Windows DNS – how to block queries or domains

I got request form IT Security team to block DNS query malware in DNS Service.

They guide me with follow this link.

https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries 

ex: Add-DnsServerQueryResolutionPolicy -Name “BlockListPolicy” -Action IGNORE -FQDN “EQ,*.onion” -PassThru

Unfortunately, this PowerShell command works only Windows server 2016 or greater.

For previous versions read those articles:

https://superuser.com/questions/458590/how-to-setup-a-dns-blacklist-whitelist-on-windows-server-2008-r2

https://serverfault.com/questions/513777/prevent-dns-responses-for-specific-domain-completely

third-party DNS firewall:

https://softati.com/download/dns-firewall/

 

 

Published by jdalbera

IT Pro: 25 years experience for large companies - Technical manager and solution architect: Directory services and Identity Management, Azure AD, Office 365, Azure infrastructures, Microsoft AD Security (ADDS,ADFS,ADCS), PowerShell, Quest solutions architect. Operating systems (Win/Lin). Unix and Microsoft interoperability. Data center Operations. Company integrations. Network architectures. Virtualization and storage infrastructures. HP/Dell servers deployments. Certifications: MCSE, MCPs, MCITS, ITIL, VCP, CCNA, CyberArk

%d bloggers like this: