Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=DNS-protection-locations

Locations

To allow your networks to access DNS Protection and define policies, you must add locations to Sophos Central. DNS Protection uses locations to identify DNS requests from your organization's networks.

Add all the deployment regions you want to protect as locations. You can add multiple networks to the same location or split them into separate locations.

You define a location by specifying the IP address your network's traffic originates from. It's usually the IP address of your router's WAN interface. Your network may use more than one address for this purpose.

You can define a location in the following ways:

  • As an IP address (for example, 100.100.100.100)
  • As a hostname or FQDN that resolves to the IP address of your network (for example, vancouver-edge.example.com)

The Locations page lists all the locations you've defined, the description, and the number of IP addresses or FQDNs configured for the location.

To delete a location, select a location and click Delete.

Default location

DNS Protection only creates the Default location if you've joined the Workspace Protection early access program (EAP).

DNS Protection uses the Default location if you don't add other locations. It's configured to use the Secure DNS method, which sends DNS traffic over HTTPS. So, use it for devices that can process secure DNS traffic. You can add it to the Endpoint DNS Protection policy and the policies in DNS Protection.

Note

You can't edit or delete the default location.

To see the Default location's details, go to My Products > DNS Protection > Locations and click Default.

What if my IP address changes frequently?

Many internet service providers don't guarantee you'll always be allocated the same IP address. Your IP address may, therefore, change from time to time.

If this applies to you, you can still use DNS Protection using a third-party Dynamic DNS service (DDNS).

DDNS services allow you to register and define a DNS hostname that will always resolve to your IP address. The services provide simple tools or APIs to allow you to securely and regularly update the IP address information whenever it changes. Once you've registered a DDNS hostname for your IP address and set up the mechanism to keep it up to date, you can use the hostname to configure your location instead of the IP address.

If you're using Sophos Firewall as your router, you can use the DDNS feature of the firewall to keep your DDNS entry up to date with your network's IP address. For Sophos Firewall, see Add a dynamic DNS provider.

Warning

When your IP address changes, users may lose access for some time. This time depends on how long your DDNS service takes to update the IP address and how long DNS Protection takes to check the IP address changes. DNS Protection checks IP address changes every minute and takes eight seconds to update the cache.

DNS Protection supports the following DDNS services:

  • DynDNS
  • DynAccess
  • EasyDNS
  • ZoneEdit
  • Google DDNS
  • Namecheap
  • DNS-O-Matic
  • No-IP
  • FreeDNS
  • Cloudflare