Policy, access control, data manipulationΒΆ

Features in this section allow to configure what clients can get access to what DNS data, i.e. DNS data filtering and manipulation.

Query policies specify global policies applicable to all requests, e.g. for blocking access to particular domain. Views and ACLs allow to specify per-client policies, e.g. block or unblock access to a domain only for subset of clients.

It is also possible to modify data returned to clients, either by providing Static hints (answers with statically configured IP addresses), DNS64 translation, or IP address renumbering.

Additional modules offer protection against various DNS-based attacks, see Rebinding protection and Refuse queries without RD bit.

At the very end, module DNS Application Firewall provides HTTP API for run-time policy modification, and generally just offers different interface for previously mentioned features.