Overview
IP filters are a part of our GeoDNS suite. Filters allow you to optimize your traffic with custom geographic-based rules, thus providing you with more control over your domain. In this tutorial, we will demonstrate how to configure IP filter rules to block segments of traffic. In this example, we will be using an A Record, but the same steps would apply if using AAAA, CNAME, or ANAME records as well.
Common Use Case for Using IP Filter Rules to Block Traffic
In Constellix, you have the ability to block traffic by location, ASN, or IPv4 and IPv6 subnets. This is especially useful for stopping DDoS attacks or managing suspicious or malicious activity as the traffic will be unable to access your systems. When an IP Filter is applied to a record with the intent to block traffic, our nameservers will automatically drop queries from any requests that match the rule criteria.
Prerequisites
- GeoIP services have been enabled for your domain
- You have created a record of the same type with the World (Default) IP Rule setting applied to it
- You have made or imported a record for your custom IP filter or have a basic understanding of creating DNS records
How to Block Traffic With IP Filters
1: Log in to the Constellix
In the Constellix dashboard, select your domain from the Recently Updated Domains list or search for the domain in the top-left search bar.
2. Edit or Create Record the IP Filter Will Be Applied To
Select the A record you want to apply the IP filter to and click the gray edit icon (or click the green + button if creating a new record).
3. Select Filter Rule
In the Edit A Record pop-up window, click on the IP Filter option and select the appropriate filter. Remember, you should have already created a record of the same type that has World (Default) settings applied to it.
If you are creating a new record, be sure to fill out the Name and TTL values before moving on to the next step (IP information is unnecessary as we are configuring the filter to block traffic).
4. Configure Filter to Block Traffic
Next, tick the checkbox beside the Drop Query for Selected IP Filter option. As you will see, once you choose this option, the Standard IP section is no longer available.
Any queries that match this filter’s criteria will now be dropped and unable to access your system. Make any notes pertaining to this record and filter (optional), and then select Save and Close to complete the configuration.
5. Commit Changes
After saving, you will be prompted to review and apply changes.
Tap “click here” to commit the change. If you need help with this step, visit our Committing Changes in Constellix DNS tutorial.