Configure DNS Filtering rules using the Rules tab on the DNS Filtering page. Assign rules to a Nebula policy, select which security and content categories to block, and specify domains to allow and block. Configuring access for a domain will include its subdomains, but configuring access for a subdomain will not include the entire domain.
CAUTION - Before configuring a DNS rule, enter global exclusions for your internal domains to prevent them from being blocked. For more information, see Create global DNS Filtering exclusions in Nebula.
We also recommend creating a test DNS Filtering rule against a small number of endpoints before a broader deployment. For more information, see Test DNS Filtering in Nebula
Select a topic below to learn more:
Create DNS Filtering rule
- On the left navigation menu, go to Monitor > DNS Filtering.
- In the top left, select the Rules tab.
- In the top right, click New.
- Enter a name for the DNS Rule.
- Check the box for one or more policies and click Next to proceed to the Categories tab.
Note: Each policy can only have one DNS rule applied. - Use the look up domain categories field to search and display the category for a domain. If a domain is incorrectly categorized, see Feedback to CloudFlare.
- Expand Security categories to review and modify the preselected security categories.
Note: The recommended protection from Malwarebytes is enabled by default with the Use preconfigured settings toggle. - Expand Content categories and toggle on all desired categories and subcategories to block.
Note: Expand the category's arrow iconfor more granular control. Toggle on specific subcategories without blocking the entire category.
CAUTION - Blocking content categories such as Technology may cause popular business domains to be blocked mistakenly. For more information, see Technology content category.
- Click Next to proceed to the Allow tab.
- Enter a domain or subdomain and click Add.
- Click Upload a bulk domain list to upload multiple domains at once with a CSV file. The file should only contain a single column with the domains listed. A template file can be downloaded with the Download a file list template button.
- Click Next once all domains or subdomains have been added to proceed to the Block tab.
- Enter a domain or subdomain and click Add.
- Click Upload a bulk domain list to upload multiple domains at once with a CSV file. The file should only contain a single column with the domains listed. A template file can be downloaded with the Download a file list template button.
- Click Complete once all domains or subdomains have been added.
Note: Add domains to the allow list of your DNS rules if you require access to a domain that was blocked.
Feedback to Cloudflare
If a domain is incorrectly categorized, send feedback to Cloudflare here. Search for the domain, then suggest any additional categories on the left side, or remove the currently recognized categories from the right side, then click Submit.
Categories
The available security and content categories are listed below.
Security categories
| Categories | Description |
| Anonymizer | Sites that allow attackers to hide their IP addresses. |
| Command and Control & Botnet | Sites that are queried by compromised devices to exfiltrate information or potentially infect other devices in a network. |
| Cryptomining | Sites that mine cryptocurrency by taking over the user's computing resources. |
| DNS Tunneling | Domains with detected DNS tunneling activity. |
| Domain Generation Algorithm | Domains detected as generated by algorithms seen in malware. |
| Malware | Sites hosting malicious content and other compromised websites. |
| Phishing | Domains that are known for stealing personal information. |
| Private IP Address | Domains that resolve to private IP Addresses. |
| Spam | Sites that are known for targeting users with unwanted sweepstakes, surveys, and advertisements. |
| Spyware | Sites that are known to distribute or contain code that displays unwanted advertisements or gathers user information without the user's knowledge. |
| Typosquatting & Impersonation |
Domains registered by malicious actors that target users who incorrectly type a website address into their browser, such as gooogle.com instead of google.com. This is a common technique used in phishing attacks. |
Content categories
| Categories | Subcategories |
| Ads | Advertisements |
| Adult Themes |
Adult Themes Nudity Pornography |
| Blocked |
Child Abuse |
| Business & Economy |
Business Economy & Finance |
| Education |
Education Educational Institutions Science Space & Astronomy |
| Entertainment |
Arts Audio Streaming Cartoons & Anime Comic Books Entertainment Fine Art Gaming Home Video/DVD Humor Magazines Movies Music News & Media Paranormal Radio Television Video Streaming |
| Gambling | Gambling |
| Government & Politics |
Government Politics, Advocacy, and Government-Related |
| Health |
Health & Fitness Sex Education |
|
Internet Communication |
Chat Forums Information Security Instant Messengers Internet Phone & VOIP Messaging P2P Personal Blogs Photo Sharing Webmail |
| Job Search & Careers | Job Search & Careers |
| Miscellaneous |
Miscellaneous Redirect |
| Questionable Content |
Deceptive Ads Drugs Hacking Militancy, Hate & Extremism Profanity Questionable Activities Unreliable Information |
| Real Estate | Real Estate |
| Religion | Religion |
| Safe for Kids | Safe for Kids |
| Security Risks |
Login Screens - Login screens not included in other categories. New Domains - Domains registered within the past 30 days. Newly Seen Domains - Domains that have resolved for first time in the past 30 days. No Content - Domains that are not connected to a hosting service. Parked & For Sale Domains - Domains that are not connected to a hosting service Unreachable - Domains that resolve to unreachable IP addresses. Note: New Domains and Newly Seen Domains are mitigate against attackers who have created a temporary domain for phishing, command and control, and other attacks. |
| Shopping & Auctions |
Auctions & Marketplaces Coupons Ecommerce Shopping |
| Society & Lifestyle |
Abortion Arts & Crafts Astrology Body Art Clothing Dating & Relationships Digital Postcards Fashion Food & Drink Hobbies & Interests Home & Garden Jewelry LGBTQ Lifestyle Lingerie & Bikini Parenting Pets Photography Professional Networking Sexuality Social Networks Swimsuits Tobacco |
| Sports | Sports |
| Technology |
APIs Content Servers File Sharing Information Technology News, Portal & Search Search Engines Technology Translator |
| Travel | Travel |
| Vehicles | Vehicles |
| Violence |
Violence Weapons |
| Weather | Weather |
Technology content category
We advise against blocking the technology content category as most of the domains for My Account and e-commerce activity are included in that category. If you are blocking this category, add these to the allow list:
|
Domain |
Subcategories |
|
avangate.net |
Technology |
|
assets.adobedtm.com |
Content Servers, Technology |
|
www.paypalobjects.com |
Content Servers, Technology |
|
static.criteo.net |
Technology |
|
api.airbrake.io |
Technology |
|
www.google-analytics.com |
Technology |
|
clientservices.googleapis.com |
Technology |
|
js.authorize.net |
Technology |
|
google.com |
Search Engines, Technology |
|
www.googletagmanager.com |
Technology |
|
unpkg.com |
Technology |
|
intellimize.co |
Technology |
|
demandbase.com |
Technology |
|
www.redditstatic.com |
Technology |
Return to Malwarebytes Nebula DNS Filtering guide.