Adding response policy zones with BlueCat Security Feed - BlueCat Integrity - 26.1.0

Response policy zone allows DNS administrators to overlay custom information on top of the global DNS configurations to provide alternate responses to queries. Response policy zone contains a list of domains that need to be blocked or redirected.

1. Select the DNS tab in the sidebar, then select Views.
2. Select the name of a view in the Views table or DNS tree.
3. Select the RP zones tab.
4. Select New > Feed RP zone to use predefined DNS-exploiting malware category lists provided by BlueCat.
5. On the General tab, configure the following parameters:
   • Name—enter a name for the response policy zone.
   • Type—select the type of response policy zone that we want to define with the feed category selected; different parameter fields will be displayed depending on the type you select.:
     • Blocklist—list of domains that are blocked on the network. Blocklisting only allows access to objects that are not explicitly included in the list. Objects matching this policy type return NXDOMAIN (non-existent).
     • Black hole—discards incoming or outgoing traffic to domains included on the list. This happens silently, that is, without informing the source. Objects matching this policy type return NOERROR with no answers.
     • Redirect—directs users attempting to connect to a non-existent domain (NXDomain) to a designated portal page.
     • Allowlist—trusted domains excluded from blocking. Objects matching this policy type are excluded from further processing.
       Note: The Allowlist policy type takes no action against matching objects; it only logs that a domain matching the blocklist was found.
   • Override refresh time—select this checkbox to set the custom refresh time interval.
6. On the Categories tab, use the arrows to select the DNS-exploiting malware category lists that you would like to incude in the RP zone. The Selected column contains the lists that will be included in the response policy zone, while the Available section contains the lists that are available but will not be included in the RP zone.
   Note: In order to obtain the list of categories, you need to configure a recursive name-server that can resolve records in the bluecatlabs.net zone. For more information about name-server configuration mode in Address Manager, refer to Adding Name Servers.

   Note: In previous versions of Address Manager, users had to move lists from the Available column to the Selected column to mark the lists for inclusion. In Address Manager v25.1, all available lists are automatically in the Selected column. Ensure that you move any lists you do not wish to include to the Available column.
7. In the Change control section, add comments if required.
8. Select Create to create the response policy zone and return to the RP zones tab, or select Create and add another to create the response policy zone and re-open the Create RP zone window.