- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Blacklist creation
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-27-2018 09:25 AM
Hello team,
I created a blacklist on my grid via import like this :
header-blacklistrule | parent* | domain_name* | action* |
BlacklistRule | test | test.yol | PASS |
BlacklistRule | test | yol | REDIRECT |
Here is the need : serverA hosts the zone YOL. It must only answer to test.yol query and refuses the other hostnames
I activated the blacklist feature on the member.
the trafic is not intercepted and the member still answers to XXX.yol
I also added the entry xxx.yol redirect but I still got a reply for that host.
on the member, I activated the blacklist feature, added the test blacklist set, set action to refuse and redirect >> same result.
Can you tell me what I am missing?
Thank you
Solved! Go to Solution.
Re: Blacklist creation
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-27-2018 02:32 PM
Hello Yol,
From what I understand, Blacklist feature is used for recursive queries. If you are configuring blacklist for a domain which is already hosted on the same appliance, then blacklist won't work. You may want to use the DNS Response Policy Zone (DNS Firewall) feature.
Regards,
Re: Blacklist creation
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-27-2018 03:20 PM
Actually, here is what I really want to do.
I have a serverA hosting a zone test.com with multiple records in it.
We need to configure a conditional forwarding on serverB (same gris) BUT we
only want responses for example.test.com
So if a user in area B requests example.test.com he gets an answer and if
he wants anything else in test.com he gets nothing.
Any Idea about this?
Thanks
--
--
Si vous recevez ce message en dehors des horaires de travail ou pendant vos
congés, vous n’êtes pas tenu de répondre.
Re: Blacklist creation
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-27-2018 06:09 PM
Re: Blacklist creation
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-27-2018 11:24 PM
the same view
--
--
Si vous recevez ce message en dehors des horaires de travail ou pendant vos
congés, vous n’êtes pas tenu de répondre.
Re: Blacklist creation
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-28-2018 08:00 AM
@AMani, any ideas?
Re: Blacklist creation
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-28-2018 02:11 PM
This is what I did
- A grid consisting of 2 members NS1 and NS2
- Created a zone test.com and added NS1 as the grid primary
- Added several A records inside test.com
- Created a zone example.test.com and added NS2 as the grid primary
- Added a blank A record inside example.test.com
Now for NS2, any query for records inside test.com would be recursive, EXCEPT for example.test.com since test.com is not authoritative for NS2.
Then created a blacklist ruleset "BL" and then added the below Rule in it
header-blacklistrule | parent* | domain_name* | action* |
BlacklistRule | BL | test.com | REDIRECT |
Went to the member DNS properties of NS2 and enabled blacklist with redirect to 1.1.1.1
(Data Management -> DNS -> Members -> Edit the NS2 properties -> Toggle Advance Mode -> Blacklist -> Override -> Enable Domain Name Blacklist -> Added the created Blacklist ruleset BL -> For blacklisted domain names, return -> The list of IP Addresses -> Redirect to 1.1.1.1)
So now when I query for any records (assume a.test.com) pointing to NS2, I get the redirect IP address(1.1.1.1).
When I query for example.test.com pointing to NS2, I get the correct IP address of example.test.com
Let me know if this is what your requirement is.
Re: Blacklist creation
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-27-2020 04:32 PM
For DNS Blacklist, Can we set different actions (e.g. rediretion to specific dst IP) for different ruleset?