Configuring blocklisted domains
Use Blocklisted Domains option to deny ACL large sets of DNS domains.
To configure:
- Go to Global Protection > Blocklist > Blocklisted Domains.
- Select the option based on the requirement:
- Upload: Choose and upload the file with the list of blocklisted domains. The supported file formats are Text, MS-DOS, CSV MS-DOS and CSV (comma delimited).
Note:
- List entries must be individual Fully Qualified Domain Names (FQDNs), including the TLD (e.g. mail.fortinet.com). Wildcard Domain Names are not supported.
- If you upload a new file, the new file replaces the older database but does not affect the individually added address from Create New below. There is no “append” function for uploaded files.
- FortiDDoS supports a maximum of 1 million FQDNs in the uploaded list.
- Uploads can take several minutes and there is no progress meter. Failure and success messages are displayed as appropriate.
- Download: Save the file with the list of blocklisted domains to your system. This file includes uploaded and individually added FQDNs.
- Clear: Clear the current FQDN list AND any individually added FQDNs from the GUI page list.
- Create New: Add a new single blocklisted domain and click Save to include it in the existing list. FortiDDoS allows a maximum of 1024 added Domains.
- Delete: Enter the specific domain address to remove from the existing list and click Delete.
- Upload: Choose and upload the file with the list of blocklisted domains. The supported file formats are Text, MS-DOS, CSV MS-DOS and CSV (comma delimited).
Note:
- Since a Domain name is present in both the Query and Response, Domain Blocklist will drop any Responses it sees containing blocklisted domains, even if FortiDDoS does not see the Query. This is useful in two circumstances:
- Asymmetric traffic where FortiDDoS is seeing the inbound traffic link only (does not see outbound Queries). Thus Domain Blocklist is effective on ISP peering and transit links to block malicious and botnet C&C Domains.
- Reflected Response Floods may use malicious FQDNs, in which case Domain Blocklist may see the flood before DQRM sees it.