{"id":2258,"date":"2015-11-03T19:49:48","date_gmt":"2015-11-03T19:49:48","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=2258"},"modified":"2020-05-06T10:30:08","modified_gmt":"2020-05-06T17:30:08","slug":"dns-firewall-is-not-a-next-generation-firewall","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/","title":{"rendered":"DNS Firewall is not a Next Generation Firewall"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2260\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/red-lock-firewall.jpg\" alt=\"\" width=\"660\" height=\"454\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-lock-firewall.jpg 660w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-lock-firewall-300x206.jpg 300w\" sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><\/p>\n<p>In the 1990s, firewalls were all the rage&#8211; every organization big or small connecting to the Internet was jumping on the bandwagon to make sure it used a firewall at its corporate perimeter to keep malware and the bad guys out of the corporate network. That worked okay for some time, but soon the first-generation firewall was no match for attackers who started exploiting applications themselves (with vulnerabilities due to software misconfiguration or lack of security altogether) to launch malware and even steal data in some cases. A decade later, next generation firewalls or NGFWs began taking center stage, allowing administrators to apply policies to traffic based not just on port and protocol, but also applications and users accessing the network. Today, another a decade later, with hundreds of data breaches impacting a range of industries globally, including retail and financial institutions, and the fact that most malware isn\u2019t detected until 200+ days after the infection, we have learned the drawback of simply relying on a NGFW, without paying attention to and securing a critical protocol service that is typically allowed through it and that is easily exploitable: the Domain Name System or DNS.<\/p>\n<ul>\n<li><strong>The DNS protocol is typically not \u201cinspected\u201d by a NGFW for malware<\/strong>. Most NGFWs allow traffic to pass through Port 53, the protocol over which DNS queries and responses are sent.\n<ul>\n<li>Solution:\u00a0<a title=\"Infoblox: DNS Firewall\" href=\"https:\/\/www.infoblox.com\/products\/secure-dns\/dns-firewall?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><strong><u>DNS firewall<\/u><\/strong>\u00a0<\/a>is an optimal policy enforcement point for DNS-specific protection from malware and advanced persistent threats.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Attacks target the DNS infrastructure itself<\/strong>. There are a wide range of volumetric DNS DDoS or DNS amplification\/reflection attacks, and exploits, such as DNS cache poisoning, spoofing and session hijacking, that could bypass or even disrupt the operation of NGFWs since NGFWs haven\u2019t been designed to detect nor handle these types of threats.\n<ul>\n<li>Solution: A\u00a0<a title=\"Infoblox: External DNS Security\" href=\"https:\/\/www.infoblox.com\/products\/secure-dns\/external-dns-security?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><strong><u>purpose-built, self-defending DNS server<\/u><\/strong><\/a>\u00a0helps protect the DNS infrastructure itself from attacks and allows legitimate traffic to pass through unfettered.<\/li>\n<\/ul>\n<\/li>\n<li><strong>DNS is increasingly being used as a pathway for data exfiltration<\/strong>, either unwittingly by malware-infected devices or intentionally by malicious insiders. DNS tunneling involves tunneling IP protocol traffic through DNS port 53 (of an NGFW) for the purposes of data exfiltration. According to a recent article in SC Magazine, a DNS security survey of 300 IT decision-makers in the U.S. and U.K. in November 2014, 46 percent of respondents experienced DNS exfiltration and 45 percent experienced DNS tunneling. Such attacks can result in loss of sensitive data such as credit-card information, social-security information, or company financials.\n<ul>\n<li>Solution:\u00a0<a title=\"Infoblox: Internal DNS Security\" href=\"https:\/\/www.infoblox.com\/products\/secure-dns\/internal-dns-security?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><strong><u>Internal DNS security<\/u><\/strong>\u00a0<\/a>that combines DNS-based threat intelligence and analytics helps detect and protect against data exfiltration at the DNS layer.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Now that you have a better understanding of why DNS should be a critical component of your defense-in-depth security architecture, I will explain how a\u00a0<strong>DNS firewall<\/strong>\u00a0differs from a\u00a0<strong>NGFW<\/strong>.<\/p>\n<p><strong>DNS Firewall<\/strong>, a product so named and introduced into the market by Infoblox in 2013, is defined as follows:<\/p>\n<p><em><strong>DNS Firewall<\/strong>\u00a0is a Domain Name System (DNS) service that utilizes Response Policy Zones (RPZs) with a threat intelligence (malware feed) service to protect against malware and APTs by disrupting the ability of infected devices to communicate with command-and-control (C&amp;C) sites and botnets, so that information is not exfiltrated.