Advanced DNS Security Powered by Precision AI®
Manage Custom FQDN List
Table of Contents
Manage Custom FQDN List
Group FQDNs into objects to override Advanced DNS Security Resolver settings. Apply
granular allow, block, or sinkhole actions at the profile level for tailored network access
control.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Custom FQDN lists provide a granular method for managing access within your Advanced DNS Security Resolver configuration. These lists allow you to group specific Fully
Qualified Domain Names (FQDNs) into a single object, which can then be used to
override global Advanced DNS Security Resolver settings. This is particularly useful for
managing allow/block lists for domains that are unique to your organization's
operational requirements. When creating these lists, it is essential to include only
valid FQDNs; generic keywords or IP addresses are not supported within these
specific objects.
Once defined, these lists are applied to a DNS Security profile, where you can assign
a group-level action to all domains within the list. These actions—such as
allow, alert, block, or sinkhole—take precedence
over the automated categories provided by the Advanced DNS Security Resolver.
To maintain optimal performance and security, the Advanced DNS Security Resolver supports
multiple custom lists, allowing you to categorize your overrides by department, risk
level, or geographic region. It is important to remember that the order of
operations matters: custom FQDN list actions are evaluated early in the DNS
inspection process. By strategically managing these lists, you can fine-tune the
resolver's behavior to provide a balance between strict security enforcement and the
necessary access required for your specific network environment.
- Log in to the Strata Cloud Manager on the hub.Select and then go to the Custom FQDN List tab.You can view your available custom FQDN lists and view the general information about each, including the number of FQDNs contained in a given list and a description. Additionally, you can delete or update each FQDN list that was previously added.
![]()
To create a new custom FQDN list:- Select Create FQDN List and provide a name and, optionally, a description, for the new custom FQDN list:
![]()
- You can either + Add the FQDNs to be added to the FQDNs List or Import List of existing FQDNs supplied in a text (.txt) file managed by your organization.
![]()
- Save your custom FQDN list.
To apply the custom FQDN to a DNS Security Profile:- Select and then go to the DNS Security Profiles tab.
- Select a DNS Security profile that you want to apply the custom FQDN list to and select Overrides tab.
![]()
- From the Custom FQDN List panel, + Add or delete list entries (using the icon) to modify the custom FQDN list as necessary. Keep in mind, only custom FQDN lists that have been previously created can be added.
- Select an Action for each custom FQDN list entry.
![]()
- allow—The DNS query is allowed.
- alert—The DNS query generates an alert. DNS queries that generate an alert are saved in the DNS Security log.
- block—The DNS query is blocked.
- sinkhole—Forges a DNS response for a DNS query targeting a detected malicious domain. This directs the resolution of the malicious domain name to a specific IP address (referred to as the Sinkhole IP), which is embedded as the response.
- You can add multiple entries by opening additional fields using + Add.
- Click Save when finished.
