Infoblox On-Prem DNS Firewall employs DNS RPZs (Response Policy Zones), a technology developed by ISC (Internet System Consortium), for allowing reputable sources to dynamically communicate domain name reputation so that you can implement policy controls for DNS lookups.
The Data Exfiltration, Malware, Command & Control, and Summary reports are not tied to your organization's custom whitelist and should not be reported as RPZ events. As such, they are reporting Threat Intelligence detections and exist independent of the DNS Firewall. If you have your DNS Threat policy set to "log, allow," these will continue to show up. To remedy this, only the Security Report should be used when interpreting DNS Firewall activity
Infoblox On-Prem DNS Firewall can be accessed from the Cloud Services Portal at https://csp.infoblox.com. Once logged in to CSP, On-Prem DNS Firewall can be found under the policies tab (Policies > On-Prem DNS Firewall).
For information on On-Prem DNS Firewall Service, see the following:
- Configuring On-Prem DNS Firewall Service
- Enabling and Scaling of Custom RPZ Feeds
- Selecting a TSIG Key Format
- Sizing Guidelines for DDI Appliances
- Infoblox Threat Intelligence Feed Deployment Guide (downloadable PDF)
If your network infrastructure consists of On-Prem Infobox appliances, you can set up the DNS Firewall service on these appliances to provide protection through RPZ (Response Policy Zones). For more information about Infoblox DNS Firewall, refer to the Infoblox NIOS Administrator Guide.