<\/em><\/p>\n<p>According to\u00a0<a title=\"Gartner: Definition of Next Generation Firewalls\" href=\"http:\/\/www.gartner.com\/it-glossary\/next-generation-firewalls-ngfws\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><u>Gartner<\/u><\/a>, the world&#8217;s leading information technology research and advisory company:<\/p>\n<p><em><strong>Next Generation Firewall (NGFW)\u00a0<\/strong><strong>is a<\/strong>\u00a0deep-packet inspection firewall that moves beyond port\/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.<\/em><\/p>\n<p>NGFWs are purpose-built to block or allow certain types of traffic based on the port, protocol, and\/or application. They are usually the first line of defense for users trying to access a corporate network or Web server. NGFWs typically have to keep the DNS service, for which traffic goes through port 53 on the firewall, open to all users, in order for them to use the Internet, a business-critical application. This can make the DNS service vulnerable to malware.<\/p>\n<p>A NGFW is not a DNS server, and therefore, cannot interpret DNS queries and responses to detect malware that uses the DNS protocol, which is typically allowed through the firewall. This is not to say that all NGFWs are created equal. Certain products have specific DNS related security features, but these are \u201cbolted on\u201d, and lack the visibility that DNS servers have into all of the DNS requests and devices that are reaching out to bad domain destinations, and extensive attributes of infected devices (e.g. DHCP lease history, MAC OS, device type, IP address, username) which a DDI (DNS, DHCP and IP address management) vendor such as Infoblox provides seamlessly via reporting.<\/p>\n<p>A\u00a0<a title=\"Infoblox: DNS Firewall\" href=\"https:\/\/www.infoblox.com\/products\/secure-dns\/dns-firewall?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><u>DNS firewall<\/u><\/a>, because it\u2019s based on DNS, a ubiquitous and essential network control service, can be an ideal enforcement point for detecting any device that tries to call \u2018home\u2019 (malicious domain) using DNS. Moreover, a DNS server is a default service in the network with a NGFW, so why not let a DNS firewall perform tasks it\u2019s suited for and at the scale and performance you need, without burdening the already busy NGFW? Infoblox customers, including most recently,\u00a0<a title=\"Case Study: Council Rock School District\" href=\"https:\/\/www.infoblox.com\/resources\/case-study\/council-rock-school-district?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><u>Council Rock School District<\/u><\/a>, are thankful they are.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the 1990s, firewalls were all the rage&#8211; every organization big or small connecting to the Internet was jumping on the bandwagon to make sure it used a firewall at its corporate perimeter to keep malware and the bad guys out of the corporate network. That worked okay for some time, but soon the first-generation [&hellip;]<\/p>\n","protected":false},"author":264,"featured_media":2260,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[3],"tags":[30,15],"class_list":{"0":"post-2258","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-community","8":"tag-dns","9":"tag-security","10":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>DNS Firewall is not a Next Generation Firewall<\/title>\n<meta name=\"description\" content=\"In the 1990s, firewalls were all the rage-- every organization big or small connecting to the Internet was jumping on the bandwagon to make sure it used a firewall at its corporate perimeter to keep malware and the bad guys out of the corporate network.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DNS Firewall is not a Next Generation Firewall\" \/>\n<meta property=\"og:description\" content=\"In the 1990s, firewalls were all the rage-- every organization big or small connecting to the Internet was jumping on the bandwagon to make sure it used a firewall at its corporate perimeter to keep malware and the bad guys out of the corporate network.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2015-11-03T19:49:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:30:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-lock-firewall.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Seema Kathuria\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Seema Kathuria\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/\"},\"author\":{\"name\":\"Seema Kathuria\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ce258d2acd6fe6d47748fbdb60700c9a\"},\"headline\":\"DNS Firewall is not a Next Generation Firewall\",\"datePublished\":\"2015-11-03T19:49:48+00:00\",\"dateModified\":\"2020-05-06T17:30:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/\"},\"wordCount\":866,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-lock-firewall.jpg\",\"keywords\":[\"DNS\",\"Security\"],\"articleSection\":[\"Community\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/\",\"name\":\"DNS Firewall is not a Next Generation Firewall\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-lock-firewall.jpg\",\"datePublished\":\"2015-11-03T19:49:48+00:00\",\"dateModified\":\"2020-05-06T17:30:08+00:00\",\"description\":\"In the 1990s, firewalls were all the rage-- every organization big or small connecting to the Internet was jumping on the bandwagon to make sure it used a firewall at its corporate perimeter to keep malware and the bad guys out of the corporate network.