...
Note: When the "Block DNS Rebinding Attacks" option is enabled in a security policy and it blocks a DNS response with a private IP, the security log in the Infoblox Security Activity report will mark the query as being blocked by the threat feed "private-ip", threat class "Policy," and threat property "Rebind" and action "Redirect".
Rebind protection is applied to a DNS query after it has been processed by all the security policy rules in the security policy. This means that if you need to allow legitimate public DNS queries to an FQDN that resolves to RFC1918 IP addresses, you can add that FQDN to a custom list and add the custom list to the security policy with an action of Allow - No Log. This permits the query to resolve without creating any security event log. You can set the security policy rule to Allow - With Log if you require a security event log. For example, dns.msftncsi.comis a domain used by Microsoft Windows 10 and later for network connectivity testing. It resolves to a public IPv4 address but a private IPv6 address and thus can produce a very large number of security events if Rebind protection is enabled.