Now that your network is configured to access ChurchDNS resolvers, let's set your first policy. Filter Policies control the level of protection and what types of content will be blocked.
Getting Started with Policies
There are five key parts to building and understanding your policies. .
Part 1: Create your Policy and Settings
Go to Policy and click the "New Policy" button.
Our knowledgebase has more information about best practice for using policies, click here to visit our Policy Precedence guide.
ChurchDNS comes preloaded with three base policy templates. If you are satisfied with any of the Base Policies, you can simply use them by selecting in Campus Configuration.
The first step in editing a new policy is to select a base policy to build off. Choosing a base policy will automatically set your new policy to match.
Here you will give your policy a name and a short description. After, you can chose some basic settings:
Force Safe Search: Locks Safe Search compatible search engines to their protected/safe search modes. Also blocks all search engines that do not support safe mode.
YouTube Safe Mode: Locks YouTube in "restricted" mode.
Block Ads: This will most ad networks, banner ads, and popup ads found on many websites.
Use these settings with caution and be sure you understand their effects.
Block Covert Channel: Reduces risk of hidden DNS based tunneling attacks.
Block Unclassified: All unclassified websites will be blocked. This may cause high level of false blocks.
Block Mailer Worm: Blocks MX Records from calling out. Do not use if hosting your own mail servers inside the effected network.
Block DNS Rebinding: Prevents rebinding attacks by disallowing internal IP returns. If you are using DNS for internal hosts, be sure to enter them into Whitelist/Blacklist or they will be blocked.
Allow "A" Records only: Allows only A, AAAA, and CNAME DNS responses. This may cause issues with certain applications.
Max Domain Length: Allows setting of max domain characters.
Spy Mode: Creates rules and records blocks in log without actually blocking to clients. This is good for testing impact of new policies.
Part 2: Set Security Settings
The security settings allow you to manage and block certain types of dangerous domains. It is wise to keep all of these categories blocked in all polices.
Part 3: Set Content Settings
The content settings allow you to manage and block certain types of domains based on your organizations acceptable use and rules. There are four main categories with around 60+ sub categories.
Part 4: Set Application Settings
The Applications settings allow you to manage and block certain types application domains based on your organizations acceptable use and rules. This can be effective at managing network capacity and behaviors.
There are eleven application categories to manage.
For a list of applications category descriptions click here.
Now that we have created a filter policy, you are ready to apply policy to network.