When DNS requests are blocked or redirected by a threat feed on the BloxOne Infoblox Threat Defense Cloud, use the option to apply and enable a custom RPZ feed for smaller appliances. This option is available to BloxOne to Infoblox Threat Defense subscribers who have purchased and configured a hybrid DNS solution. The custom RPZ feed contains malicious threat indicators (domains and IP addresses) as well as wildcard rules for blocking all subdomains for a specific threat indicator. The custom RPZ feed is generated by a subscriber and must adhere to the following expiration policies specified in the RPZ rules. Be aware that Infoblox does not support the retrieval of cloud DNSFW hits onto on-premise appliances:
...
To enable the custom RPZ feed, turn on the BloxOne Infoblox Hits RPZ Feed option: On the Distribution Server Details page, toggle the switch from its default Disabled position to the Enable position. When you enable the custom RPZ feed, you must also select the maximum number ( =< 10,000) of entries that the RPZ feed may contain, as well as the expiration time (1 to 30 days) for the entries.
...