Adding local Response Policies - BlueCat Address Manager - 8.2.0

Address Manager Administration Guide

prodname
BlueCat Address Manager
version_custom
8.2.0

Each Response Policy is a container for individual Response Policy items—hosts and domain names that you want the policy to affect.

You must first create a Response Policy object before adding a policy item. For example, if you wish to block a domain name and return an NXDOMAIN response, you should first create the blacklist Response Policy object and then add policy items to the object.

To create a Response Policy:

  1. Select the DNS tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  2. Under Response Policies, click New and select Response Policy.
  3. Under General, set the following parameters:
    • Name—enter a descriptive name for the policy type.
    • Type—select a type from the drop-down menu. Different parameter fields will display depending on the type you select.
      • Blacklist—list of domains that are blocked on the network. Blacklisting only allows access to objects that are not explicitly included in the list. Objects matching this policy type return NXDOMAIN (non-existent).
      • Blackhole—discards incoming or outgoing traffic to domains included on the list. This happens silently, that is, without informing the source. Objects mathching this policy type return NOERROR with no answers.
      • Whitelist—trusted domains excluded from blocking. Objects matching this policy type are excluded from further processing.
    Note: The Whitelist policy type takes no action against matching objects; it only logs that a domain matching the block list was found.
  4. Under Change Control, add comments, if required.
  5. Click Add.
This creates a Response Policy object which is simply a container for the Response Policy items.
Next you need to add Response Policy items to the Response Policy object that you just created.