Saucepan

User Tools

Site Tools

Trace: dynamic_dns deploy_nios_vm nhs_digital install_mediawiki firewall_rules ddns install_guacamole deploy_discovery_vm wireshark network_users
infoblox:best_practice

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infoblox:best_practice [2025/03/21 09:09] bstaffordinfoblox:best_practice [2025/12/09 09:33] (current) – [DNS] bstafford
Line 1: Line 1:
 ====== Infoblox Best Practice ====== ====== Infoblox Best Practice ======
 If you are configuring a dual-stack network for the host, you must set the minimum MTU value for the IPv4 address to 1280; if you do not, the IPv6 address will not be functional.  If you are configuring a dual-stack network for the host, you must set the minimum MTU value for the IPv4 address to 1280; if you do not, the IPv6 address will not be functional. 
 +===== NIST Best Practice for DNS =====
 +
 +[[https://csrc.nist.gov/pubs/sp/800/81/r3/ipd|NIST SP 800 81r3 page]] with [[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81r3.ipd.pdf|PDF]].
 +
 ===== Best Practice Configuration ===== ===== Best Practice Configuration =====
-The Infoblox STIG documents published by the US Defense Information Systems Agency. There is a DISA STIG for NIOS 8.x - https://www.stigviewer.com/stig/infoblox_8.x_dns/+The Infoblox STIG documents published by the US Defense Information Systems Agency. There is a DISA STIG for NIOS 8.x - https://www.stigviewer.com/stigs/infoblox_8x_dns 
 +===== RPZ ===== 
 +When you use RPZ to download Threat Feeds from a provider (e.g. Infoblox, etc), make sure that at the first RPZ feed in the list is a local feed that lists your critical internal domains and RFC1918 (and other networks that you use), set the action to allow without logging. This will prevent your internal systems from being impacted by erroneous data in the providers feed.
 ===== NIOS Logging ===== ===== NIOS Logging =====
 Under Grid Properties > General > Basic > Audit Logging you can set "Brief", "Detailed", "WAPI Detailed". Setting to Brief instead of Detailed can (and has) hampered Infoblox support in establishing exact root cause of issues. Under Grid Properties > General > Basic > Audit Logging you can set "Brief", "Detailed", "WAPI Detailed". Setting to Brief instead of Detailed can (and has) hampered Infoblox support in establishing exact root cause of issues.
 +
 +Under Grid Properties > Monitoring > Basic make sure you tick Copy Audit Log Message to Syslog. Because it is syslog that can be copied of to SIEM server, this is how you ensure a longer copy of audit logs.
 ===== DDI ===== ===== DDI =====
   * DNS - If the Round Trip Time (RTT) between client and DNS server is greater than 200ms, then the user starts to notice.   * DNS - If the Round Trip Time (RTT) between client and DNS server is greater than 200ms, then the user starts to notice.
Line 63: Line 71:
  
 ===== DNS ===== ===== DNS =====
 +==== Recursive Queries ====
 +In the Security tab in the Grid DNS Properties, it is recommended to turn on the following two options:
 +  * Limit recursive queries per server
 +  * Limit recursive queries per zone
 +====Other ====
 In accordance with [[https://datatracker.ietf.org/doc/html/rfc6303|RFC 6303]] consider adding the following PTR zones as standard. In accordance with [[https://datatracker.ietf.org/doc/html/rfc6303|RFC 6303]] consider adding the following PTR zones as standard.
  
infoblox/best_practice.1742548169.txt.gz · Last modified: by bstafford