Sign up to access this lesson
Click here to sign up and get access to this lesson!

Saving Progress...
At some point you may need to block or filter out a Domain that’s been proven to be infected with a virus, or a domain that doesn’t meet the security requirements of your organization.
Policy Rules
• Most Policies can be set at the server or the zone level. If you need more control at the zone level, you can modify the Add-DNSServerQueryResolutionPolicy command by adding the parameter -zonename to identify the DNS Zone that applies to this policy. The example in this lecture will be applied at the server level.
Identifying the Malicious Domain
- Here’s an example – We have identified the Domain virus.com as being a malicious domain.
- Use this PowerShell command
- Add-DnsServerQueryResolutionPolicy –Name ‘BlockListPolicy’ –Action Ignore –FQDN “EQ,*.virus.com”
Now lets break this command down so you’ll understand what’s happening
Understanding the Command
The Add-DnsServerQueryResolutionPolicy determines how DNS queries are handled by the criteria that you specify in the policy. Here are the parameters that we’ll use with the command. Parameters are always preceded by a minus sign –
- -Name – gives the policy a name (BlockListPolicy)
- -Action – Gives an action, in this case the action is to ignore any queries coming in or going out to the virus.com domain or its sub-domains.
- FQDN – Designates the fully qualified domain name
- EQ – Means equal to, in this case equal to virus.com, and the *. designates all subdomains of virus.com
- After you have run this command DNS clients will no longer be able to resolve names in the virus.com domain and its subdomains.
- If you have any clients that have been accessing the virus.com domain you will have to reboot their computer or run the ipconfig /flushdns command to clear the cache.
If you want to verify your policy information you can type the command.
Get-DnsServerQueryResolutionPolicy -Name ‘BlocklistPolicy’ | Format-List * And I’ll explain this command once we get into PowerShell.
Let’s go ahead and see what these commands look like in PowerShell.
And there is our command to create the blocklist policy
Add-DnsServerQueryResolutionPolicy –Name ‘BlockListPolicy’ –Action Ignore –FQDN “EQ,*.virus.com”
Press return
- Now let’s go ahead and get some information on our block list policy.
- Here is the command
Get-DnsServerQueryResolutionPolicy -Name ‘BlocklistPolicy’ | Format-List *
There is the pipe operator.
- So, what’s a pipe operator?
- In PowerShell this symbol is called a Pipe operator. What this does, it takes the output of the policy named blocklistpolicy and formats it in list form.
- BTW – The pipe operator symbol is located on most keyboards, right above the enter key.
Ok let’s take a look at our list:
- Action – Ignore – all queries coming in or going out of virus.com or it’s sub-domains.
- AppliesOn – Any queries we have already defined
- Is Enabled – Is set to True
- Level – Server level, as opposed to zone level
Name – BlocklistPolicy
- Let’s go ahead and remove the Policy we just created.
Remove-DnsServerQueryResolutionPolicy -Name ‘BlockListPolicy , And it says removing the server level policy
Click yes
Lets go back and see what information is left after we removed the policy.
Type the command
Get-DnsServerQueryResolutionPolicy -Name ‘BlocklistPolicy’ | Format-List * Error – Failed to get policy, The Policy does not exist.
- So that command was successful
One of the challenges that you may encounter is blocking a malicious zone or a zone that does not meet the security standards of your organization. You can use filters to successfully block these zones.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.
