To redirect blacklisted domains on the firewall level, use DNS blacklisting. The Barracuda NextGen Firewall F-Series scans replies from the DNS servers and manipulate the replies if blacklisted hostnames are found. DNS blacklisting only works for UDP DNS queries. If the DNS queries use TCP, the blacklist is not applied.
- The DNS query is intercepted and the A record is replaced with a replacement IP address.
- The DNS query is intercepted and answered with NXDOMAIN, signaling the hostname does not exist.
Configure DNS Blacklisting
Configure domains that should be blocked or redirected.
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Settings.
- In the left navigation, click DNS Blacklist.
- Click Lock.
- Enable DNS Blacklisting.
- Configure an IPv4 and or IPv6 address which will be returned for blacklisted domains.
- Enter a list of hostnames in the Hostname Blacklist area. These domains will be blacklisted. You can use the following wildcards: * and ? to block multiple domains.
Example: *.google.com will filter all subdomains of google.com, while www.google.?e will filter domains, such as www.google.de and www.google.se.
- Enter exempted domains in the Hostname Whitelist area. These domains will not be blocked, even if they are included in the Hostname Blacklist.
- Click Send Changes and Activate.
If queries are blocked/replaced due to blacklisting, an entry is added in the IPS section of the Threat Scan Page.