DNS Rule Order Evaluation

Rules in a DNS policy are numbered, starting at 1. The system matches traffic to DNS rules in top-down order by ascending rule number. In most cases, the system handles network traffic according to the first DNS rule where all the rule’s conditions match the traffic:

• For Monitor rules, the system logs the traffic, then continues evaluating traffic against lower-priority DNS Block list rules.

• For non-Monitor rules, the system does not continue to evaluate traffic against additional, lower-priority DNS rules after that traffic matches a rule.

Note the following regarding rule order:

• The Global Do-Not-Block List for DNS is always first, and takes precedence over all other rules.

• The Do-Not-Block List section precedes the Block List section; Do-Not-Block List rules always take precedence over other rules.

• The Global Block List for DNS is always first in the Block List section, and takes precedence over all other Monitor and Block list rules.

• The Block List section contains Monitor and Block list rules.

• When you first create a DNS rule, the system positions it last in the Do-Not-Block List section if you assign a Do Not Block action, or last in the Block List section if you assign any other action.

You can drag and drop rules to reorder them.