The Infoblox DNS over HTTPS (DoH) solution includes multiple tools to ensure thorough coverage for your organization in providing a robust DoH solution for your network. The Infoblox DNS over HTTP (DoH) solution includes the following features:
- Policy threat intelligence feed for DoH: The Policy threat intelligence feed for DoH provides the ability to control the DNS access method used to detect and mitigate threats by helping organizations enforce their security policies by blocking known DoH servers and associated Firefox “canary” domains. This feed can be configured in the Infoblox Customer Services Portal.
- DoH Feed in Cloud Services Portal: Provides a regularly updated data set to the Infoblox TIDE platform that includes well known DoH servers and canary domains that can be used to block access in accordance with enterprise security policies. The Public_DoH and Public_DoH_IP feeds are available for all BloxOne Threat Defense subscriptions.
- DoH Policy feed for known DoH domains and IPs: The DoH Policy feed for known DoH domains and IPs adds a new data set of domains and IP addresses for known DoH providers to Infoblox TIDE. This policy feed allows customers to extract this data set when enabling blocking using existing security platforms such as next-generation firewalls and can also be used for threat investigation to detect DoH servers used in malicious activity.
- Dossier update of DoH domains/IPs: Using Dossier, users can determine whether a domain or IP is associated with a public DoH service that could bypass on-premise DNS security. Due to Whitelisting, not all domains are in the RPZ are in TIDE and Dossier.
- RPZ creation for the policy domains: This RPZ is populated with known DoH domains and IP addresses enabling customers to prevent client machines from connecting directly to known public DoH servers that can bypass on-premise DNS-based security protocols.