/
Adding DoH Feeds to a Security Policy
Document toolboxDocument toolbox

Adding DoH Feeds to a Security Policy

Owned by Gary Leicht
Last updated: Sept 06, 2024

To add DoH Policy for known DoH domains and/or DoH Policy for known DoH IPs to your security policy, see Adding Policy Rules and Setting Precedence. You can find the updated DoH policy feeds in the Feeds and Threat Insight panel. Infoblox recommends setting rule actions for both DoH domains policy feeds to "BLOCK – No Redirect." For information on configuring your security policy, see Configuring Security Policies.

Infoblox offers the following DoH RPZ feeds.  

Feed NameLevel ConfidenceDescription
DOH Public HostnamesLow - Exposure to this threat may cause low or no damage to your network.High - This feed has a low probability of resulting in false positives.The Public DOH feed provides a list of known public DNS services that tunnel their traffic over HTTP. This may be from a browser (such as Mozilla Firefox), a piece of malware, or a user attempting to bypass your organization's DNS policies. This feed contains “canary” domains. We recommend all organizations enable this blocking rule.
DoH Public IPsLow - Exposure to this threat may cause low or no damage to your network.High - This feed has a low probability of resulting in false positives.The Public DOH IP feed provides a list of known public DNS services that tunnel their traffic over HTTP. This may be from a browser (such as Mozilla Firefox), a piece of malware, or a user attempting to bypass your organization's DNS policies. This feed contains “canary” addresses. We recommend all organizations enable this blocking rule.

.

.For information on how to add the DoH feeds to On-Prem DNS Firewall Service, see Configuring On-Prem DNS Firewall Service.



Related content