When you have “Local On-Prem Resolution” AND “Block DNS rebinding attacks” enabled on a security policy, then any NIOS-X or NIOS-X-as-a-Service instance that has conditional forwarding to on-prem servers that respond to internal domains with RFC1918 addresses will be blocked. This would also apply if NIOS-X was doing a global forwarder to a DNS server that also responds to internal domain. The “Block DNS rebinding attacks” just sees RFC1918 and blocks it.

When Infoblox filters a DNS name, it returns one of the following IP addresses

52.4.105.248

3.215.231.251

35.168.95.233

When you go to this IP, you will see the Infoblox block page.

ByPasscodes will redirect users to

https://smartproxy.b1tdc.infoblox.com

If you access this page over HTTPS, the page will be signed by the Infoblox BloxOne Root CA.

You must install this certificate as a trusted Root CA to avoid browser errors.