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-lock-firewall.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/red-lock-firewall.jpg\",\"width\":660,\"height\":454},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/dns-firewall-is-not-a-next-generation-firewall\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Community\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/community\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"DNS Firewall is not a Next Generation Firewall\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ce258d2acd6fe6d47748fbdb60700c9a\",\"name\":\"Seema Kathuria\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d5f088f29b8cec333f9848fb20d412f328aba4a72709c272987abee99a1384d5?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d5f088f29b8cec333f9848fb20d412f328aba4a72709c272987abee99a1384d5?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d5f088f29b8cec333f9848fb20d412f328aba4a72709c272987abee99a1384d5?s=96&d=blank&r=g\",\"caption\":\"Seema Kathuria\"},\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/seema-kathuria\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DNS Firewall is not a Next Generation Firewall","description":"In the 1990s, firewalls were all the rage-- every organization big or small connecting to the Internet was jumping on the bandwagon to make sure it used a firewall at its corporate perimeter to keep malware and the bad guys out of the corporate network.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/","og_locale":"en_US","og_type":"article","og_title":"DNS Firewall is not a Next Generation Firewall","og_description":"In the 1990s, firewalls were all the rage-- every organization big or small connecting to the Internet was jumping on the bandwagon to make sure it used a firewall at its corporate perimeter to keep malware and the bad guys out of the corporate network.","og_url":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/","og_site_name":"Infoblox Blog","article_published_time":"2015-11-03T19:49:48+00:00","article_modified_time":"2020-05-06T17:30:08+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-lock-firewall.jpg","type":"image\/jpeg"}],"author":"Seema Kathuria","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Seema Kathuria","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/"},"author":{"name":"Seema Kathuria","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ce258d2acd6fe6d47748fbdb60700c9a"},"headline":"DNS Firewall is not a Next Generation Firewall","datePublished":"2015-11-03T19:49:48+00:00","dateModified":"2020-05-06T17:30:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/"},"wordCount":866,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-lock-firewall.jpg","keywords":["DNS","Security"],"articleSection":["Community"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/","url":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/","name":"DNS Firewall is not a Next Generation Firewall","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-lock-firewall.jpg","datePublished":"2015-11-03T19:49:48+00:00","dateModified":"2020-05-06T17:30:08+00:00","description":"In the 1990s, firewalls were all the rage-- every organization big or small connecting to the Internet was jumping on the bandwagon to make sure it used a firewall at its corporate perimeter to keep malware and the bad guys out of the corporate network.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-lock-firewall.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/red-lock-firewall.jpg","width":660,"height":454},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/community\/dns-firewall-is-not-a-next-generation-firewall\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Community","item":"https:\/\/www.infoblox.com\/blog\/category\/community\/"},{"@type":"ListItem","position":3,"name":"DNS Firewall is not a Next Generation Firewall"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ce258d2acd6fe6d47748fbdb60700c9a","name":"Seema Kathuria","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5f088f29b8cec333f9848fb20d412f328aba4a72709c272987abee99a1384d5?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5f088f29b8cec333f9848fb20d412f328aba4a72709c272987abee99a1384d5?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5f088f29b8cec333f9848fb20d412f328aba4a72709c272987abee99a1384d5?s=96&d=blank&r=g","caption":"Seema Kathuria"},"url":"https:\/\/www.infoblox.com\/blog\/author\/seema-kathuria\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/264"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=2258"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2258\/revisions"}],"predecessor-version":[{"id":2261,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2258\/revisions\/2261"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/2260"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=2258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=2258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=2258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}