Saucepan

User Tools

Site Tools

Trace: best_practice delegation cloud_network_automation dns_exfiltration powershell dns_servers forwarding best_practice firewall_rules licencing
infoblox_nios:adp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infoblox_nios:adp [2025/03/03 16:36] bstaffordinfoblox_nios:adp [2026/02/16 02:58] (current) bstafford
Line 3: Line 3:
  
 [[https://www.infoblox.com/resources/deployment-guide/advanced-dns-protection-ruleset-tuning|ADP Tuning]] [[https://www.infoblox.com/resources/deployment-guide/advanced-dns-protection-ruleset-tuning|ADP Tuning]]
 +
 +[[https://blogs.infoblox.com/community/infoblox-advanced-dns-protection-rules-viewing-the-tip-of-an-iceberg/|ADP Rules]]
 +
 +[[https://www.infoblox.com/code/wp-content/themes/Divi-child/f/adp-basic-config/story_html5.html?lms=1&lms=1|Old Training Video]]
  
 To ensure proper performance, ADP locks 2 CPU core to process network traffic. To ensure proper performance, ADP locks 2 CPU core to process network traffic.
Line 71: Line 75:
 <code>CEF:0|Infoblox|NIOS Threat|8.6.2-49947-c076333333a0|110100200|EARLY DROP UDP DNS named version attempts|8|src=**** spt=63141 dst=**** dpt=53 act="DROP" cat="Reconnaissance" nat=0 nfpt=0 nlpt=0 fqdn=version.bind hit_count=1</code> <code>CEF:0|Infoblox|NIOS Threat|8.6.2-49947-c076333333a0|110100200|EARLY DROP UDP DNS named version attempts|8|src=**** spt=63141 dst=**** dpt=53 act="DROP" cat="Reconnaissance" nat=0 nfpt=0 nlpt=0 fqdn=version.bind hit_count=1</code>
  
 +Another example log where we block a specific domain from being resolved.
 +  * Facility: daemon
 +  * Level: ERROR
 +  * Server: threat-protect-log
 +  * Message: CEF:0|Infoblox|NIOS Threat|9.0.6-53318-82020f7ffaad|120303001|Blacklist:blockedinconfig.domain.com|7|src=25.26.27.28 spt=52223 dst=192.168.1.123 dpt=53 act="DROP" cat="BLACKLIST UDP FQDN lookup" nat=0 nfpt=0 nlpt=0 fqdn=blockedinconfig.domain.com hit_count=3</code>
 ===== DoH ===== ===== DoH =====
 To test DoH on Linux Client, [[https://www.linuxbabe.com/ubuntu/dns-over-https-doh-resolver-ubuntu-dnsdist|this page is a useful guide]]. I had to use a proper certificate (Lets Encrypt) to get it to work. I put the HTTPS cert on the DoH member of the Infoblox Grid and also imported the intermediate and root certificates into the Grid. To test DoH on Linux Client, [[https://www.linuxbabe.com/ubuntu/dns-over-https-doh-resolver-ubuntu-dnsdist|this page is a useful guide]]. I had to use a proper certificate (Lets Encrypt) to get it to work. I put the HTTPS cert on the DoH member of the Infoblox Grid and also imported the intermediate and root certificates into the Grid.
infoblox_nios/adp.1741019812.txt.gz · Last modified: by bstafford