Using External DNS server

Reply
Highlighted
L4 Transporter

Using External DNS server

 

We need to isolate the vendor traffic and we do not want this traffic to talk to our internal DNS server for DNS queries.

Is it safe to use google dns server and then apply dns sinkhole?

We can use the security policies app based and then apply app default.

I can use all the security profiles for the security rules.

 

This way can we protect the DNS attack in our environment?

L7 Applicator

Re: Using External DNS server

@MP18,

To control something like this you would simply create a security policy allowing the vendor's source address to utilize an external DNS server such as Google, Quad9s, or OpenDNS. You can still utilize sinkhole and everything will work perfectly fine. 

As for the security of allowing external DNS you actually don't get any security from running internal DNS servers over a trusted DNS service. Your internal DNS servers still need to have reqursive lookups, so you'll likely already allowing external DNS from your DNS servers already. As long as you don't fully open up DNS to any external host your security level would be the same. 

L4 Transporter

Re: Using External DNS server

Many Thanks BPry!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!