Manage DNSWatch Blocklist Domains

DNSWatch automatically denies connections to domains based on Domain Feeds. If you determine that a domain that does not appear on the Domain Feeds is a threat, you can manually add the domain to the DNSWatch Blocklist. When you add a domain to the Blocklist, DNSWatch returns the IP address of a blackhole server in response to DNS queries for the domain. For more information about blackhole servers, go to About DNSWatch Blackhole Servers.

To manage DNSWatch blocklist domains:

  1. Log in to your DNSWatch account.
  2. Select Configure > Domain Blocklist.

From this page you can:

  • Search to view whether a domain is currently allowed or denied
  • Add, update, and delete domains on the Blocklist
  • Filter the Blocklist

About the DNSWatch Test Domain

By default, the Blocklist contains the domain test.strongarm.io. This domain is resolvable only by the DNSWatch DNS servers.

  • Use this domain to safely test DNSWatch from your protected network.
  • When you browse to this domain from a computer on your protected network, the DNSWatch block page appears.
  • Use this domain to verify or demonstrate that DNSWatch resolves the domain and blocks connections to malicious sites.

Do not add other non-malicious domains to the Blocklist to test DNSWatch. To block domains based on the content, create a content filter policy. For information about content filter policies, go to Manage User Access to Content in DNSWatch.

Domain Search

You can use the Domain Search feature to check whether a domain is already included in the Domain Blocklist, Domain Allowlist, or Feeds. If a domain is not found on one of these lists, it appears in the search results as an allowed domain.

To search for a domain from the Blocklist:

  1. Select Configure.

Domain Search text box in the Configure drop-down list

  1. In the Search for a Domain text box, type the domain name and Enter.
    The Domain Search page appears with the search results and Actions.

If the results show that a domain is allowed and not on the Allowlist, you can select the Add domain to your Blocklist action in the search results to add it to the Blocklist.

For more information about the Domain Search page, go to Search DNSWatch Domains.

Add Domains to the Blocklist

If you want to block a domain that does not appear in the domain feeds, you can manually add the domain to the Blocklist.

You cannot add a domain to the Blocklist if it is already on the Allowlist.

When you add a domain to the Blocklist, you can share the domain information with WatchGuard. This helps WatchGuard improve the domain feeds for all users. If you do not want to share a domain on the Blocklist with WatchGuard, clear the Share this domain check box. The DNSWatch Service Settings control whether you can change this setting. For more information, go to Configure DNSWatch Service Settings.

You can also add up to 100 new domains to the Blocklist at the same time. Each domain is added as a separate list item.

Update a Domain on the Blocklist

For each domain, you can update the description and select whether to include subdomains.

Remove a Domain from the Blocklist

When you remove a domain from the Blocklist, DNSWatch does not deny DNS requests to it unless it appears in a Domain Feed.

Filter the Blocklist

You can apply filters to find domains on the Blocklist that meet specific criteria. You can filter based on the domain name, the description, and the user who added the domain to the Blocklist.

To filter domains:

  1. Click Filter.
    A list of available filters appears.

Screen shot of the Filters options

  1. Specify one or more of the available filters.
  2. To apply the specified filters, click Apply Filters.
    The domain list is filtered and the filters are no longer visible.

To clear the filters:

  1. Click Filter.
  2. Click Clear Filters.
    The domain list is not filtered.

Related Topics

DNSWatch Dashboard

Manage DNSWatch

Manage DNSWatch Allowlist Domains

Manage Filtered Domains