Creating response policies - User Guide - Micetro - 25.2.0

Use response policies to configure DNS resolvers to respond to DNS queries for a particular zone or host with a user-configured response.

Response policies are particularly useful when users query for malicious, illegal, or undesirable content. You can configure the DNS server to block or redirect the request to prevent an infection or to stop abuse. Response policies allow you to leverage the DNS service to add a layer of protection or simply prevent unwanted access.

To create a new response policy:

1. On the Configuration tab of the Admin page, select Threat Protect in the left sidebar.
2. Select Create policy +.
3. In the dialog, select which domain feeds to include in the response policy:
   • High—A high risk domains feed.
   • Medium—A medium risk domains feed.
   • Low—A low risk domains feed.
   • Unverified—An unverified domains feed.
   • DoH—A DNS-over-HTTPS public servers feed.
   
   
   
4. Use the Action dropdown to select the action taken when a request for a matched domain is received by the DNS servers:
   • Block—Blocks domains specified in the selected feed(s) on the network. Objects matching this policy type return NXDOMAIN (non-existent).
   • Blackhole—Discards incoming or outgoing traffic to domains specified in the selected feed(s). Records matching this policy return an NODATA response.
   • Redirect—Redirects users attempting to connect to a matched domain to another specified domain instead.
   • Allow—Excludes trusted domains from blocking. Selecting Allow can be used to test the application of policies/feeds to determine which domains would be blocked without the Allow action, and thus can be used to allowlist domains.
5. If you select the Redirect action, enter the domain name to which the request should be redirected to in the Redirect field.
6. In the Refresh time field, you can set a custom rate to fetch updates from the feeds, in seconds. If no rate is entered, the system will use the default value of 300 seconds (five minutes).
   Note:

   Refresh time is not a discerning factor for response policies. For example, if you create a policy with the feed High and the action Block with a refresh time of 500 seconds on a server, and a second policy with the feed Medium and the action Block with a refresh time of 1000 seconds on the same server, the two policies are merged into a single policy with the feeds High and Medium and the action Block.

7. Use the Servers dropdown to select the DNS servers and views that the policy should cover.
   Note: Only MDDS appliances can be added to a response policy.

   When an option is a view, its format is "[view] on [server]".

8. Select Create.