When to block and allow networks
Use the network block list and allow list functionality to make granular block and allow settings in a DigitalStakeout PDNS security policy.
Block and allow options
- Block site at the network level – Records resolving to a network will be immediately blocked no additional processing.
- Allow site at the network level – Allow hosts or domains resolving to a network to never be blocked and override all security policy settings.
Step 1: Review your security policy
In the DigitalStakeout PDNS policy editor, administrators need to be familiar with the active allow/block policies lists that are mapped to a security policy. Modifying the policy lists will be immediately applied to policy that is mapped to your sites, agents and browser deployment.
Step 2: Choose a block or allow list to modify
Chose network list that you want to edit. Allow lists are highlighted in green. Block lists are highlighted in red. You can also create a new list if you chose. Make sure the new list is mapped to a policy as in Step 1.
Step 3: Add networks to your block or allow list
In the policy list editor, add a CIDR block that you wish to block or allow. In this example, we will block access to 111.222.333.0/24. Since the policy is mapped to your default security policy (as displayed in Step 1), when you hit “Save” the all domains with records on 111.222.333.0/24 will be immediately start to be blocked.
Step 4: Verify block or allow by visiting a domain pointed to the network
To verify your policy list change, browse to a domain with a record on 111.222.333.0/24 . Instead of being able to access the domain, you will be presented a DigitalStakeout PDNS block page. The block page will also have a reason displayed why the page was blocked.