Bear in mind that “Advanced DNS Protection” as a licence also protects the protcols for:

• DNS
• DHCP
• NTP
• ICMP
• BGP
• OSPF

Also remember that ADP can be used for internal facing DNS. Rare but some massive organisations do use it like that.

show adp monitor-mode

set adp-monitor-mode off

When running ADP on the Grid, to download the latest updates, the Grid Master needs to resolve and access https://ts.infoblox.com on tcp-443. You may need to configure the proxy settings in the Grid and you may need to disable TLS inspection on the proxy.

Use a CHAOS query to ask for the running version of Bind. That will trigger a reconnaissance rule

dig @adp.infobloxtest.local CH TXT version.bind

CEF:0|Infoblox|NIOS Threat|8.6.2-49947-c076333333a0|110100200|EARLY DROP UDP DNS named version attempts|8|src=**** spt=63141 dst=**** dpt=53 act="DROP" cat="Reconnaissance" nat=0 nfpt=0 nlpt=0 fqdn=version.bind hit_count=1