topic Using External DNS server in General Topics

Using External DNS server

MP18 — Mon, 17 Jun 2019 20:06:17 GMT

We need to isolate the vendor traffic and we do not want this traffic to talk to our internal DNS server for DNS queries.

Is it safe to use google dns server and then apply dns sinkhole?

We can use the security policies app based and then apply app default.

I can use all the security profiles for the security rules.

This way can we protect the DNS attack in our environment?

Re: Using External DNS server

BPry — Tue, 18 Jun 2019 02:28:29 GMT

@MP18,

To control something like this you would simply create a security policy allowing the vendor's source address to utilize an external DNS server such as Google, Quad9s, or OpenDNS. You can still utilize sinkhole and everything will work perfectly fine.

As for the security of allowing external DNS you actually don't get any security from running internal DNS servers over a trusted DNS service. Your internal DNS servers still need to have reqursive lookups, so you'll likely already allowing external DNS from your DNS servers already. As long as you don't fully open up DNS to any external host your security level would be the same.

Re: Using External DNS server

MP18 — Tue, 18 Jun 2019 20:25:09 GMT

Many Thanks BPry!