Add a DNS Destination List

Destination lists are used to control identity access to websites. You add destinations to a destination list and then add that destination list to a policy. A DNS policy only supports DNS destination lists. A DNS destination list can include the following destination types:

  • Domain—block and allow lists
  • URL—block list only
  • IPv4—allow list only
  • CIDR—allow list only

You can add a DNS destination list to Umbrella at any time. If you add a DNS destination list through the DNS policy wizard, that DNS destination list immediately becomes part of that DNS policy and immediately takes effect. If you add a DNS destination list through Umbrella's policy components, you must add it to a DNS policy before it comes into effect.

Note: A DNS destination list is used only with DNS policies.

When adding new destination lists to Umbrella, there are a few things that you should take into consideration. Allow destination lists always take precedence over block destination lists. Allow destination lists also take precedence over security-related blocks. Thus, if a domain is being blocked incorrectly, adding it to a destination allow list allows access. For example:

  • Blocking and adding to an allow destination list will still allow
  • Adding to tan allow destination list and blocking will still allow
  • Adding to a block destination list, and to an allow destination list, assuming both lists are applied to the same policy, results in Umbrella allowing access to

Always add domains in the format "" rather than to ensure * is included (a wildcard is implicit). However, if you only wish to block, then be more specific when you define the entry here.

Note: Your destination list must be compatible with the policy type: Web or DNS.

  1. Navigate to Policies > Policy Components > Destination Lists and click Add.
  1. Give your destination list a good descriptive List Name.
    Note: There is a minimum three-character limit when searching for a destination list. We recommend that your Web destination list name be at least three characters long. For more information, see Search for a Destination List.
  1. From the This Destination List Type drop-down list, choose DNS Policies.

  2. Select Blocked or Allowed

  3. Add destinations.
    Instead of adding destinations one at a time, you can bulk upload destinations through a text file. For more information, see Add Destinations in Bulk.

  4. Click Save.

    This new DNS destination list is now available for selection when you add a DNS policy.


Manage Destination Lists < Add a DNS Destination List to a Policy > Add a Web Destination List