To allow your networks to access DNS Protection and define policies, you must add locations to Sophos Central. DNS Protection uses locations to identify DNS requests from your organization's networks.
Add all the deployment regions you want to protect as locations. You can add multiple networks to the same location or split them into separate locations.
You define a location by specifying the IP address your network's traffic originates from. It's usually the IP address of your router's WAN interface. Your network may use more than one address for this purpose.
You can define a location in the following ways:
- As an IP address (for example, 100.100.100.100)
- As a hostname or FQDN that resolves to the IP address of your network (for example, vancouver-edge.example.com)
The Locations page lists all the locations you've defined, the description, and the number of IP addresses or FQDNs configured for the location.
What if my IP address changes frequently?
Many internet service providers don't guarantee you'll always be allocated the same IP address. Your IP address may, therefore, change from time to time.
If this applies to you, you can still use DNS Protection using a third-party Dynamic DNS service (DDNS).
DDNS services allow you to register and define a DNS hostname that will always resolve to your IP address. The services provide simple tools or APIs to allow you to securely and regularly update the IP address information whenever it changes. Once you've registered a DDNS hostname for your IP address and set up the mechanism to keep it up to date, you can use the hostname to configure your location instead of the IP address.
If you're using Sophos Firewall as your router, you can use the DDNS feature of the firewall to keep your DDNS entry up to date with your network's IP address. For Sophos Firewall, see Add a dynamic DNS provider.
When your IP address changes, users may lose access for some time. This time depends on how long your DDNS service takes to update the IP address and how long DNS Protection takes to check the IP address changes. DNS Protection checks IP address changes every minute and takes eight seconds to update the cache.
DNS Protection supports the following DDNS services:
- Google DDNS