{"id":589,"date":"2018-02-02T15:45:29","date_gmt":"2018-02-02T15:45:29","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=589"},"modified":"2020-05-06T10:27:53","modified_gmt":"2020-05-06T17:27:53","slug":"good-hygiene-for-securing-dns-part-1-of-2","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/","title":{"rendered":"Good hygiene for Securing DNS (Part 1 of 2)"},"content":{"rendered":"

This is a two-part post.\u00a0 The first part will cover basics, and the second part will cover more advanced topics in securing DNS.<\/p>\n

DNS isn\u2019t this monolithic thing where one size fits all but, there are some things to consider.\u00a0 We will take a look at some infrastructure segmentation and some configuration security.\u00a0 Please note that the content is generic, but the screenshots show how it would be done using the Infoblox Grid Manager.<\/p>\n

Recursion and Authoritative DNS servers have different capacity needs and different security requirements.<\/h3>\n

So if you can, keep these on different hardware.\u00a0 If different hardware isn\u2019t possible, then at the very least keep them in separate views.\u00a0 In the case where you use views and the same hardware, consider using the match destination option \u2014 trust me it will come in handy when you have to troubleshoot.<\/p>\n

\"DNS<\/p>\n

Let\u2019s look at securing the authoritative side first.<\/h3>\n

If you are self-hosting then you are going to need to have at least two (2) name servers hosting your zones \u2013 preferably more.\u00a0 These name servers should be spread across as many networks as you can so that when someone fat fingers a firewall rule (because that never happens), it doesn\u2019t take out your services that depend on DNS \u2013 which let\u2019s face it, is everything on which your business relies.\u00a0 If you can do anycast, the same rules apply. Advertise the serving IPs across as many networks as you can to avoid outages due to network events.<\/p>\n

If you have the budget for external DNS hosting, then you will want to use an ACL to restrict the queries and zone transfers to\/from your providers; I say providers here for a good reason. One of the risk remediation recommendations from the Oct 2016 Dyn attack was to have more than one provider so that if one suffers an outage, your services still work.\u00a0 The outage need not be an attack. \u00a0A configuration issue could also cause an outage, so keep that in mind (https:\/\/www.wired.com\/story\/how-a-tiny-error-shut-off-the-internet-for-parts-of-the-us\/<\/a>).<\/p>\n

If on the other hand you are self-hosting and have an external DNS secondary service, then you still need that ACL for zone transfers.<\/p>\n

\"DNS<\/p>\n

You will also need to allow queries for the zones \u2013 and mind those match client and match destination statements along with your view ordering.<\/p>\n

\"DNS<\/p>\n

You will also want to make certain that this view has recursion disabled even if the member has recursion disabled already.\u00a0 There are some complex configurations that might call for recursion being inherited from the member, but that adds complexity.\u00a0 Complexity is the enemy of security.<\/p>\n

\"DNS<\/p>\n

One last thing you might consider in securing your authoritative data is using DNSSEC to sign your external zone data.\u00a0 This ensures that those who do DNSSEC validation (like Google DNS and Comcast) won\u2019t cache a spoofed\/poisoned reply from an attacker \/ bad actor.\u00a0 If you do decide to sign your zone data, there are a number of decisions to make. We will cover this in the next post.<\/p>\n

Now let us consider the recursion side of DNS.<\/h3>\n

This is where your DNS will go ask other DNS servers for info that it doesn\u2019t have cached. This should be simple right? Well, yes and no. It depends on your specific needs and other infrastructure configuration like firewalls and the like. If we consider a popular firewall policy that allows just about anything out, then there is a huge issue here with malware like DNSChanger. This would have clients send queries outside your approved infrastructure that may return incorrect data and allow an attacker to hijack a domain your users visit for things like banking, logistics, supply chain, etc. The picture gets pretty bleak when any of these are compromised. It is best to lock the firewall policies to only allow clients to use DNS to your recursive resolver IPs in your network.<\/p>\n

On the DNS server config, the first thing is to not be an open resolver; you will become part of amplification DDoS networks if you do, and nobody wants that. You should apply an ACL to recursion to allow only your networks to do recursive queries. Notice that this is a member or grid level setting.<\/p>\n

\"DNS<\/p>\n

You should explicitly set the recursion property to enable at the view level.\u00a0 This will reduce the complexity of the configuration which also helps when you are troubleshooting at 3 AM.<\/p>\n

\"DNS<\/p>\n

That isn\u2019t to say that the spoofed reply can\u2019t be done when you use your approved infrastructure. \u00a0It just becomes harder, and you can employ some mitigating features like DNSSEC and\/or Recursive Resolver Provider. Using a recursive service shields your DNS servers from getting those spoofed replies directly, and your provider should be trashing those bad replies before they ever get to your recursive layer.\u00a0 If the provider is attacked, you can easily do your own recursion with a simple config change or use forward first as opposed to forward only.<\/p>\n

\"DNS<\/p>\n

In part 2 of this post, we will cover some more advanced topics like DNSSEC, Responsive Policy Zones (RPZ) and Response Rate Limiting (RRL). Stay tuned.<\/p>\n","protected":false},"excerpt":{"rendered":"

