Common DNS policies
The following policies are commonly used to secure DNS traffic.
Block content categories
Block content categories which go against your organization’s acceptable use policy.
| Selector | Operator | Value | Action |
|---|---|---|---|
| Content categories | in | Adult Themes, Gambling | Block |
Block applications
Block content categories which go against your organization’s acceptable use policy.
| Selector | Operator | Value | Action |
|---|---|---|---|
| Application | in | Netflix | Block |
Check user identity
Configure access on a per user or group basis by adding identity-based conditions to your policies.
| Selector | Operator | Value | Action |
|---|---|---|---|
| Application | in | Salesforce | Block |
| User Group Names | in | Contractors |
Control IP version
Enterprise users can pair these policies with an egress policy to control which IP address is used to egress to the origin server.
Force IPv4
Force users to connect with IPv4.
| Selector | Operator | Value | Logic | Action |
|---|---|---|---|---|
| Query Record Type | is | AAAA | And | Block |
| Domain | is | example.com |
Force IPv6
Force users to connect with IPv6.
| Selector | Operator | Value | Logic | Action |
|---|---|---|---|---|
| Query Record Type | is | A | And | Block |
| Domain | is | example.com |
Refer to the DNS policies page for a comprehensive list of other selectors, operators, and actions.