When DNS requests are blocked or redirected by a threat feed on the BloxOne Threat Defense Cloud, use the option to apply and enable a custom RPZ feed for smaller appliances. This option is available to BloxOne Threat Defense subscribers who have purchased and configured a hybrid DNS solution. The custom RPZ feed contains malicious threat indicators (domains and IP addresses) as well as wildcard rules for blocking all subdomains for a specific threat indicator. The custom RPZ feed is generated by a subscriber and must adhere to the following expiration policies specified in the RPZ rules. Be aware that Infoblox does not support the retrieval of cloud DNSFW hits onto on-premise appliances:
- Maximum Feed Entries: The maximum number of feed entries is limited to 10,000 or fewer records.
- Expiration Time (TTL): The TTL for entries must be from 1 day to 30 days. The RPZ feed can be fetched by using the account’s preconfigured TSIG key, which works only with the associated custom zone.
To enable the custom RPZ feed, turn on the BloxOne Hits RPZ Feed option: On the Distribution Server Details page, toggle the switch from its default Disabled position to the Enable position. When you enable the custom RPZ feed, you must also select the maximum number ( =<10,000) of entries that the RPZ feed may contain, as well as the expiration time (1 to 30 days) for the entries.
To retrieve data from the custom RPZ feed, use a preconfigured TSIG key for the account.
Infoblox does not support the retrieval of cloud DNSFW hits onto on-premise appliances.