Manage DNSWatch Blacklist Domains

DNSWatch automatically denies connections to domains based on Domain Feeds. If you determine that a domain that does not appear on the Domain Feeds is a threat, you can manually add the domain to the DNSWatch Blacklist. When you add a domain to the Blacklist, DNSWatch returns the IP address of a Blackhole Server in response to DNS queries for the domain. For more information about Blackhole Servers, see About DNSWatch Blackhole Servers.

To manage DNSWatch blacklisted domains:

  1. Log in to your DNSWatch account.
  2. Select Configure > Blackholed Domains.

From this page you can:

  • Search to see whether a domain is currently allowed or denied
  • Add, update, and delete Blacklisted domains
  • Filter the Blacklist

About the DNSWatch Test Domain

By default, the Blacklist contains the domain test.strongarm.i. This domain is resolvable only by the DNSWatch DNS servers.

  • Use this domain to safely test DNSWatch from your protected network.
  • When you browse to this domain from a computer on your protected network, the DNSWatch block page appears.
  • Use this domain to verify or demonstrate that DNSWatch resolves the domain and blocks connections to malicious sites.

Do not add other non-malicious domains to the Blacklist to test DNSWatch. To block domains based on the content, create a content filter policy. For information about content filter policies, see Manage User Access to Content.

Domain Search

You can use the Domain Search feature to check whether a domain is already included in the Blackholed Domains, Whitelisted Domains, or Feeds. If a domain is not found on one of these lists, it appears in the search results as an allowed domain.

To search for a domain from the Blacklist:

  1. Select Configure.

Domain Search text box in the Configure drop-down list

  1. In the Search for a Domain text box, type the domain name and Enter.
    The Domain Search page appears with the search results and Actions.

If the results show that a domain is allowed and not on the Whitelist, you can select the Add to Blacklist action in the search results to add it to the Blacklist.

For more information about the Domain Search page, see Search DNSWatch Domains.

Add Domains to the Blacklist

If you want to block a domain that does not appear in the domain feeds, you can manually add the domain to the Blacklist.

You cannot add a domain to the Blacklist if it is already on the Whitelist.

When you add a domain to the Blacklist, you can share the domain information with WatchGuard. This helps WatchGuard improve the domain feeds for all users. If you do not want to share a blacklisted domain with WatchGuard, clear the Share this domain check box. The DNSWatch Service Settings control whether you can change this setting. For more information, see Configure DNSWatch Service Settings.

You can also add up to 100 new domains to the Blacklist at the same time. Each domain is added as a separate list item.

Update a Domain on the Blacklist

For each domain, you can update the description and select whether to include subdomains.

Remove a Domain from the Blacklist

When you remove a domain from the Blacklist, DNSWatch does not deny DNS requests to it unless it appears in a Domain Feed.

Filter the Blacklist

You can apply filters to find Blacklisted domains that meet specific criteria. You can filter based on the domain name, the description, and the user who added the domain to the Blacklist.

To filter domains:

  1. Click Filter.
    A list of available filters appears.

Screen shot of the Filters options

  1. Specify one or more of the available filters.
  2. To apply the specified filters, click Apply Filters.
    The domain list is filtered and the filters are no longer visible.

To clear the filters:

  1. Click Filter.
  2. Click Clear Filters.
    The domain list is not filtered.

See Also

DNSWatch Dashboard

Manage DNSWatch

Manage DNSWatch Whitelist Domains

Manage Filtered Domains