Configuring Internal Domains

When you use Endpoint or DNS Forwarding Proxy, DNS queries are sent directly to BloxOne Threat Defense Cloud. If you have internal domains that are served by local DNS servers and you want to reach them without interruptions, you should consider adding them to the bypassed internal domains list. If you add them, DNS queries for these internal domains are sent to the local DNS servers instead of BloxOne Threat Defense Cloud.

The internal domains list applies to NIOS DNS forwarding proxies as well. Infoblox recommends that you configure authoritative or forward zones for these domains. For more information, see Adding Local Resolvers and Internal Domains to DNS Forwarding Proxy.

If you do not specify internal domains, DNS queries targeting these domains are sent to BloxOne Threat Defense Cloud. Also, you might not be able to reach local resources such as servers and printers on your locally hosted domains. To ensure uninterrupted access to these resources, you should add these internal domains to the bypassed internal domains list. Essentially, all bypassed internal domains can resolve DNS records using local DNS servers. When you enter local resolvers when configuring a DNS forwarding proxy, the proxy uses the resolvers to provide resolution to local DNS zones as well as the bypassed internal domains. For information about adding local resolvers, see Adding Local Resolvers and Internal Domains to DNS Forwarding Proxy.

A maximum of 3000 records can be added to an internal domains list. Both IPv4 and IPv6 addresses can be added to an internal domains list.

In scenarios where the customer has multiple offices with different internal domains located at each office, using multiple bypass lists allows the creation of one or more internal domains lists per security policy for BloxOne Threat Defense Endpoint groups and for domain forwarding proxies. This is in addition to the creation of a global internal domains list to act as the default configuration for all offices. Using multiple internal domains lists allows each list to be assigned to a DNS Forwarding Proxy or BloxOne Threat Defense Endpoint independent of other lists.

On the Internal Domains page, you can view the following details for internal domains listed on the Internal Domains page:

NAME: The name of the internal domain list.
DESCRIPTION: The description of an internal domain list.
DOMAINS: The domains populating the internal domains list.
ASSOCIATED DNS FORWARDING PROXY/ENDPOINT GROUP: The domain forwarding proxies and endpoint groups associated with an internal domains list.
TAG: Displays any tag or tags assigned to to the internal domain.

You can also do the following in this tab:

Click to select the columns you want to display or use the arrow keys to reorder the columns.

Click > Edit to modify the internal domain. You can also select the respective internal domain and click the Edit button to do so.
Click > Remove to delete an internal domain. You can also select the respective internal domain and click the Remove button to do so.
Click > Import to import a list of internal domains. residing on your network. an external network. You can import a new list or update an existing list.
Select an internal domain to view additional details in the right panel. You can collapse the right panel by clicking.
Enter the value that you want to search in the Search text box. The Cloud Services Portal displays the list of records that match the keyword in the text box.
Click and then to filter data by the available values.

The internal domain list is used by Endpoint and NIOS DNS forwarding proxies. You should not include any remote sites on this list.

For information on adding internal domains to an Endpoint Group, see Adding Internal Domains to an Endpoint Group.

For information on adding internal domains to DNS Forwarding Proxy, see Adding Local Resolvers and Internal Domains to DNS Forwarding Proxy.

For information on configuring local DNS servers on DNS Forwarding Proxy, see Configuring DNS Forwarding Proxy.

For more information on internal domains, see the following: