{"id":1741,"date":"2018-12-06T19:14:29","date_gmt":"2018-12-06T19:14:29","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=1741"},"modified":"2021-01-28T08:54:15","modified_gmt":"2021-01-28T16:54:15","slug":"dot-doh-and-the-dns-last-mile-security-problem","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/","title":{"rendered":"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem"},"content":{"rendered":"<p>DNS has traditionally suffered from a \u201clast mile\u201d security problem: Communications between a DNS client and its local DNS server are almost always \u201cin the clear\u201d (that is, unencrypted) and therefore subject to spoofing, interception and other interference. The IETF has proposed two mechanisms to address this issue: DNS over TLS (DoT) and DNS over HTTPS (DoH). However, both mechanisms can be used to circumvent organizations\u2019 existing DNS infrastructure, which Infoblox believes is not in the best interest of their security. This post explains DoT and DoH in more detail and outlines our recommended approach for addressing DNS client security issues.<\/p>\n<p><span style=\"font-size: large;\"><strong>DNS over TLS (DoT) and DNS over HTTPS (DoH) Explained<\/strong><\/span><\/p>\n<p>While DNS Security Extensions (DNSSEC) add authentication and data integrity checking to DNS, they usually miss the DNS client: the local DNS server performs DNSSEC validation and establishes the authenticity and integrity of the data and then passes the result to the DNS client. That last leg of the communication, however, can be spoofed.<\/p>\n<p>The IETF\u2019s DPRIVE (DNS PRIVate Exchange) Working Group has developed two new mechanisms that help address DNS\u2019s \u201clast mile\u201d problem: DNS over TLS, called DoT for short and documented in RFC 7858, and DNS over HTTPS, or DoH, and documented in RFC 8484.<\/p>\n<p>Both DoT and DoH supply important functionality: Communications between DNS clients and DNS servers using DoT or DoH are encrypted, providing data privacy and integrity, and DNS clients may optionally authenticate DNS servers using either protocol.<\/p>\n<p>DoT uses a unique TCP port, 853. DoH, however, uses the same TCP port used by other HTTP-S traffic, 443. Therefore, it is very difficult to distinguish DoH from other HTTP-S traffic.<\/p>\n<p>For some time, Infoblox has recommended that customers block direct DNS traffic between arbitrary internal IP addresses and the Internet. This step prevents certain types of malware, including DNSChanger, from working, and forces internal hosts to use IT-managed DNS infrastructure. That internal DNS infrastructure may apply a name resolution policy using security mechanisms, such as response policy zones (RPZs). The use of DoH, however, makes it very difficult to prevent internal hosts from querying DNS servers on the Internet. (DoT is straightforward to block because it uses a unique, well-known port.)<\/p>\n<p>Some applications that support DoH also may deliberately ignore local DNS client configuration. Mozilla\u2019s Firefox browser, for example, has experimental support for DoH in some builds. When enabled, Firefox will ignore any local DNS configuration and send DNS queries over HTTP-S directly to Cloudflare. This bypasses any local security mechanisms, such as RPZs, and makes a user\u2019s DNS resolution opaque to the IT organization. It also adds complexity to troubleshooting DNS problems because now one application (i.e., Firefox) on a device uses different DNS servers than other applications.<\/p>\n<p>We don\u2019t question the motives of the developers of DoH: One of their goals was to help safeguard web browsing on parts of the Internet where snooping on DNS traffic and manipulating DNS responses is routine. But we question its suitability for use on enterprise networks.<\/p>\n<p><span style=\"font-size: large;\"><strong>Infoblox Implementation Recommendations<\/strong><strong>\u00a0for DoT and DoH<\/strong><\/span><\/p>\n<p>Infoblox\u2019s recommendation is that companies block direct DNS traffic\u2014including DoT and DoH\u2014between internal IP addresses and DNS servers on the Internet, including Cloudflare\u2019s. This approach should force users to employ their company\u2019s internal DNS infrastructure, allowing their IT organization to apply DNS resolution policy and troubleshoot problems.<\/p>\n<p>Blocking standard DNS and DoT traffic between internal IP addresses is simple. Firewall rules like the following should suffice:<\/p>\n<p># Allow queries from authorized internal DNS servers to the Internet<br \/>\nallow tcp\/udp in\/out &lt;<em>authorized internal DNS server 1<\/em>&gt; on port 53<\/p>\n<p>\u2026<\/p>\n<p># Deny queries from other internal IP addresses to the Internet<\/p>\n<p>deny tcp\/udp in\/out to all IP addresses on port 53<\/p>\n<p>deny tcp\/udp in\/out to all IP addresses on port 853<\/p>\n<p>Blocking DoH is trickier, since to a firewall it\u2019s indistinguishable from HTTP-S, but the following firewall rules should work:<\/p>\n<p># Block DoH to Cloudflare<\/p>\n<p>deny tcp\/udp in\/out to 104.16.111.25 on port 443<\/p>\n<p>deny tcp\/udp in\/out to 104.16.112.25 on port 443<\/p>\n<p>deny tcp\/udp in\/out to 2606:4700::6810:7019 on port 443<\/p>\n<p>deny tcp\/udp in\/out to 2606:4700::6810:6f19 on port 443<\/p>\n<p># Block DoH to Google Public DNS<\/p>\n<p>deny tcp\/udp in\/out to 8.8.8.8 on port 443<\/p>\n<p>deny tcp\/udp in\/out to 8.8.4.4 on port 443<\/p>\n<p>deny tcp\/udp in\/out to 2001:4860:4860::8888 on port 443<\/p>\n<p>deny tcp\/udp in\/out to 2001:4860:4860::8844 on port 443<\/p>\n<p><span style=\"font-size: large;\"><strong>Our Position<\/strong><\/span><\/p>\n<p>While we believe circumventing internal DNS infrastructure is a bad idea, Infoblox thinks that solving DNS\u2019s \u201clast mile\u201d problem is important and worthwhile. We\u2019re working closely with our partner, the Internet Systems Consortium, to support DoT in an upcoming version of BIND and then in Infoblox\u2019s NIOS.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>DNS has traditionally suffered from a \u201clast mile\u201d security problem: Communications between a DNS client and its local DNS server are almost always \u201cin the clear\u201d (that is, unencrypted) and therefore subject to spoofing, interception and other interference. The IETF has proposed two mechanisms to address this issue: DNS over TLS (DoT) and DNS over [&hellip;]<\/p>\n","protected":false},"author":178,"featured_media":121,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[108,30,15,427],"class_list":{"0":"post-1741","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-company","8":"tag-bind","9":"tag-dns","10":"tag-security","11":"tag-nios-8-x","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem<\/title>\n<meta name=\"description\" content=\"DNS has traditionally suffered from a \u201clast mile\u201d security problem: Communications between a DNS client and its local DNS server are almost always \u201cin the clear\u201d (i.e., unencrypted), and therefore subject to spoofing, interception, and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem\" \/>\n<meta property=\"og:description\" content=\"DNS has traditionally suffered from a \u201clast mile\u201d security problem: Communications between a DNS client and its local DNS server are almost always \u201cin the clear\u201d (i.e., unencrypted), and therefore subject to spoofing, interception, and more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-06T19:14:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-01-28T16:54:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/EDNS-and-CDNs.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"338\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cricket Liu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cricket Liu\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/\"},\"author\":{\"name\":\"Cricket Liu\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/bb6b62b1b99a7cbcd7c528d5763778d5\"},\"headline\":\"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem\",\"datePublished\":\"2018-12-06T19:14:29+00:00\",\"dateModified\":\"2021-01-28T16:54:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/\"},\"wordCount\":792,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/EDNS-and-CDNs.jpg\",\"keywords\":[\"BIND\",\"DNS\",\"Security\",\"NIOS 8.x\"],\"articleSection\":[\"Company\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/\",\"name\":\"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/EDNS-and-CDNs.jpg\",\"datePublished\":\"2018-12-06T19:14:29+00:00\",\"dateModified\":\"2021-01-28T16:54:15+00:00\",\"description\":\"DNS has traditionally suffered from a \u201clast mile\u201d security problem: Communications between a DNS client and its local DNS server are almost always \u201cin the clear\u201d (i.e., unencrypted), and therefore subject to spoofing, interception, and more.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/EDNS-and-CDNs.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/EDNS-and-CDNs.jpg\",\"width\":600,\"height\":338,\"caption\":\"Infoblox announces industry-first cloud-managed DDI for the branch office\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/dot-doh-and-the-dns-last-mile-security-problem\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Company\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/company\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/bb6b62b1b99a7cbcd7c528d5763778d5\",\"name\":\"Cricket Liu\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/cricket-new-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/cricket-new-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/cricket-new-96x96.jpg\",\"caption\":\"Cricket Liu\"},\"description\":\"Cricket is one of the world\u2019s leading experts on the Domain Name System (DNS) and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an internet consulting and training company, Acme Byte &amp; Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including \u201cDNS and BIND,\u201d one of the most widely used references in the field, now in its fifth edition.