Introduction

On the ThreatBlockr the use of Domain Lists is to intercept DNS requests to look up a domain name. This does not block IPs or stop IP connections from going through. It is important to note, when encrypted DNS is enabled, the ThreatBlockr is unable to see the the domain name in the DNS request. Due to this, the ThreatBlockr is unable to allow or deny any Domains when encrypted DNS is enabled.

As networking technologies have shifted in recent years, it has become more difficult to leverage Domain Allowed and Denied Lists effectively. For allowing or denying a specific site or service, we recommend the use of IPv4 Allowed and Denied Lists. 

Domain Denied Lists

Once a domain has been looked up, if the domain is not on a denied list, it allows the DNS request to proceed to the original destination server. If the domain is on a denied list, then the Bandura Cyber ThreatBlockr will return a a non-existent (NX) domain response to the user to prevent their application from continuing to connect to the blocked domain.

If you add the domain to the denied list and that DNS request has already been cached by an internal DNS server, then the ThreatBlockr will not see the outbound DNS request as it is being handled by the internal server. When adding a domain to the denied list, it is recommended to flush cache on the internal DNS server.

Domain Allowed Lists

Domain Allowed Lists are used to override blocks that may have occurred due to a domain being on a Domain Denied List. As the ThreatBlockr does not perform a namespace lookup, and as IP connections are not blocked or stopped by domain blocking, a Domain Allowed List entry will not allow an IP that has been identified by an IPv4 Threat List or Denied List.