This is a two-part post.\u00a0 The first part will cover basics, and the second part will cover more advanced topics in securing DNS. DNS isn\u2019t this monolithic thing where one size fits all but, there are some things to consider.\u00a0 We will take a look at some infrastructure segmentation and some configuration security.\u00a0 Please note […]<\/p>\n","protected":false},"author":188,"featured_media":590,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[3],"tags":[28,30,15],"class_list":{"0":"post-589","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-community","8":"tag-ddi","9":"tag-dns","10":"tag-security","11":"entry"},"acf":[],"yoast_head":"\nGood hygiene for Securing DNS (Part 1 of 2)<\/title>\n<meta name=\"description\" content=\"This is a two-part post.\u00a0 The first part will cover basics, and the second part will cover more advanced topics in securing DNS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Good hygiene for Securing DNS (Part 1 of 2)\" \/>\n<meta property=\"og:description\" content=\"This is a two-part post.\u00a0 The first part will cover basics, and the second part will cover more advanced topics in securing DNS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-02T15:45:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:27:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"413\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Donald Rudder\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Donald Rudder\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/\"},\"author\":{\"name\":\"Donald Rudder\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ef196adb59fadb13c7f84408bcc9634d\"},\"headline\":\"Good hygiene for Securing DNS (Part 1 of 2)\",\"datePublished\":\"2018-02-02T15:45:29+00:00\",\"dateModified\":\"2020-05-06T17:27:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/\"},\"wordCount\":860,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/good-hygiene-securing-dns.jpeg\",\"keywords\":[\"DDI\",\"DNS\",\"Security\"],\"articleSection\":[\"Community\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/\",\"name\":\"Good hygiene for Securing DNS (Part 1 of 2)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/good-hygiene-securing-dns.jpeg\",\"datePublished\":\"2018-02-02T15:45:29+00:00\",\"dateModified\":\"2020-05-06T17:27:53+00:00\",\"description\":\"This is a two-part post.\u00a0 The first part will cover basics, and the second part will cover more advanced topics in securing DNS.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/good-hygiene-securing-dns.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/good-hygiene-securing-dns.jpeg\",\"width\":600,\"height\":413},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/good-hygiene-for-securing-dns-part-1-of-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Community\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/community\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Good hygiene for Securing DNS (Part 1 of 2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/ef196adb59fadb13c7f84408bcc9634d\",\"name\":\"Donald Rudder\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a835205b966d30d719c81be7116b55cfdb887af925e0d84efdf2304b84ec6572?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a835205b966d30d719c81be7116b55cfdb887af925e0d84efdf2304b84ec6572?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a835205b966d30d719c81be7116b55cfdb887af925e0d84efdf2304b84ec6572?s=96&d=blank&r=g\",\"caption\":\"Donald Rudder\"},\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/donald-rudder\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Good hygiene for Securing DNS (Part 1 of 2)","description":"This is a two-part post.\u00a0 The first part will cover basics, and the second part will cover more advanced topics in securing DNS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/","og_locale":"en_US","og_type":"article","og_title":"Good hygiene for Securing DNS (Part 1 of 2)","og_description":"This is a two-part post.\u00a0 The first part will cover basics, and the second part will cover more advanced topics in securing DNS.","og_url":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/","og_site_name":"Infoblox Blog","article_published_time":"2018-02-02T15:45:29+00:00","article_modified_time":"2020-05-06T17:27:53+00:00","og_image":[{"width":600,"height":413,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","type":"image\/jpeg"}],"author":"Donald Rudder","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Donald Rudder","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/"},"author":{"name":"Donald Rudder","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ef196adb59fadb13c7f84408bcc9634d"},"headline":"Good hygiene for Securing DNS (Part 1 of 2)","datePublished":"2018-02-02T15:45:29+00:00","dateModified":"2020-05-06T17:27:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/"},"wordCount":860,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","keywords":["DDI","DNS","Security"],"articleSection":["Community"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/","url":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/","name":"Good hygiene for Securing DNS (Part 1 of 2)","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","datePublished":"2018-02-02T15:45:29+00:00","dateModified":"2020-05-06T17:27:53+00:00","description":"This is a two-part post.\u00a0 The first part will cover basics, and the second part will cover more advanced topics in securing DNS.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","width":600,"height":413},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/community\/good-hygiene-for-securing-dns-part-1-of-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Community","item":"https:\/\/www.infoblox.com\/blog\/category\/community\/"},{"@type":"ListItem","position":3,"name":"Good hygiene for Securing DNS (Part 1 of 2)"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/ef196adb59fadb13c7f84408bcc9634d","name":"Donald Rudder","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a835205b966d30d719c81be7116b55cfdb887af925e0d84efdf2304b84ec6572?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a835205b966d30d719c81be7116b55cfdb887af925e0d84efdf2304b84ec6572?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a835205b966d30d719c81be7116b55cfdb887af925e0d84efdf2304b84ec6572?s=96&d=blank&r=g","caption":"Donald Rudder"},"url":"https:\/\/www.infoblox.com\/blog\/author\/donald-rudder\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/188"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=589"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/589\/revisions"}],"predecessor-version":[{"id":598,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/589\/revisions\/598"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/590"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}