infoblox_threat_defense:dfp
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| infoblox_threat_defense:dfp [2025/11/09 15:47] – bstafford | infoblox_threat_defense:dfp [2025/11/12 15:28] (current) – [Add/Copy Source IP] bstafford | ||
|---|---|---|---|
| Line 24: | Line 24: | ||
| If both Add and Copy are both ticked, Copy trumps add (i.e. if there is anything to copy, ' | If both Add and Copy are both ticked, Copy trumps add (i.e. if there is anything to copy, ' | ||
| + | |||
| + | NOTE: Consider enabling ADD only for the DNS server that clients query directly. This prevents a malicious user from spoofing the source IP by adding their own EDNS0 data. By having ADD only, Infoblox will wipe the EDNS0 data and add the true source IP. If you set COPY at the client facing resolver, then spoofed entries can make their way up to Threat Defense Cloud. You can then set COPY at the recursive caching layer that sits (if it exists) between the DNS servers that clients query and the Threat Defense cloud. | ||
| ===== DHCP/IPAM ===== | ===== DHCP/IPAM ===== | ||
infoblox_threat_defense/dfp.1762703252.txt.gz · Last modified: by bstafford