Configuring DNS Filtering

Prerequisite

To use DNS Filtering, user has to do the following configurations:

• Ensure DNS Filtering is licensed under Gateway Services in the license page

• Add/Edit/Delete DNS policy manually in the Policy > Rules and Polices > DNS Rules. For more information on adding DNS policy, refer to the SonicOS Rules and Policies guide

• Add/Edit/Delete DNS Profile in the Object > Profile Objects> DNS Filtering. For more information on adding DNS policy, refer to the SonicOS Objects guide

• Set the DHCP DNS Server Lease Scopes interface as the interface IP of firewall in the Dynamic Range Configuration. For more information on adding Dynamic, refer to the SonicOS system guide

• Enable Enforce DNS Proxy For All DNS Requests at DNS Proxy settings in the Network > DNS > DNS Proxy

To configure Global settings

1. Navigate to POLICY | DNS Security > Settings.
2. Hover over to the DNS Filtering tab.

   

3. Click the Global Settings tab. Enable the option Enable White List.

White List can be used for both DNS Sinkhole Service and DNS Filtering.

4. Configure both Forged IPv4 Address and Forged IPv6 Address.
5. Click Accept.

To configure Custom Domain

1. Navigate to POLICY | DNS Security > Settings.
2. Hover over to the DNS Filtering tab.
3. Click the Custom Domain tab.
4. Under Category Information, you can find the different type of categories and the categories explanation.

   

5. For each domain name you want to add as a custom domain name under the Config Custom Domain section:
   1. Click +Add. The Add DNS filter Custom Domain dialog displays.
   2. Enter the custom domain name in the Domain Name field.
   3. Select the category type from the drop-down in the Category field.
   4. Click Save.