When nothing matches, this will.
What is Default Rule
As the name (hopefully) suggests, this is a special Custom Rule, that is used as a catch-all. If a DNS query is not matched by a Filter, Service Rule, or any other Custom Rule, it will match the Default Rule in the end.
Much like with standard Custom Rules, one of 3 actions can be chosen.
A BLOCK action will prevent all domains from loading, that did not match any Service or Custom Rule. This is best used to create highly restrictive access policies where only whitelisted domains or Services will actually load. You probably shouldn't do this unless you have an extensive "allow list".
A BYPASS rule is the default action, which will resolve a domain to its true IP address from Authoritative DNS. If you're using Multiple Enforced Profiles, this is the anchor for your second profile to be enforced.
A REDIRECT rule will spoof all domains to a proxy location or specific IP address chosen by you, as long as they didn't match any of the Filters, Services or Custom Rules. This will mask the client's source IP address for all browsing activity (that uses DNS).
A redirect rule can be set to one of two modes:
- Auto - This will route your request to the closest Control D anycast location, and exit the request there. End-to-end IPv6 is supported.
- Manual - You can optionally specify the city where you want your traffic to exit. This performs a "double hop" from the closest Control D (Auto) location to the chosen city. This mode will be slower, and does not support IPv6 end-to-end.
Updated about 2 months ago