BlueCat’s Address Manager includes centralized threat management through the Response Policy Zone (RPZ) mechanism. The RPZ maintains a database file listing domain names and IP addresses that can be entered by administrators to be blocked, monitored (passthru), or redirected by DNS servers. Depending on the type of threat, RPZ actions may include Blacklist, Whitelist, Blackhole or Redirect.
How Response Policies Work
Response Policies allow DNS to respond on behalf of zones and records for which it is not authoritative. This allows the DNS server to provide a response for any DNS query.
For example, if you wanted to limit access to Dropbox, you could use Response Policies to redirect all requests for *.dropbox.com to an internal website that would alert a user that access to Dropbox is not permitted within the corporate network.
Response Policies support both IPv4 and IPv6, and can match against an IP lookup, where IP-based matches are added as PTR records.
Response Policy actions:
Blacklist: Responds to query with an NXDOMAIN indicating that the host does not exist
Whitelist: Logs the query without any action
Blackhole: Responds to query with NODATA
Redirect: Responds to queries with an alias (CNAME) to effectively redirect the query to another site
BlueCat provides you with the flexibility and control to allow you to configure Response Policies to define your own local policies based upon your unique business requirements and threat protection needs.