Adding a Response Policy Item - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

How to add a Response Policy Item.

To add a Response Policy Item:

You can also construct a list of fully qualified domain names (FQDNs) in one Response Policy file and upload. This is useful when managing a large number of policy items is an issue.

  1. Select the My IPAM tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the User Home Page.
  2. From the configuration drop-down menu, select a configuration
  3. Select the DNS tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  4. Under Response Policies, click the Response Policy object from the list.
  5. Under Policy Items, click New.
  6. Under General, set the following parameter:
    • Name (FQDN)—enter the fully qualified domain name to be blocked or redirected. For the allow list option, the specified domain name will be an exception to a DNS query in the allowlist or black hole lists. The asterisk (*) wildcard character(s) can be used to block or redirect any hostname or all sub-domains. For example, if you specify *.example.com, any hostname in example.com will be blocked or redirected whereas www.example.com will block or redirect any attempt to access only www.example.com. If you specify **.example.com, any hostname or all sub-domains in example.com and example.com itself will be blocked or redirected.
      Note:
      • IP address-based matches are placed into a reverse format. For example, to block 192.0.2.2, you will need to add 32.2.2.0.192.rpz-ip to your Response Policy. This will block any host request that resolves to 192.0.2.2. To block an IPv6 address, you will need to add a similar entry. For example, to block any host that resolves to 2001:DB8:BC:0:FC00:0:0:53, you need to add 128.53.0.0.FC00.0.BC.DB8.2001.rpz-ip.
      • IP address-based matches can be used to block entire networks. To block an entire network, add the netmask for the network in front. For example, to block the network 192.1.0.0/16, you will need to add 16.0.0.1.192.rpz-ip to your Response Policy. To block the entire 2001:DB8:BC:0/64 network, you need to add 64.0.0.0.0.0.BC.DB8.2001.rpz-ip.
  7. Click Add or Update.