Forward Resolution Domain Denylisting
Blocking a lookup based on the query's domain name value.Synonyms: Forward Resolution Domain Blacklisting .
How it works
Policies are created that filter DNS queries using fully qualified domain name (FQDN) of record in the query. A DNS policy can be created for blocking DNS queries from FQDNs that have been identified as unauthorized.
Continuous maintenance of unauthorized domain lists is needed to keep up to date as updates occur.
There are 3 techniques in this category, Forward Resolution Domain Denylisting.
|Forward Resolution Domain Denylisting||D3-FRDDL||Blocking a lookup based on the query's domain name value.||Forward Resolution Domain Blacklisting|
|- Hierarchical Domain Denylisting||D3-HDDL||Blocking the resolution of any subdomain of a specified domain name.||Hierarchical Domain Blacklisting|
|- Homoglyph Denylisting||D3-HDL||Blocking DNS queries that are deceptively similar to legitimate domain names.||Homoglyph Blacklisting|
The following references were used to develop the Forward Resolution Domain Denylisting knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)