Configuring Internal Domains

When you use Endpoint or DNS Forwarding Proxy, DNS queries are sent directly to Infoblox Threat Defense. If you have internal domains that are served by local DNS servers and you want to reach them without interruptions, you should consider adding them to the bypassed internal domains list. If you add them, DNS queries for these internal domains are sent to the local DNS servers instead of Infoblox Threat Defense.

The internal domains list applies to NIOS DNS forwarding proxies as well. Infoblox recommends that you configure authoritative or forward zones for these domains. For more information, see Adding Internal Resolvers and Internal Domains to DNS Forwarding Proxy.

If you do not specify internal domains, DNS queries targeting these domains are sent to Infoblox Threat Defense. Also, you might not be able to reach local resources such as servers and printers on your locally hosted domains. To ensure uninterrupted access to these resources, you should add these internal domains to the bypassed internal domains list. Essentially, all bypassed internal domains can resolve DNS records using local DNS servers. When you enter local resolvers when configuring a DNS forwarding proxy, the proxy uses the resolvers to provide resolution to local DNS zones as well as the bypassed internal domains. For information about adding local resolvers, see Adding Internal Resolvers and Internal Domains to DNS Forwarding Proxy.

A maximum of 3000 records can be added to an internal domains list. Both IPv4 and IPv6 addresses can be added to an internal domains list.

In scenarios where the customer has multiple offices with different internal domains located at each office, using multiple bypass lists allows the creation of one or more internal domains lists per security policy for Infoblox Threat Defense Endpoint groups and for domain forwarding proxies. This is in addition to the creation of a global internal domains list to act as the default configuration for all offices. Using multiple internal domains lists allows each list to be assigned to a DNS Forwarding Proxy or Infoblox Threat Defense Endpoint independent of other lists.

On the Internal Domains page, you can view the following details for internal domains listed on the Internal Domains page:

NAME: The name of the internal domain list.
DESCRIPTION: The description of an internal domain list.
DOMAINS: The domains populating the internal domains list.
ASSOCIATED DNS FORWARDING PROXY/ENDPOINT GROUP: The domain forwarding proxies and endpoint groups associated with an internal domains list.
TAG: Displays any tag or tags assigned to to the internal domain.

You can also do the following in this tab:

Click the expand manu icon to select the columns you want to display or use the arrow keys to reorder the columns.

Click the expand manu icon > Edit to modify the internal domain. You can also select the respective internal domain and click the Edit button to do so.
Click the expand manu icon > Remove to delete an internal domain. You can also select the respective internal domain and click the Remove button to do so.
Click the expand manu icon > Import to import a list of internal domains residing on your network. You can import a new list or update an existing list.
Select an internal domain to view additional details in the right panel. You can collapse the right panel by clickingthe information icon.
Enter the value that you want to search in the Search text box. The Infoblox Portal displays the list of records that match the keyword in the text box.
Click the filter icon and then click the Add icon to filter data by the available values.

The internal domain list is used by Endpoint and NIOS DNS forwarding proxies. You should not include any remote sites on this list.

For information on adding internal domains to an Endpoint Group, see Adding Internal Domains to an Endpoint Group.

For information on adding internal domains to DNS Forwarding Proxy, see Adding Internal Resolvers and Internal Domains to DNS Forwarding Proxy.

For information on configuring local DNS servers on DNS Forwarding Proxy, see Configuring DNS Forwarding Proxy.

For more information on internal domains, see the following: