Versions Compared

Old Version 2

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Infoblox Infoblox provides DNS over HTTPS (DoH) service as well as DoH feeds to block open DoH infrastructure. This comprehensive solution includes multiple tools to ensure thorough coverage for your organization in extensive coverage, providing a robust DoH solution for your organization's network. The Infoblox DNS over HTTP (DoH) solution includes the following features: For DoH we use the following IP addresses 103.80.6.200 and 52.119.41.200, ensuring there is no overlap with DoT on the wrong port.

Key features of the Infoblox DoH solution include:

  • Policy threat intelligence feed for DoH: The Policy threat intelligence feed for DoH provides the ability to control the DNS access method used to detect and mitigate threats by helping organizations enforce their security policies by blocking known DoH servers and associated Firefox “canary” domains. This feed can be configured in the Infoblox Customer Services Portal.
  • DoH Feed in Cloud Services Infoblox Portal: Provides a regularly updated data set to the Infoblox TIDE platform that includes well known DoH servers and canary domains that can be used to block access in accordance with enterprise security policies. The Public_DoH and Public_DoH_IP feeds are available for all BloxOne Infoblox Threat Defense subscriptions. 
  • DoH Policy feed for known DoH domains and IPs: The DoH Policy feed for known DoH domains and IPs adds a new data set of domains and IP addresses for known DoH providers to Infoblox TIDE. This policy feed allows customers to extract this data set when enabling blocking using existing security platforms such as next-generation firewalls and can also be used for threat investigation to detect DoH servers used in malicious activity.
  • Dossier update of DoH domains/IPs: Using Dossier, users can determine whether a domain or IP is associated with a public DoH service that could bypass on-premise DNS security. Due to Whitelistingallow listing, not all domains are in the RPZ are in TIDE and Dossier.
  • RPZ creation for the policy domains: This RPZ is populated with known DoH domains and IP addresses enabling customers to prevent client machines from connecting directly to known public DoH servers that can bypass on-premise DNS-based security protocols.

...