Merging DNS Infrastructure Protection Rulesets in NIOS (3536)
This lab requires a lab environment with DNS Infrastructure Protection capability!
Please ensure that you have deployed a NIOS Lab Environment (with DNS Infrastructure Protection) lab environment.
Scenario
Your organization is currently using the tuned DNS Infrastructure Protection ruleset 20250702-16, which includes important custom rules and setting adjustments made over time. A newer Infoblox ruleset, 20251209 16, has been released, offering updated rules designed to improve detection accuracy and address new threats. To ensure you benefit from these improvements without losing your custom rules and tuning, you will merge the currently active ruleset 20250702-16 with the new version 20251209-16 rather than replacing it.
In this lab, you will merge the two rulesets, confirm that custom rules and disabled rule categories are preserved, and update the Authoritative – Tuned profile to use the newly merged ruleset. This ensures your authoritative DNS servers continue applying both the latest protections and your organization‑specific tuning.
Estimate Completion Time
15 to 25 Minutes
Prerequisites
Lab 3534: Tuning DNS Infrastructure Protection for Authoritative DNS Servers in NIOS
Lab 3535: Creating Custom DNS Infrastructure Protection Rules in NIOS
Related Lab Guides
Credentials
Description | Username | Password | URL or IP |
|---|---|---|---|
Grid Manager UI | admin | infoblox | |
Jump-Desktop | training | infoblox |
Requirements
Administrative access to the Grid
Usage of the NIOS Lab Environment (DNS Infrastructure Protection) Lab environment
Tasks
Merge the currently active ruleset 20250702-16 with the new 20251209-16 ruleset
Modify the Authoritative - Tuned profile to use the newly merged 20251209-16 ruleset
Task 1: Merge the currently active ruleset 20250702-16 with the new 20251209-16 ruleset
In this task, you will merge your active ruleset, 20250702-16, including all custom rules and tuning adjustments created in earlier labs, into the newly released ruleset, 20251209-16. This approach prevents the loss of your organization‑specific tuning and ensures that Infoblox’s latest updates, thresholds, and rule improvements are incorporated into your environment. You will compare differences between the two rulesets, select the custom rules to migrate, and complete the merge process
Task 2: Modify the Authoritative - Tuned profile to use the newly merged 20251209-16 ruleset
After creating the merged ruleset, 20251209-16, you will apply it to the Authoritative – Tuned profile used by your authoritative DNS servers. Since this profile was created in earlier labs to unify tuning across all authoritative Grid members, updating it ensures that every assigned server benefits from the latest protections and your preserved customizations
Solutions
Task 1 Solution: Merge the currently active ruleset 20250702-16 with the new 20251209-16 ruleset
In this task, we are merging the active ruleset version 20250702-16 with the newly released version 20251209-16. We are not simply moving to the latest version because we have significantly tuned our current ruleset and added custom rules. If we switch to 20251209-16 without merging, our custom rules and tuning efforts will no longer apply to traffic.
The best approach is to merge the two rulesets. This will allow us to incorporate the latest updates from Infoblox for DNS Infrastructure Protection, which may adjust thresholds and actions for some system and auto rules, and add or remove rules to address new threats, while preserving our custom rules and tuning efforts.
Navigate to Data Management → Security → DNS Infrastructure Protection Rules.
On the toolbar, select Merge → Ruleset.
Under Merge changes from, expand Old Ruleset and select 20250702 16.
This is the ruleset containing your customized and tuned rules.
Under To, expand New Ruleset and select 20251209 16.
This is the latest ruleset released by Infoblox and will serve as the updated base.
Click Get Differences.
The top panel shows differences in system rules between the two versions.
The bottom panel lists the custom rules present in the older ruleset but missing in the new one.
Click the checkbox next to each custom rule created to include them in the merged ruleset.
Click Merge Changes, then choose Yes to confirm.
Close the Merge Changes into Ruleset window.
Click Publish to apply the newly merged ruleset across the Grid.
Task 2 Solution: Modify the Authoritative - Tuned profile to use the newly merged 20251209-16 ruleset
In this task, we will modify the Authoritative - Tuned profile to use the newly merged 20251209-16 ruleset instead of the older 20250702-16 ruleset. This profile supports all external-facing authoritative servers running DNS Infrastructure Protection in our organization, created in a previous lab to enable sharing a single tuned DNS Infrastructure Protection ruleset. We will also confirm the successful merge of the two rulesets by checking that all custom rules have merged and that disabled rule categories remain inactive.
Navigate to Data Management → Security → Profiles.
Select the Authoritative – Tuned profile.
Click Edit.
Under Active Ruleset Version, select the merged 20251209 16 ruleset.
Click Save & Close.
Publish the changes.
Click on the Authoritative - Tuned profile to reopen it.
Scroll down to the DNS Malware category.
Expand the category and confirm that all rules remain disabled as they were before the merge.
These statuses were inherited from the previously used 2025070-16 ruleset. Only Auto rules may be enabled, as their activation state is determined by the system and cannot be manually changed or inherited.
Scroll down to the DNS DDoS and DNS Tunneling categories to confirm that their rule statuses have also been inherited.
Open the Quick Filter drop‑down.
Select All Custom Rules.
Verify that all custom rules created in earlier labs appear in the list and remain disabled, as configured prior to the merge.