Chapter 6: Definition Reference

restrict dns

This definition restricts DNS lookups and is useful in installations where access to DNS resolution is limited or problematic. The definition has no name because it is not directly referenced by any rules. It is global to policy evaluation and intended to prevent any DNS lookups caused by policy. It does not suppress DNS lookups that might be required to make upstream connections.

If the domain specified in a URL matches any of the domain patterns specified in domain_list, no DNS lookup is done for any category=, url=, url.address=, url.domain=, or url.host= test.

The special domain "." matches all domains, and therefore can be used to restrict all policy-based DNS lookups.

If a lookup is required to evaluate the trigger, the trigger evaluates to false.

A restrict dns definition may appear multiple times in policy. The compiler attempts to coalesce these definitions, and may emit various errors or warnings while coalescing if the definition is contradictory or redundant.

Syntax

restrict dns restricted_domain_list

except exempted_domain_list

end

where

restricted_domain_list—Domains for which DNS lookup is restricted.

exempted_domain_list—Domains exempt from the DNS restriction. Policy is able to use DNS lookups when evaluating policy related to these domains.

Layer and Transaction Notes

Applies to all layers and transactions.

Example

The following definition restricts DNS resolution to all but mydomain.com:

restrict dns

. ; meaning “all” except

mydomain.com

end

See Also

Conditions: category=, url=, server_url=

Definitions: restrict rdns

267

Page 266 Page 268
Page 267
Image 267
Blue Coat Systems Proxy SG manual Restrict dns
Page 266 Page 268
Top Page Image Contents