Skip to content

DNS Protection

DNS Protection provides a globally available secure DNS resolution service with integrated policy controls and reporting in Sophos Central. It uses SophosLabs' real-time threat intelligence to protect your organization from malicious domain activity and allows you to define policies or domain lists according to your corporate policies.

To use DNS Protection, you must add the locations you want to protect to Sophos Central by specifying the public IP addresses of their networks. You must then update the DNS settings on your networks to use DNS Protection for resolving DNS requests. DNS Protection will always block sites SophosLabs flags as a threat or security risk. So, any DNS requests coming from your account will be protected.

You can also create your own policies to allow and block domains individually or by category and assign them to locations.

For domains you've blocked, users can see a message (HTTPS response) explaining why these domains are blocked. To show this HTTPS response, ensure you install the DNS Protection root certificate in users' browsers.

You can use logs and reports to check whether or not DNS requests are going through DNS Protection and troubleshoot other issues with DNS Protection.

The DNS Protection dashboard shows the usage summary, a graph of the web gateway traffic, and a table highlighting the number of queries for the top domains in the last seven days.

Note

DNS Protection is an IPv4-based DNS service that's also capable of resolving IPv6 addresses. You don't need a separate IPv6 DNS server to resolve IPv6 addresses.

Set up DNS Protection

Restriction

To set up DNS Protection, you must do as follows:

  1. Add locations you want to protect. See Locations.
  2. Set up your network. See Set up your network.
  3. Add policies. See Policies.

Here's a video of the DNS Protection initial setup:

For DNS fundamentals, see the following video:

Role-based access control (RBAC)

DNS Protection access depends on the administration roles you've defined in Sophos Central. For more information, see Administration Roles.