Geolocation Support on a Per-Policy Basis

Infoblox Threat Defense supports geolocation control for your security policies while resolving DNS queries through Infoblox Threat Defense. Depending on your privacy preferences, you can choose whether to forward to the /24 subnet IP address in the DNS queries as part of configuring a security policy, given you have configured DNS resolution through Infoblox Threat Defense.

Geolocation support employs the EDNS0 ECS (Extension Mechanisms for DNS) option to transmit the public /24 subnet of your IP address to an external third-party DNS server. This functionality enables ECS-enabled third-party DNS servers to furnish relevant responses based on the geographical location of the requesting user and direct them to the nearest instance of the queried DNS record.

With Infoblox Threat Defense, you have the flexibility to enable or disable geolocation on a per-policy basis, meaning that this configuration impacts all network scopes associated with a specific policy. Enabling geolocation for a security policy exposes the public /24 subnet of a DFP, External Network, or Infoblox Endpoint to authoritative the DNS server. If you prefer not to disclose the public /24 subnet to external DNS name servers, then do not enable geolocation when setting up a security policy. It's important to note that geolocation is disabled by default.

Note

Infoblox keeps alist of domains that support geolocation-based responses. Infoblox Threat Defense will only forward public /24 subnet ECS data to domains on this list. Queries for domains not included in this list will not have ECS data forwarded, irrespective of whether geolocation is enabled or not. If you encounter any challenges during the configuration of geolocation, please reach out to Infoblox Technical Support.

For more information about EDNS and ECS options, refer to RFC 6891 and RFC 7871.

For information on enabling or disabling geolocation support for a new or existing security policy, see the following: