At some point you may need to block or filter out a Domain that’s been proven to be infected with a virus, or a domain that doesn’t meet the security requirements of your organization.

Policy Rules

• Most Policies can be set at the server or the zone level. If you need more control at the zone level, you can modify the Add-DNSServerQueryResolutionPolicy command by adding the parameter -zonename to identify the DNS Zone that applies to this policy. The example in this lecture will be applied at the server level.

Identifying the Malicious Domain

• Here’s an example – We have identified the Domain virus.com as being a malicious domain.

• Use this PowerShell command

• Add-DnsServerQueryResolutionPolicy –Name ‘BlockListPolicy’ –Action Ignore –FQDN “EQ,*.virus.com”

Now lets break this command down so you’ll understand what’s happening

Understanding the Command

The Add-DnsServerQueryResolutionPolicy determines how DNS queries are handled by the criteria that you specify in the policy. Here are the parameters that we’ll use with the command. Parameters are always preceded by a minus sign –

• -Name – gives the policy a name (BlockListPolicy)

• -Action – Gives an action, in this case the action is to ignore any queries coming in or going out to the virus.com domain or its sub-domains.

• FQDN – Designates the fully qualified domain name

• EQ – Means equal to, in this case equal to virus.com, and the *. designates all subdomains of virus.com

• After you have run this command DNS clients will no longer be able to resolve names in the virus.com domain and its subdomains.

• If you have any clients that have been accessing the virus.com domain you will have to reboot their computer or run the ipconfig /flushdns command to clear the cache.

**If you want to verify your policy information you can type the command. **

Get-DnsServerQueryResolutionPolicy -Name ‘BlocklistPolicy’ | Format-List * And…