Adding local Response Policies - BlueCat Address Manager - 9.0.0

Address Manager Administration Guide

prodname
BlueCat Address Manager
version_custom
9.0.0

Each Response Policy is a container for individual Response Policy items—hosts and domain names that you want the policy to affect.

You must first create a Response Policy object before adding a policy item. For example, if you wish to block a domain name and return an NXDOMAIN response, you should first create the blocklist Response Policy object and then add policy items to the object.

To create a Response Policy:

  1. Select the DNS tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  2. Under Response Policies, click New and select Response Policy.
  3. Under General, set the following parameters:
    • Name—enter a descriptive name for the policy type.
    • Type—select a type from the drop-down menu. Different parameter fields will display depending on the type you select.
      • Blacklist—list of domains that are blocked on the network. Blocklisting only allows access to objects that are not explicitly included in the list. Objects matching this policy type return NXDOMAIN (non-existent).
      • Blackhole—discards incoming or outgoing traffic to domains included on the list. This happens silently, that is, without informing the source. Objects matching this policy type return NOERROR with no answers.
      • Redirect—directs users attempting to connect to a non-existent domain (NXDomain) to a designated portal page.
      • Whitelist—trusted domains excluded from blocking. Objects matching this policy type are excluded from further processing.
        Note: The Whitelist policy type takes no action against matching objects; it only logs that a domain matching the blocklist was found.
    • TTL—the time to live value for each type of Response Policies. The default value is 1 hour. The value can be set in seconds, minutes, hours, or days. Select the value from the drop-down list.
    • Redirect (FQDN)—the fully qualified domain name of the designated portal page to which a user is redirected.
    Note: The Whitelist policy type takes no action against matching objects; it only logs that a domain matching the block list was found.
  4. Under Change Control, add comments, if required.
  5. Click Add.
This creates a Response Policy object which is simply a container for the Response Policy items.
Next you need to add Response Policy items to the Response Policy object that you just created.