Reply
Accepted Solution

Blacklist creation

Authority
Posts: 23
2028     0

Hello team,

 

I created a blacklist on my grid via import like this :

header-blacklistruleparent*domain_name*action*
BlacklistRuletesttest.yolPASS
BlacklistRuletestyol

REDIRECT

 

Here is the need : serverA hosts the zone YOL. It must only answer to test.yol query and refuses the other hostnames

 

I activated the blacklist feature on the member.

 

the trafic is not intercepted and the member still answers to XXX.yol

 

I also added the entry xxx.yol redirect but I still got a reply for that host.

 

on the member, I activated the blacklist feature, added the test blacklist set, set action to refuse and redirect  >> same result.

 

Can you tell me what I am missing?

 

 

Thank you

Re: Blacklist creation

AMani Community Manager
Community Manager
Posts: 28
2029     0

Hello Yol,

 

From what I understand, Blacklist feature is used for recursive queries. If you are configuring blacklist for a domain which is already hosted on the same appliance, then blacklist won't work. You may want to use the DNS Response Policy Zone (DNS Firewall) feature.

 

Regards,

 

Re: Blacklist creation

Authority
Posts: 23
2029     0
Hello,

Actually, here is what I really want to do.

I have a serverA hosting a zone test.com with multiple records in it.
We need to configure a conditional forwarding on serverB (same gris) BUT we
only want responses for example.test.com

So if a user in area B requests example.test.com he gets an answer and if
he wants anything else in test.com he gets nothing.

Any Idea about this?

Thanks

--


--
Si vous recevez ce message en dehors des horaires de travail ou pendant vos
congés, vous n’êtes pas tenu de répondre.

Re: Blacklist creation

AMani Community Manager
Community Manager
Posts: 28
2029     0
Is server B also authoritative for the zone test.com?

Re: Blacklist creation

Authority
Posts: 23
2029     0
No, the goal is tout create a forward on another view or secondary zone on
the same view

--


--
Si vous recevez ce message en dehors des horaires de travail ou pendant vos
congés, vous n’êtes pas tenu de répondre.

Re: Blacklist creation

Authority
Posts: 23
2029     0

@AMani, any ideas?

Re: Blacklist creation

AMani Community Manager
Community Manager
Posts: 28
2029     0

This is what I did

 

  • A grid consisting of 2 members NS1 and NS2
  • Created a zone test.com and added NS1 as the grid primary
  • Added several A records inside test.com
  • Created a zone example.test.com and added NS2 as the grid primary
  • Added a blank A record inside example.test.com

 

Now for NS2, any query for records inside test.com would be recursive, EXCEPT for example.test.com since test.com is not authoritative for NS2.

 

Then created a blacklist ruleset "BL" and then added the below Rule in it

 

header-blacklistruleparent*domain_name*action*
BlacklistRuleBLtest.comREDIRECT


Went to the member DNS properties of NS2 and enabled blacklist with redirect to 1.1.1.1

 

(Data Management -> DNS -> Members -> Edit the NS2 properties -> Toggle Advance Mode -> Blacklist -> Override -> Enable Domain Name Blacklist -> Added the created Blacklist ruleset BL -> For blacklisted domain names, return -> The list of IP Addresses -> Redirect to 1.1.1.1)


So now when I query for any records (assume a.test.com) pointing to NS2, I get the redirect IP address(1.1.1.1).

 

When I query for example.test.com pointing to NS2, I get the correct IP address of example.test.com

 

Let me know if this is what your requirement is.

Showing results for 
Search instead for 
Do you mean 

Recommended for You