SonicOS/X 7 Network DNS

Technical Documentation> Configuring DNS Security> Configuring DNS Tunnel Detection

SonicOS and SonicOSX 7
Configuring DNS Settings
Configuring Dynamic DNS
- About Dynamic DNS
  - Supported DDNS Providers
- Dynamic DNS Profiles
Configuring DNS Proxy Settings
Configuring DNS Security
SonicWall Support
- About This Document

Configuring DNS Tunnel Detection

DNS tunneling is a method of bypassing security controls and exfiltrating data from a targeted organization. A DNS tunnel can be used as a full remote-control channel for a compromised internal host. Capabilities include Operating System (OS) commands, file transfers, or even a full IP tunnel.

SonicOS/X provides the ability to detect DNS tunneling attacks, displays suspicious clients, and allows you to create white lists for DNS tunnel detection.

When DNS tunneling detection is enabled, SonicOS/X logs whenever suspicious DNS packets are dropped.

DNS Tunneling settings can be made at the group or unit level.

Configuring DNS Tunneling Detection
Viewing Detected Suspicious Clients
Creating DNS Tunnel Detection White Lists
Deleting DNS Tunnel Detection White List Entries

< Prev Section

Next Section >

SonicOS/X 7 Network DNS

Table of Contents

Configuring DNS Tunnel Detection