Allow or Block DNS Resolution on CIDR Blocks

Use the network block list and allow list functionality to make granular block and allow settings in a Securd security policy.

Block and allow options

• Block site at the network level – Records resolving to a network will be immediately blocked no additional processing.**
• Allow site at the network level – Allow hosts or domains resolving to a network to never be blocked and override all security policy settings.**

Step 1: Review your security policy

In the Securd policy editor, administrators need to be familiar with the active allow/block policies lists that are mapped to a security policy. Modifying the policy lists will be immediately applied to policy that is mapped to your sites, agents and browser deployment.

Step 2: Choose a block or allow list to modify

Chose network list that you want to edit. Allow lists are highlighted in green. Block lists are highlighted in red. You can also create a new list if you chose. Make sure the new list is mapped to a policy as in Step 1.

Step 3: Add networks to your block or allow list

In the policy list editor, add a CIDR block that you wish to block or allow. In this example, we will block access to 111.222.333.0/24. Since the policy is mapped to your default security policy (as displayed in Step 1), when you hit “Save” the all domains with records on 111.222.333.0/24 will be immediately start to be blocked.

Step 4: Verify block or allow by visiting a domain pointed to the network

To verify your policy list change, browse to a domain with a record on 111.222.333.0/24 . Instead of being able to access the domain, you will be presented a Securd block page. The block page will also have a reason displayed why the page was blocked.