Bear in mind that “Advanced DNS Protection” as a licence also protects the protcols for:

• DNS
• DHCP
• NTP
• ICMP
• BGP
• OSPF

Also remember that ADP can be used for internal facing DNS. Rare but some massive organisations do use it like that.

show adp monitor-mode

set adp-monitor-mode off

When running ADP on the Grid, to download the latest updates, the Grid Master needs to resolve and access https://ts.infoblox.com on tcp-443. You may need to configure the proxy settings in the Grid and you may need to disable TLS inspection on the proxy.

Remember, installing ADP licence (“Threat Protection (Software add-on) license”) will reboot the member.

Remember, enabling the ADP service (“Threat Protection”) on a member will cause the member to reboot.

Remember, you cannot enable ADP on a GM or GMC

Remember, the DNS member running ADP must be using the MGMT interface.

Remember, the option to enable DoT and enable DoH is only visible if the member has enough memory allocated (Data Management > DNS > Members > Properties > Queries > Advanced)

Use a CHAOS query to ask for the running version of Bind. That will trigger a reconnaissance rule

dig @adp.infobloxtest.local CH TXT version.bind

CEF:0|Infoblox|NIOS Threat|8.6.2-49947-c076333333a0|110100200|EARLY DROP UDP DNS named version attempts|8|src=**** spt=63141 dst=**** dpt=53 act="DROP" cat="Reconnaissance" nat=0 nfpt=0 nlpt=0 fqdn=version.bind hit_count=1