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/cricket-liu\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem","description":"DNS has traditionally suffered from a \u201clast mile\u201d security problem: Communications between a DNS client and its local DNS server are almost always \u201cin the clear\u201d (i.e., unencrypted), and therefore subject to spoofing, interception, and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/","og_locale":"en_US","og_type":"article","og_title":"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem","og_description":"DNS has traditionally suffered from a \u201clast mile\u201d security problem: Communications between a DNS client and its local DNS server are almost always \u201cin the clear\u201d (i.e., unencrypted), and therefore subject to spoofing, interception, and more.","og_url":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/","og_site_name":"Infoblox Blog","article_published_time":"2018-12-06T19:14:29+00:00","article_modified_time":"2021-01-28T16:54:15+00:00","og_image":[{"width":600,"height":338,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/EDNS-and-CDNs.jpg","type":"image\/jpeg"}],"author":"Cricket Liu","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cricket Liu","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/"},"author":{"name":"Cricket Liu","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/bb6b62b1b99a7cbcd7c528d5763778d5"},"headline":"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem","datePublished":"2018-12-06T19:14:29+00:00","dateModified":"2021-01-28T16:54:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/"},"wordCount":792,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/EDNS-and-CDNs.jpg","keywords":["BIND","DNS","Security","NIOS 8.x"],"articleSection":["Company"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/","url":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/","name":"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/EDNS-and-CDNs.jpg","datePublished":"2018-12-06T19:14:29+00:00","dateModified":"2021-01-28T16:54:15+00:00","description":"DNS has traditionally suffered from a \u201clast mile\u201d security problem: Communications between a DNS client and its local DNS server are almost always \u201cin the clear\u201d (i.e., unencrypted), and therefore subject to spoofing, interception, and more.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/EDNS-and-CDNs.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/EDNS-and-CDNs.jpg","width":600,"height":338,"caption":"Infoblox announces industry-first cloud-managed DDI for the branch office"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/company\/dot-doh-and-the-dns-last-mile-security-problem\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Company","item":"https:\/\/www.infoblox.com\/blog\/category\/company\/"},{"@type":"ListItem","position":3,"name":"DoT, DoH and the DNS \u201cLast Mile\u201d Security Problem"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/bb6b62b1b99a7cbcd7c528d5763778d5","name":"Cricket Liu","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/cricket-new-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/cricket-new-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/cricket-new-96x96.jpg","caption":"Cricket Liu"},"description":"Cricket is one of the world\u2019s leading experts on the Domain Name System (DNS) and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an internet consulting and training company, Acme Byte &amp; Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including \u201cDNS and BIND,\u201d one of the most widely used references in the field, now in its fifth edition.","url":"https:\/\/www.infoblox.com\/blog\/author\/cricket-liu\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/178"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=1741"}],"version-history":[{"count":6,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1741\/revisions"}],"predecessor-version":[{"id":5457,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1741\/revisions\/5457"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/121"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=1741"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=1741"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=1741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}