Differences

This shows you the differences between two versions of the page.

--- infoblox_nios:adp [2024/09/02 15:33] – bstafford
+++ infoblox_nios:adp [2026/02/16 02:58] (current) – bstafford
@@ Line 4: / Line 4: @@
 [[https://www.infoblox.com/resources/deployment-guide/advanced-dns-protection-ruleset-tuning|ADP Tuning]]
-Bear in mind that "Advanced DNS Protection" as a licence also protects the protcols for:
+[[https://blogs.infoblox.com/community/infoblox-advanced-dns-protection-rules-viewing-the-tip-of-an-iceberg/|ADP Rules]]
+[[https://www.infoblox.com/code/wp-content/themes/Divi-child/f/adp-basic-config/story_html5.html?lms=1&lms=1|Old Training Video]]
+To ensure proper performance, ADP locks 2 CPU core to process network traffic.
+Bear in mind that "Advanced DNS Protection" as a license also protects the protocols for:
   * DNS
   * DHCP
@@ Line 69: / Line 75: @@
 <code>CEF:0|Infoblox|NIOS Threat|8.6.2-49947-c076333333a0|110100200|EARLY DROP UDP DNS named version attempts|8|src=**** spt=63141 dst=**** dpt=53 act="DROP" cat="Reconnaissance" nat=0 nfpt=0 nlpt=0 fqdn=version.bind hit_count=1</code>
+Another example log where we block a specific domain from being resolved.
+  * Facility: daemon
+  * Level: ERROR
+  * Server: threat-protect-log
+  * Message: CEF:0|Infoblox|NIOS Threat|9.0.6-53318-82020f7ffaad|120303001|Blacklist:blockedinconfig.domain.com|7|src=25.26.27.28 spt=52223 dst=192.168.1.123 dpt=53 act="DROP" cat="BLACKLIST UDP FQDN lookup" nat=0 nfpt=0 nlpt=0 fqdn=blockedinconfig.domain.com hit_count=3</code>
 ===== DoH =====
 To test DoH on Linux Client, [[https://www.linuxbabe.com/ubuntu/dns-over-https-doh-resolver-ubuntu-dnsdist|this page is a useful guide]]. I had to use a proper certificate (Lets Encrypt) to get it to work. I put the HTTPS cert on the DoH member of the Infoblox Grid and also imported the intermediate and root certificates into the Grid.