Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

DNS sinkhole configuration for Deep Discovery Inspector (DDI)

    • Updated:
    • 12 Aug 2015
    • Product/Version:
    • Deep Discovery Inspector 3.0
    • Deep Discovery Inspector 3.2
    • Deep Discovery Inspector 3.5
    • Deep Discovery Inspector 3.6
    • Deep Discovery Inspector 3.7
    • Deep Discovery Inspector 3.8
    • Platform:
    • Amazon AMI 32-bit
    • VMware ESX 5.0
Summary
You want to configure DDI for DNS sinkhole so that when a DNS request is from a known malicious website/URL, DDI will just return a user-specified IP to the requesting client.
Details
Public

The Monitor and Reset action of the domain deny list can inject a predefined IP address in the DNS response packet. The predefined IP address can be configured by doing the following steps:

  1. Log on to DDI then go to http://[IP of DDI]/html/rdqa.htm.
  2. On the menu, select NCIE-Related.
  3. Configure the following entries:

    • DNS redirect for A IP:
    • DNS redirect for A TTL:
    • DNS redirect for AAAA IP:
    • DNS redirect for AAAA TTL:
  4. Go back to the DDI management page and select Administration > Monitoring / Scanning > Deny List / Allow List.
  5. On the Deny list tab, click Add.
  6. To add the domains that you want the sinkhole applied to, select Domain and select type Monitor and reset.
  7. Click Save.

The next time the particular domain makes a DNS request, it will be redirected to the DNS redirect specified in the NCIE-Related configuration. 

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1111956
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.