We need to isolate the vendor traffic and we do not want this traffic to talk to our internal DNS server for DNS queries.
Is it safe to use google dns server and then apply dns sinkhole?
We can use the security policies app based and then apply app default.
I can use all the security profiles for the security rules.
This way can we protect the DNS attack in our environment?
Solved! Go to Solution.
To control something like this you would simply create a security policy allowing the vendor's source address to utilize an external DNS server such as Google, Quad9s, or OpenDNS. You can still utilize sinkhole and everything will work perfectly fine.
As for the security of allowing external DNS you actually don't get any security from running internal DNS servers over a trusted DNS service. Your internal DNS servers still need to have reqursive lookups, so you'll likely already allowing external DNS from your DNS servers already. As long as you don't fully open up DNS to any external host your security level would be the same.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!