I'm evaluating NeuVector for use in our environment, and I've run into an issue I hope someone can give me a pointer on. On my test cluster, one of the applications I am running is external-dns, using DDNS for updates. This results in a zone transfer every minute, which is triggering a security event for each one. I'd like to configure NeuVector to ignore zone transfers between my external-dns container and the specific IP it is permitted to talk to, but can't seem to find the appropriate settings.

hmmm. 🤔 is it possible to create a custom group that represents these? What kind of security event is it?

DNS.Zone.Transfer. It looks like it created network rules already to permit the DNS protocol from the container to the 'external' group, but that hasn't stopped the events for the zone transfers.

Would you mind screen-cap’ing that event? 🙂

Sure:

oh yes, that’s right… this is one of the built-in attack alerts.

OK. I can do that - thanks!

maybe confine it to the group or groups affected. 🙂

Yeah, I'll narrow it down to the specific application and external address - there shouldn't be anything else that does this.

Yeah. NV has a few things that it’s all “_This is A Very Bad Thing™ and you can’t change my mind about it”_. 😄