Summary
You want to configure DDI for DNS sinkhole so that when a DNS request is from a known malicious website/URL, DDI will just return a user-specified IP to the requesting client.
Details
The Monitor and Reset action of the domain deny list can inject a predefined IP address in the DNS response packet. The predefined IP address can be configured by doing the following steps:
- Log on to DDI then go to http://[IP of DDI]/html/rdqa.htm.
- On the menu, select NCIE-Related.
-
Configure the following entries:
- DNS redirect for A IP:
- DNS redirect for A TTL:
- DNS redirect for AAAA IP:
- DNS redirect for AAAA TTL:
- Go back to the DDI management page and select Administration > Monitoring / Scanning > Deny List / Allow List.
- On the Deny list tab, click Add.
- To add the domains that you want the sinkhole applied to, select Domain and select type Monitor and reset.
- Click Save.
The next time the particular domain makes a DNS request, it will be redirected to the DNS redirect specified in the NCIE-Related configuration.
