Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Infoblox provides DNS over HTTPS (DoH) service as well as DoH feeds to block open DoH infrastructure. This comprehensive solution includes multiple tools to ensure extensive coverage, providing a robust DoH solution for your organization's network. For DoH we use the following IP addresses 103.80.6.200 and 52.119.41.200, ensuring there is no overlap with DoT on the wrong port.

Key features of the Infoblox DoH solution include:

  • Policy threat intelligence feed for DoH: The Policy threat intelligence feed for DoH provides the ability to control the DNS access method used to detect and mitigate threats by helping organizations enforce their security policies by blocking known DoH servers and associated Firefox “canary” domains. This feed can be configured in the Infoblox Customer Services Portal.
  • DoH Feed in Cloud Services Portal: Provides a regularly updated data set to the Infoblox TIDE platform that includes well known DoH servers and canary domains that can be used to block access in accordance with enterprise security policies. The Public_DoH and Public_DoH_IP feeds are available for all BloxOne Threat Defense subscriptions. 
  • DoH Policy feed for known DoH domains and IPs: The DoH Policy feed for known DoH domains and IPs adds a new data set of domains and IP addresses for known DoH providers to Infoblox TIDE. This policy feed allows customers to extract this data set when enabling blocking using existing security platforms such as next-generation firewalls and can also be used for threat investigation to detect DoH servers used in malicious activity.
  • Dossier update of DoH domains/IPs: Using Dossier, users can determine whether a domain or IP is associated with a public DoH service that could bypass on-premise DNS security. Due to allow listing, not all domains are in the RPZ are in TIDE and Dossier.
  • RPZ creation for the policy domains: This RPZ is populated with known DoH domains and IP addresses enabling customers to prevent client machines from connecting directly to known public DoH servers that can bypass on-premise DNS-based security protocols.



  • No labels