Adding local response policies - BlueCat Integrity - 26.1.0

Each response policy is a container for individual response policy items—hosts and domain names that you wish the policy to affect.

1. Select the DNS tab in the sidebar, then select Response policies.
2. Select New.
3. Under General, set the following parameters:
   • Name—enter a descriptive name for the policy type.
   • Type—select a type from the drop-down menu. Different parameter fields will be displayed depending on the type you select.
     • Blocklist—list of domains that are blocked on the network. Blocklisting only allows access to objects that are not explicitly included in the list. Objects matching this policy type return NXDOMAIN (non-existent).
     • Black hole—discards incoming or outgoing traffic to domains included on the list. This happens silently, that is, without informing the source. Objects matching this policy type return NOERROR with no answers.
     • Redirect—directs users attempting to connect to a non-existent domain (NXDomain) to a designated portal page. If you select this option, the Redirect text field is displayed where you can enter the fully qualified domain name of the designated portal page to which a user is redirected.
     • Allowlist—trusted domains excluded from blocking. Objects matching this policy type are excluded from further processing.
       Note: The Allowlist policy type takes no action against matching objects; it only logs that a domain matching the blocklist was found.
   • TTL—the time-to-live value for each response policy type. The default value is 1 hour. You can set the value can be set in seconds, minutes, hours, or days. Select the value from the drop-down list.
4. Under Change Control, add comments, if required.
5. Select Create to create the response policy and return to the Response policies page, or select Create and add another to create the response policy and re-open the Create response policy window.