CURRICULUM
Course Introduction • 10min
0 / 2 lessons complete
Instructor and Course Introduction
Video | 7 min
What's New in Windows Server 2016 DNS
Free lesson
Video | 3 min
DNS Basics • 56min
0 / 8 lessons complete
What is DNS
Video | 3 min
Installing the DNS Windows Server Role
Video | 6 min
Building DNS Server Quiz
Quiz | 10 Questions
The Hosts File
Video | 4 min
DNS Console Overview
Video | 7 min
Recursive and Iterative Queries
Video | 8 min
DNS Basics LAB
Video | 10 min
DNS Basics Quiz
Quiz | 8 Questions
DNS Resource Records • 45min
0 / 5 lessons complete
DNS Resource Record Types
Video | 3 min
Creating the mytestzone Forward Lookup Zone
Text | 2 min
Creating DNS Resource Records
Video | 4 min
Creating DNS Resource Records Lab
Lab | 30 min
DNS Resource Records Quiz
Quiz | 7 Questions
DNS Zones • 4hr 11min
0 / 12 lessons complete
DNS Zones
Video | 4 min
Creating a Forward and Reverse Lookup Zone
Video | 5 min
Creating a Secondary Zones
Video | 9 min
Stub Zone Creation
Video | 11 min
Active Directory Zone Replication
Video | 12 min
Implementing DNS Forwarding
Video | 8 min
Implementing Conditional DNS Forwarding
Video | 7 min
Forward and Reverse Zone Creation Lab
Lab | 60 min
Creating a Secondary Zone Lab
Lab | 30 min
Conditional Forwarding Lab
Lab | 60 min
Creating a Stub Zone Lab
Lab | 30 min
DNS Zones Quiz
Quiz | 15 Questions
DNS Delegation • 50min
0 / 4 lessons complete
Domain Name System and DNS Delegation
Video | 7 min
Windows 2016 Server and DNS Zone Delegation
Video | 8 min
DNS Delegation Lab
Lab | 30 min
QUIZ - Domain Name System and DNS Delegation
Quiz | 5 Questions
DNS Security Techniques • 36min
0 / 5 lessons complete
DNS Security Techniques Overview
Video | 9 min
Configuring DNS Cache Locking
Video | 5 min
Configuring DNS Socket Pools
Video | 6 min
Configuring Response Rate Limiting
Video | 8 min
DNS Security Techniques Quiz
Quiz | 8 Questions
Advanced DNS Topics • 22min
0 / 5 lessons complete
Overview of Advanced Topics
Video | 1 min
Enabling Round Robin and Netmask Ordering
Video | 5 min
Configuring Recursion
Video | 4 min
IPV4 and IPV6 Root HInts
Video | 6 min
Advanced DNS Topics Quiz
Quiz | 6 Questions
DNS Security (DNSSEC) • 1hr 16min
0 / 6 lessons complete
Windows DNS Security Overview
Video | 7 min
Symmetric vs Asymmetric Encryption
Video | 5 min
Installing DNSSEC on Windows 2016 Server
Video | 12 min
DNSSEC Client Install
Video | 7 min
DNSSEC (DNS Security Lab)
Lab | 30 min
DNSSEC Quiz
Quiz | 15 Questions
DNS Policies • 55min
0 / 6 lessons complete
DNS Policies Background Information
Video | 8 min
Configuring DNS Filtering
Video | 7 min
Configuring Split Brain DNS in an Active Directory Environment
Video | 12 min
Configuring DNS Selective Recursion Policy
Video | 7 min
Configuring a Traffic Management Policy
Video | 11 min
DNS Policies Quiz
Quiz | 10 Questions
PowerShell for DNS • 1hr 27min
0 / 6 lessons complete
PowerShell for DNS Part 1
Video | 2 min
PowerShell for DNS Part 2
Video | 5 min
PowerShell for DNS Part 3
Video | 10 min
PowerShell for DNS Part 4
Video | 5 min
PowerShell for DNS LAB
Lab | 60 min
Powershell for DNS Quiz
Quiz | 5 Questions
Troubleshooting DNS Issues - Troubleshooting Tools • 1hr 39min
0 / 8 lessons complete
Troubleshooting Tools Every IT Pro Must Know
Video | 9 min
The Events Viewer Overview
Video | 6 min
Subscriptions
Video | 9 min
Monitoring and Debug Logging
Video | 9 min
Trouble-Shooting DNS Client Issues
Video | 4 min
Troubleshooting Subscriptions Lab
Lab | 30 min
DNS Troubleshooting Lab
Lab | 30 min
DNS Troubleshooting Quiz
Quiz | 2 Questions