Manage DNSWatch Blocklist Domains
DNSWatch automatically denies connections to domains based on Domain Feeds. If you determine that a domain that does not appear on the Domain Feeds is a threat, you can manually add the domain to the DNSWatch Blocklist. When you add a domain to the Blocklist, DNSWatch returns the IP address of a blackhole server in response to DNS queries for the domain. For more information about blackhole servers, go to About DNSWatch Blackhole Servers.
To manage DNSWatch blocklist domains:
- Log in to your DNSWatch account.
- Select Configure > Domain Blocklist.
From this page you can:
- Search to view whether a domain is currently allowed or denied
- Add, update, and delete domains on the Blocklist
- Filter the Blocklist
About the DNSWatch Test Domain
By default, the Blocklist contains the domain test.strongarm.io. This domain is resolvable only by the DNSWatch DNS servers.
- Use this domain to safely test DNSWatch from your protected network.
- When you browse to this domain from a computer on your protected network, the DNSWatch block page appears.
- Use this domain to verify or demonstrate that DNSWatch resolves the domain and blocks connections to malicious sites.
Do not add other non-malicious domains to the Blocklist to test DNSWatch. To block domains based on the content, create a content filter policy. For information about content filter policies, go to Manage User Access to Content in DNSWatch.
Domain Search
You can use the Domain Search feature to check whether a domain is already included in the Domain Blocklist, Domain Allowlist, or Feeds. If a domain is not found on one of these lists, it appears in the search results as an allowed domain.
To search for a domain from the Blocklist:
- Select Configure.
- In the Search for a Domain text box, type the domain name and Enter.
The Domain Search page appears with the search results and Actions.
If the results show that a domain is allowed and not on the Allowlist, you can select the Add domain to your Blocklist action in the search results to add it to the Blocklist.
For more information about the Domain Search page, go to Search DNSWatch Domains.
Add Domains to the Blocklist
If you want to block a domain that does not appear in the domain feeds, you can manually add the domain to the Blocklist.
You cannot add a domain to the Blocklist if it is already on the Allowlist.
When you add a domain to the Blocklist, you can share the domain information with WatchGuard. This helps WatchGuard improve the domain feeds for all users. If you do not want to share a domain on the Blocklist with WatchGuard, clear the Share this domain check box. The DNSWatch Service Settings control whether you can change this setting. For more information, go to Configure DNSWatch Service Settings.
- Select Configure > Domain Blocklist.
The Domain Blocklist page opens. - Click Add a Domain to Blocklist.
The Add domain to Blocklist page opens.
- In the Domain Name text box, type the domain name to add. Tip!
- If you do not want to include subdomains, clear the Include Subdomains check box.
- In the Domain Description text box. add a description for this domain.
- If you do not want to share the domain with WatchGuard, clear the Share this domain check box.
- In the Analysis text box, explain why you want to add the domain to the blocklist.
- Click Save.
The domain is added to the Blocklist.
You can also add up to 100 new domains to the Blocklist at the same time. Each domain is added as a separate list item.
- Click Add Multiple Domains to Blocklist.
- In the Domain List text box, type or paste a list of domain names. You can specify one domain name on each line or you can use a comma, space, or semicolon to separate each domain name. Tip!
- To include the subdomains for all of the listed domains, select the Include Subdomains check box.
- In the Description for all Domains text box. add a description for the domains.
- If you do not want to share this list of domains with WatchGuard, clear the Share these domains check box.
- In the Analysis text box, explain why you want to add the domains to the blocklist.
- Click Save.
Each domain name is added as a separate list item.
Update a Domain on the Blocklist
For each domain, you can update the description and select whether to include subdomains.
- In the Actions column for the domain, click Update.
The Update Domain page opens.
- Make updates to the Include subdomains setting or Description.
- Click Save.
Remove a Domain from the Blocklist
When you remove a domain from the Blocklist, DNSWatch does not deny DNS requests to it unless it appears in a Domain Feed.
- In the Actions column for the domain click Delete.
The Remove Domain page appears.
- To confirm that you want to remove the domain, click Delete.
Filter the Blocklist
You can apply filters to find domains on the Blocklist that meet specific criteria. You can filter based on the domain name, the description, and the user who added the domain to the Blocklist.
To filter domains:
- Click Filter.
A list of available filters appears.
- Specify one or more of the available filters.
- To apply the specified filters, click Apply Filters.
The domain list is filtered and the filters are no longer visible.
To clear the filters:
- Click Filter.
- Click Clear Filters.
The domain list is not filtered.