DNS Guard is a solution that protects your network actively by monitoring and filtering DNS traffic. A Site is a server that processes your DNS queries. In this article, we'll deep-dive into the specifics of a DNS Guard.
DNS Flow
When a device wants to connect with a website, server, or other destination, it will use DNS to look up an IP address. The simplified process looks like this:
The DNS server can be compared with a very large phone book. It knows the IP addresses of many destinations on the internet.
When DNS Guard is used, the device won't query a "normal" DNS server but will query the SecurityHive DNS Guard Site. It is a DNS server that has the ability to monitor, filter and protect the traffic. It filters out bad traffic and prevents a device from connecting to a malicious or unwanted destination.
Functions of a DNS Guard Site
A DNS Guard server is a single instance with a configured set of rules. Creating one or more DNS Guard Sites in your environment is possible.
A DNS Guard Site has the following properties:
Filter traffic based on filter lists (popular lists maintained by open-source projects to block unwanted traffic).
Filter traffic based on categories (like Tracking, Phishing, Porn, Ransomware, Crypto, Piracy, Gambling Torrent, Drugs, Fraud, and more).
Filter traffic based on customizations (block or allow specific destinations yourself).
Filter traffic based on our Threat Intelligence Feeds (real-time updates of potential security threats).
Enable/disable filtering (disabled option only resolves traffic).
Enable Cache Boost (enforce a minimal TTL to increase cache hits and gain a performance boost).
Specify upstream DNS servers.
Receive/answer DNS over HTTPS (DoH) requests
Receive/answer plain DNS queries
Getting started is very easy. Create a DNS Guard Site in the Portal and configure your device(s) and network to use DNS Guard.