< Home

add { blacklist | whitelist } (DNS filtering profile view)

Function

The add { blacklist | whitelist } command adds blacklist and whitelist rules to the DNS filtering profile.

The undo add { blacklist | whitelist } command removes blacklist and whitelist rules from the DNS filtering profile.

Format

add { blacklist | whitelist } host-text

undo add { blacklist | whitelist } { host-text | all }

Parameters

Parameter Description Value
blacklist

Indicates a blacklist rule.

-
whitelist

Indicates a whitelist rule.

-
host-text

Specifies a domain name rule.

  • The value is a string of 4 to 255 characters and cannot contain slashes (/), backslashes (\), number signs (#), double quotation marks ("), or question marks (?).

  • The asterisk (*) can appear at the beginning, middle, or end of a domain name rule:
    • When it appears at the beginning, it is a wildcard character that indicates suffix matching, such as *abc.
    • When it appears in the middle, it is a common character, such as ab*c.
    • When it appears at the end, it is a wildcard character that indicates prefix matching, such as abc*.
    • When it appears at both the beginning and the end, it is a wildcard character and indicates keyword matching, such as *abc*.

    If a domain name rule contains a wildcard character, it must contain at least three consecutive characters except the wildcard character, such as *abc, *abc*, **ab, and *a*b.

  • If a domain name rule does not contain any wildcard character, the domain name is matched in exact matching mode. In this case, the domain name rule must contain at least four consecutive characters, such as abcd.
all

Indicates all domain name rules.

-

Views

DNS filtering profile view

Default Level

2: Configuration level

Usage Guidelines

  • Blacklist

    To improve working efficiency of employees and optimize enterprise network bandwidth usage, online behavior of employees needs to be controlled. Employees are not allowed to access entertainment, game, and video websites.

    You can configure a DNS filtering blacklist and match the Host extracted from the DNS request packet against the blacklist. If a match is found, access to the website with this domain name is blocked or redirected to a specified IP address.

  • Whitelist

    Enterprises have special requirements and do not need to filter requests for certain websites.

    You can configure a DNS filtering whitelist and match the Host extracted from the DNS request packet against the whitelist. If a match is found, access to the website with this domain name is allowed.

Example

# Create DNS filtering profile profile_development and add www.example.com to the blacklist.
<sysname> system-view
[sysname] profile type dns-filter name profile_development
[sysname-profile-dns-filter-profile_development] add blacklist www.example.com
Parent Topic: DNS Filtering Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >