In this example, we will block client access to a list of known malware sites, and we will transparently monitor client access to a list of known ad-tracking sites without blocking.
Note: This example requires that you download the following lists: known-malware.lst and
known-ad-trackers.lst.
Create a malware domain list
- In the top navigation bar, click and select Domain Lists.
- Click to create a new domain list.
- For Name, enter Known Malware, and for Description, enter a brief description for the list. For Type, keep the default User Defined.
- Drag and drop the known-malware.lst file into the Domains field.
- Click Save and Close.
Create a policy to block malware
- In the top navigation bar, click and select Policies.
- Click to create a new policy.
- For Name, enter Block Known Malware, and for Description, enter a brief description for the policy.
- For Type, select Block, and set the slider to Active.
- In the Sites field, start typing the name of a site, and then select the site you want to apply the policy to.
- Expand the Domain List section, and in the Block List field, start typing Known Malware, and then select that domain list.
- Click Save & Apply.
Test the blocking policy
Query any domain from the known malware domain list, for example dsfpgl.org. You should receive a "Non-existent domain" (NXDOMAIN) response.
View blocked DNS activity
- In BlueCat Edge, select the DNS Activity view .
- In the Command bar, type /policyname Block Known Malware, and press Enter. In the DNS Activity tab, you should see the blocked DNS queries from your test.
Create an ad-tracking domain list
- In the top navigation bar, click and select Domain Lists.
- Click to create a new domain list.
- For Name, enter Known Ad Trackers, and for Description, enter a brief description for the list. For Type, keep the default User Defined.
- Drag and drop the known-ad-trackers.lst file into the Domains field.
- Click Save and Close.
Create a policy to monitor ad-tracking activity
- In the top navigation bar, click and select Policies.
- Click to create a new policy.
- For Name, enter Monitor Known Ad Trackers, and for Description, enter a brief description for the policy.
- For Type, select Monitor, and set the slider to Active.
- In the Sites field, start typing the name of a site, and then select the site you want to apply the policy to.
- Expand the Domain List section, and in the Watch List field, start typing Known AD Trackers, and then select that domain list.
- Click Save & Apply.
Test the ad-tracking policy
Query any domain from the known ad trackers domain list, for example googlesyndication.com. You should receive a normal response.
View ad-tracking activity
- In BlueCat Edge, select the DNS Activity view .
- In the Command bar, type /policyname Monitor Known Ad Trackers, and press Enter. In the DNS Activity tab, you should see the monitored DNS queries from your test.