Advanced DNS Security Powered by Precision AI®
Manage Domain Overrides
Table of Contents
Manage Domain Overrides
The Advanced DNS Security Resolver uses a specific order of operations to decide
whether to allow, block, or sinkhole a request.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
You can specify a list of custom FQDNs or EDLs (External Dynamic Lists) that the Advanced DNS Security Resolver can reference to apply a user-specified action, such as allow,
block, alert, or sinkhole when the DNS query is made to a qualifying domain. The Advanced DNS Security Resolver provides several mechanisms for evaluating domains based on
several criteria, this includes:
- Internal Domains with a series of default values that are commonly used
- Custom FQDN Lists (Override)
- EDL Definitions (Override)
- DNS Categories from content-updates, as well as domain categories that are derived using a combination of cloud-based analysis and machine learning powered by its Precision AI engine, which inspects DNS traffic for malicious patterns
- Log in to the Strata Cloud Manager on the hub.Select and then select an existing DNS Security profile or create a new one (if you are creating a new DNS Security profile for the Advanced DNS Security Resolver, be sure to review the requirements and other related configuration tasks).In the Overrides tab, add domains to an allow list. If your organization uses third party threat feeds as part of a comprehensive threat intelligence solution, you can also reference those in the form of external dynamic lists (EDLs) as part of your overrides configuration.
![]()
Add Custom FQDN List:- From the Custom FQDN List panel, + Add or delete lists (using the icon) to modify the referenced custom FQDN list as necessary. If none have been previously created, you can Create new Custom FQDN List by selecting the bottom-most option under the FQDN List drop down. For details on the options related to creating an new custom FQDN list, refer to: Manage Custom FQDN List.
- Select an Action for each custom FQDN list entry.
- allow—The DNS query is allowed.
- alert—The DNS query generates an alert. DNS queries that generate an alert are saved in the DNS Security log.
- block—The DNS query is blocked.
- sinkhole—Forges a DNS response for a DNS query targeting a detected malicious domain. This directs the resolution of the malicious domain name to a specific IP address (referred to as the Sinkhole IP), which is embedded as the response.
- You can add multiple list entries by opening additional fields using + Add.
- Click Save when finished.
Add EDL Definitions:- From the EDL Definitions panel, + Add or delete lists (using the icon) to modify the referenced EDL list as necessary. If none have been previously created, you can Create new External Dynamic List by selecting the bottom-most option under the EDL definition drop down. For details on the options related to creating an EDL, refer to: Manage External Dynamic List.
- Select an Action for each EDL list entry.
- allow—The DNS query is allowed.
- alert—The DNS query generates an alert. DNS queries that generate an alert are saved in the DNS Security log.
- block—The DNS query is blocked.
- sinkhole—Forges a DNS response for a DNS query targeting a detected malicious domain. This directs the resolution of the malicious domain name to a specific IP address (referred to as the Sinkhole IP), which is embedded as the response.
- You can add multiple entries by opening additional fields using + Add.
- Click Save when finished.
