RPZ qname-wait-recurse no

No DNS records are needed for a QNAME or Client-IP trigger. The name or IP address itself is sufficient, so in principle the query name need not be recursively resolved. However, not resolving the requested name can leak the fact that response policy rewriting is in use and that the name is listed in a …

Continue reading ‘RPZ qname-wait-recurse no’ »

Infoblox Reporting. DNS Top RPZ Hits with Discovered Name.

This is a custom version of “DNS Top RPZ Hits” report with added Discovered Name/Network View fields and removed Time field.

Infoblox Reporting. IPAM Statistic Used/Unused IPs per a subnet

This simple search shows IPAM network usage statistic.

Infoblox Reporting. IPAM Discovered Device History by Network

 This is a custom version of this dashboard. I’ve added networks filter. The query for the filter is not an optimal in terms of performance but anyway will work good for small IPAM databases.

Infoblox Reporting. Inactive MAC Addresses

This report is a custom version of “Inactive IP Addresses” report and provide information about MAC addresses that were not connected to a network for a while.

Infoblox Reporting and Analytics for Security

    Recently Infoblox released a new version of our reporting solution, which we renamed “Infoblox Reporting and Analytics”. The solution is based on the Splunk engine and delivers an enhanced reporting interface so now you can create custom dashboards, reports, and alerts. This gives you unlimited possibilities to analyze data and mine invaluable knowledge about your …

Continue reading ‘Infoblox Reporting and Analytics for Security’ »

Случайные и фантомные домены (random subdomain, phantom domain), DDoS атака на кэширующий DNS

    Начиная с января месяца многие провайдеры в РФ подверглись/подвергаются атакам на DNS инфраструктуру, помимо Amplification/Reflection атаки активно использовалась/используется атака Random subdomain/Phantom Domain (атака случайными или фантомными доменами). Информация по атакам была получена мной от нескольких провайдеров в европейской части России и в западной Сибири (крупные региональные и московские провайдеры). При этом кто-то просто подтверждал наличие …

Continue reading ‘Случайные и фантомные домены (random subdomain, phantom domain), DDoS атака на кэширующий DNS’ »

How dangerous can be an open DNS resolver

    Almost every IT specialist knows that open recursive DNS server can be very dangerous but I’ve never seen any example what happens and how fast it will be utilized in inappropriate way. These were interesting questions for me and I decided to make a small study and opened my DNS server for everybody in Internet. …

Continue reading ‘How dangerous can be an open DNS resolver’ »

How to change MAC of a virtual machine to MAC which belongs to reserved VmWare MACs

Sometimes it is necessary to change MAC address of a virtual machine and in most cases there is no any issue except MAC-addresses which belong to reserved VmWare MACs. In this situation ESXi shows such error:

 To fix the problem you can use the algorithm described below (all information about it you can find in this …

Continue reading ‘How to change MAC of a virtual machine to MAC which belongs to reserved VmWare MACs’ »

Creating perl scripts in Infoblox Network Automation (NetMRI)

Creating scripts in Network Automation is a very simple task. But these scripts can be very powerful and useful.Look at my presentation and you will know how to create Perl-scripts, to use internal objects, to interact with network devices and to sync data with Infoblox DDI solution.