optionally adjusting the policy override and severity.

  8. On Step 3, use the Add button dropdown to select External PrimaryNote: To save time, you can instead use a nameserver group configured with the external primary and any Grid secondaries to be used for all RPZs. Refer to NIOS Documentation for additional information on creating nameserver groups.

    The third step of adding a response policy zone feed involves selecting the External Primary.

  9. Enter a Name. Note: This field is for reference purpose only, use any name you choose.

  10. Enter the Address of the distribution server as copied from the Infoblox Portal.

  11. Select the box for Use TSIG.

  12. Enter the Key Name as copied from the Infoblox Portal.

  13. Select the Key Algorithm as noted from the Infoblox Portal.

  14. Enter the Key Data as copied from the Infoblox Portal.

  15. Click Add.

    Adding configuration information in the TSIG text fields.

  16. Use the Add button followed by selecting Grid Secondary from among the menu option choices.

    Adding a Grid Secondary.

  17. Click Select followed by choosing the NIOS member to update. Note: You can configure a single secondary to be “Lead Secondary”. If you select this, then that member will be the only one to reach out to the external primary. The feed is then redistributed between members using zone transfers.

  18. Click Add.

    Selecting the NIOS member to update.

  19. (Optional) Repeat Steps 17 and 18 to add additional NIOS appliances as secondaries. 

  20. Click Save & Close.

    Adding secondary nameservers.

  21. Repeat steps 2-20 for each feed you are adding.

  22. When adding an RPZ a service restart is In the banner at the top of the Grid Manager window, click on Restart.

    Click Restart to remove the desired feeds and restart NIOS.

  23. In the Restart Grid Services dialog, adjust Restart Method if desired and click Restart.

    Selecting a restart method from among the restart options to restart the Grid Service.

  24. (Optional) Once you have added all feeds, use the Order Response Policy Zones button in the Toolbar to change the order feeds are applied. 

  25. In the Order Response Policy Zones dialog, use the arrows to change the

  26. Click OK when complete. 

    Configuring Order Response Zones for the new NIOS RPZ feeds.

    Image: Configuring Order Response Zones for the new NIOS RPZ feeds.

  27. Changing the order of RPZs requires a service restart to take effect. In the banner at the top of the Grid Manager window, click on Restart.

  28. In the Restart Grid Services dialog, adjust Restart Method if desired and click Restart.

...