Query Resolution Policy (QRP) is a security feature in ManageEngine DDI Central that allows network administrators to resolve DNS queries for specific clients’ IP addresses in the Windows Microsoft server. This helps secure the confidential network resources of an organization by preventing unauthorized individuals from accessing them. Also, QRP can help categorize certain departments to permit and restrict access to network resources.
How QRP works?
QRP works based on a set of fields which need to be configured for different subnets. Here are the fields:
Client subnet:
Provide the specific client subnets that you want to resolve queries for and access network resources. QRP recognizes the IP address from the subnet whenever a query is sent by the client and resolves it.
Ex: When a client from the subnet range (12.12.12.1/24) sends a query for the domain name zylkerstores.com, QRP recognizes the IP address and resolves it.
Transport protocol:
Provide the transport protocol, TCP or UDP, from which you want to receive queries for resolving separately.
Ex: When clients send queries through TCP for domain name zylkerstores.com, provide response A (15.4.6.21). When the query is from UDP, provide response B (15.4.6.22).
Internet protocol:
Provide the network protocol, IPv4 or IPv6, of the clients’ IP address from which queries should be resolved.
Ex: When a client sends a query from an IPv4 address (10.10.10.1), provide response A (15.4.6.21). When a client sends query from IPv6 address (2001:db8:0:42:0:8a2e:370:7334), provide response B(15.5.6.21).
Full qualified domain name (FQDN):
Provide the FQDN for which the queries from specific client subnets should get resolved.
Ex: QRP, after matching the criteria with the client’s query request, will resolve the domain name zylkerstores.com, which is provided in it.
Query type:
Provide the specific query record type for resolving the queries sent by clients.
Ex: QRP will permit resolving the domain name zylkerstores.com when the query requesting TXT record or SRV record, which is given in the criteria.
Time of day:
Provide the time limit in which the query should be resolved and prevent queries exceeding the time limit.
Ex: Queries sent in between 8:00am-10:00pm will only get resolved for domain name zylkerstores.com and the rest will be restricted.
Exception-list:
Provide specific client subnets that you restrict from resolving the queries they send.
Ex: Queries sent from the subnet(12.12.12.3/24) which is given in the exception list will get redirected to the error page instead of resolving for the domain name zylkerstores.com.
Implement specific resolving for certain client subnets for accessing your organization’s network resources
QRP is essential for securing an organization’s network by defining how data requests are managed and resolved, ensuring that only legitimate queries receive responses. By implementing strict rules for query handling, the policy limits exposure to potential vulnerabilities, such as unauthorized access or data leaks. It plays a key role in monitoring and authenticating user requests, enabling the system to detect and respond to suspicious activity promptly.
Download a free, 30-day trial now to learn how you can utilize QRP in your organization!