Configure DNS Filtering rules using the Rules tab on the DNS Filtering page. Assign rules to a Nebula policy, select which security and content categories to block, and specify domains to allow and block. Configuring access for a domain will include its subdomains, but configuring access for a subdomain will not include the entire domain.
CAUTION - Before configuring a DNS rule, enter global exclusions for your internal domains to prevent them from being blocked. For more information, see Create global DNS Filtering exclusions in Nebula.
Create DNS Filtering rule
- On the left navigation menu, go to Monitor > DNS Filtering.
- In the top left, select the Rules tab.
- In the top right, click New.
- Enter a name for the DNS Rule.
- Check the box for one or more policies.
Note: Each policy can only have one DNS rule applied. - Click Next to proceed to the Categories tab.
- Expand Security categories to review and modify the preselected security categories.
Note: The recommended protection from Malwarebytes is enabled by default with the Use preconfigured settings toggle. - Expand Content categories and toggle on all desired categories and subcategories to block.
Note: Expand the category's arrow icon
for more granular control. Toggle on specific subcategories without blocking the entire category.
CAUTION - Blocking content categories such as Technology may cause popular business domains to be blocked mistakenly. For more information, see Technology content category. Confirm which category a domain belongs to by using the lookup domain categories field on the right.
- Click Next to proceed to the Allow tab.
- Enter a domain or subdomain.
- Click the plus icon
. - Click Next once all domains or subdomains have been added to proceed to the Block tab.
- Enter a domain or subdomain.
- Click the plus icon .
- Click Complete once all domains or subdomains have been added.
Note: Add domains to the allow list of your DNS rules if you require access to a domain that was blocked.
Categories
The available security and content categories are listed below.
Security categories
| Categories | Description |
| Anonymizer | Sites that allow attackers to hide their IP addresses. |
| Command Control & Botnet | Sites that are queried by compromised devices to exfiltrate information or potentially infect other devices in a network. |
| Cryptomining | Sites that mine cryptocurrency by taking over the user's computing resources. |
| DNS Tunneling | Domains with detected DNS tunneling activity. |
| Domain Generation Algorithm | Domains detected as generated by algorithms seen in malware. |
| Malware | Sites hosting malicious content and other compromised websites. |
| Phishing | Domains that are known for stealing personal information. |
| Private IP Address | Domains that resolve to private IP Addresses. |
| Spam | Sites that are known for targeting users with unwanted sweepstakes, surveys, and advertisements. |
| Spyware | Sites that are known to distribute or contain code that displays unwanted advertisements or gathers user information without the user's knowledge. |
| Typosquatting & Impersonation | Domains registered by malicious actors that target users who incorrectly type a website address into their browser. |
Content categories
| Categories | Subcategories |
| Ads | Advertisements |
| Adult Themes |
Adult Themes Nudity Pornography |
| Blocked |
Child Abuse |
| Business & Economy |
Business Economy & Finance |
| Education |
Education Educational Institutions Science Space & Astronomy |
| Entertainment |
Arts Audio Streaming Cartoons & Anime Comic Books Entertainment Fine Art Gaming Home Video/DVD Humor Magazines Movies Music News & Media Paranormal Radio Television Video Streaming |
| Gambling | Gambling |
| Government & Politics |
Government Politics, Advocacy, and Government-Related |
| Health |
Health & Fitness Sex Education |
|
Internet Communication |
Chat Forums Information Security Instant Messengers Internet Phone & VOIP Messaging P2P Personal Blogs Photo Sharing Webmail |
| Job Search & Careers | Job Search & Careers |
| Miscellaneous |
Miscellaneous Redirect |
| Questionable Content |
Deceptive Ads Drugs Hacking Militancy, Hate & Extremism Profanity Questionable Activities Unreliable Information |
| Real Estate | Real Estate |
| Religion | Religion |
| Safe for Kids | Safe for Kids |
| Security Risks |
Login Screens New Domains Newly Seen Domains No Content Parked & For Sale Domains Unreachable |
| Shopping & Auctions |
Auctions & Marketplaces Coupons Ecommerce Shopping |
| Society & Lifestyle |
Abortion Arts & Crafts Astrology Body Art Clothing Dating & Relationships Digital Postcards Fashion Food & Drink Hobbies & Interests Home & Garden Jewelry LGBTQ Lifestyle Lingerie & Bikini Parenting Pets Photography Professional Networking Sexuality Social Networks Swimsuits Tobacco |
| Sports | Sports |
| Technology |
APIs Content Servers File Sharing Information Technology News, Portal & Search Search Engines Technology Translator |
| Travel | Travel |
| Vehicles | Vehicles |
| Violence |
Violence Weapons |
| Weather | Weather |
Technology content category
We advise against blocking the technology content category as most of the domains for My Account and e-commerce activity are included in that category. If you are blocking this category, add these to the allow list:
|
Domain |
Subcategories |
|
avangate.net |
Technology |
|
assets.adobedtm.com |
Content Servers, Technology |
|
www.paypalobjects.com |
Content Servers, Technology |
|
static.criteo.net |
Technology |
|
api.airbrake.io |
Technology |
|
www.google-analytics.com |
Technology |
|
clientservices.googleapis.com |
Technology |
|
js.authorize.net |
Technology |
|
google.com |
Search Engines, Technology |
|
www.googletagmanager.com |
Technology |
|
unpkg.com |
Technology |
|
intellimize.co |
Technology |
|
demandbase.com |
Technology |
|
www.redditstatic.com |
Technology |
Return to Malwarebytes Nebula DNS Filtering guide.