infoblox:best_practice
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| infoblox:best_practice [2025/10/10 20:00] – bstafford | infoblox:best_practice [2025/12/09 09:33] (current) – [DNS] bstafford | ||
|---|---|---|---|
| Line 6: | Line 6: | ||
| ===== Best Practice Configuration ===== | ===== Best Practice Configuration ===== | ||
| - | The Infoblox STIG documents published by the US Defense Information Systems Agency. There is a DISA STIG for NIOS 8.x - https:// | + | The Infoblox STIG documents published by the US Defense Information Systems Agency. There is a DISA STIG for NIOS 8.x - https:// |
| ===== RPZ ===== | ===== RPZ ===== | ||
| When you use RPZ to download Threat Feeds from a provider (e.g. Infoblox, etc), make sure that at the first RPZ feed in the list is a local feed that lists your critical internal domains and RFC1918 (and other networks that you use), set the action to allow without logging. This will prevent your internal systems from being impacted by erroneous data in the providers feed. | When you use RPZ to download Threat Feeds from a provider (e.g. Infoblox, etc), make sure that at the first RPZ feed in the list is a local feed that lists your critical internal domains and RFC1918 (and other networks that you use), set the action to allow without logging. This will prevent your internal systems from being impacted by erroneous data in the providers feed. | ||
| Line 71: | Line 71: | ||
| ===== DNS ===== | ===== DNS ===== | ||
| + | ==== Recursive Queries ==== | ||
| + | In the Security tab in the Grid DNS Properties, it is recommended to turn on the following two options: | ||
| + | * Limit recursive queries per server | ||
| + | * Limit recursive queries per zone | ||
| + | ====Other ==== | ||
| In accordance with [[https:// | In accordance with [[https:// | ||
infoblox/best_practice.1760126409.txt.gz · Last modified: by bstafford