For BloxOne Threat Defense subscribers having purchased and configured a hybrid DNS solution, when DNS requests are blocked or redirected by a threat feed on BloxOne Threat Defense Cloud, the option of applying and enabling a custom RPZ feed for smaller appliances is available. The custom RPZ feed contains malicious threat indicators (domains and IP addresses) as well as wildcard rules to block all subdomains for the threat indicator. The custom RPZ feed is customer-generated and must adhere to the following RPZ-rule expiration policies:
- Maximum Feed Entries: The maximum number of feed entries is limited to 10,000 or fewer records.
- Expiration Time (TTL): The expiration time (TTL) for entries must be within the range of 1 day to 30 days. The RPZ feed can be fetched using preconfigured TSIG key in the account which works only with the associated custom zone.
The custom RPZ feed is enabled when the BloxOne Hits RPZ Feed option on the Distribution Server Details page by toggling the switch located at the top of the page from its default Disabled position to the Enable position. At the time the custom RPZ feed is enabled, the maximum number of entries contained within the RPZ feed must be selected ( =< 10,0000) along with the expiration time for the entries contained within the RPZ feed (1 to 30 days).
Data from the custom RPZ feed can be retrieved by using a preconfigured TSIG key for the account.