Add a DNS Destination List

Destination lists are used to control identity access to websites. You add destinations to a destination list and then add that destination list to a policy. A DNS policy only supports DNS destination lists. A DNS destination list can include the following destination types:

  • Domain—block and allow lists
  • URL—block list only
  • IPv4—allow list only

You can add a DNS destination list to Umbrella at any time. If you add a DNS destination list through the DNS policy wizard, that DNS destination list immediately becomes part of that DNS policy and immediately takes effect. If you add a DNS destination list through Umbrella's policy components, you must add it to a DNS policy before it comes into effect.

Note: Your destination list must be compatible with the policy type: Web or DNS. A DNS destination list is used only with DNS policies.

When adding new destination lists to Umbrella, there are a few things that you should take into consideration. Allow destination lists always take precedence over block destination lists. Allow destination lists also take precedence over security-related blocks. Thus, if a domain is being blocked incorrectly, adding it to a destination allow list allows access. For example:

  • Blocking and adding to an allow destination list will still allow
  • Adding to an allow destination list and blocking will still allow
  • Adding to a block destination list, and to an allow destination list, assuming both lists are applied to the same policy, results in Umbrella allowing access to

Always add domains in the format "" rather than to ensure * is included (a wildcard is implicit). However, if you only wish to block, then be more specific when you define the entry here.

Note: Destination lists accept domain names encoded in Punycode. For more information, see Add Punycode Domain Name to Destination List.



  1. Navigate to Policies > Policy Components > Destination Lists and click Add.
  1. Give your destination list a good descriptive List Name.
  1. From the This Destination List is Applied To drop-down list, choose DNS Policies.
  2. Select Blocked or Allowed.
  3. Add destinations.
    Instead of adding destinations one at a time, you can bulk upload destinations through a text file. For more information, see Add Destinations in Bulk.
  4. Click Save.
    This new DNS destination list is now available for selection when you add a DNS policy.

Manage Destination Lists < Add a DNS Destination List to a Policy > Add a Web Destination List