Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=DNS-protection-domains

Domain lists

DNS Protection policies allow or block entire web categories. So, you can add a domain list to allow or block specific domains. For example, if you've blocked a web category in a policy but want to allow specific domains, you can create a list of those domains, add that list to the policy, and then allow that list.

When you allow or block a list in a policy, all domains in that list are allowed or blocked. For example, if you have four domains in a list and allow that list in a policy, DNS Protection allows all four domains.

By default, DNS protection blocks websites that might be a security risk, such as websites with a poor threat score or reputation. This is enforced whether or not you allow such websites using a domain list.

Tip

Add your internal domains to a domain list and then allow that list in the policy where your domain's web category might be blocked. This ensures that your local sites and services, for example, connections to ZTNA gateways, aren't blocked if your domain is in a restricted category, such as Parked Domains.

The Domain lists page shows all the domain lists you've created, the number of domains in each list, its description, and the date it was last modified.

To delete a domain list, select a domain list and click Delete.

Note

You can't delete a domain list added to a policy. When you're deleting a domain list added to a policy, the error message shows the policy it is added to. Remove it from the policy first, then delete it.