Security administrators often require precise and immediate control over domain resolution that extends beyond the default threat intelligence feeds and broad domain categories. Previously, when using the Advanced DNS Security Resolver, you could only configure Fully Qualified Domain Names (FQDNs) to be explicitly set as 'allowable' domains with an association with a specific DNS Security profile. This limitation prevented the granular enforcement of diverse actions (like blocking or sinkholing) on custom domain lists unique to a network’s immediate threat posture or specific compliance needs. Additionally, replicating these FQDNs across multiple security profiles required manual re-entry, which could consume a significant amount of time.

The introduction of Custom Domain List Support for the Advanced DNS Security Resolver solves this critical challenge by providing administrators with control over security policy enforcement. This enhancement allows you to create and manage custom FQDN lists that are not tied to a DNS Security profile and apply explicit security actions to them.

You can now apply specific enforcement actions, including allow, block, alert or sinkhole, to domains defined in your referable custom FQDN lists. This capability is essential for stopping communication with internal or custom-identified command-and-control (C2) domains, and other malicious domains, or ensuring strict adherence to unique organizational compliance lists. By defining explicit security actions for customized FQDN lists, you strengthen your first line of defense against sophisticated, DNS-based attacks.