You don't always have full control of the devices in your network or don't want to install an agent on these devices. That's where IP linking comes in useful. You can configure our external DNS servers in your firewall without installation.

You can force your clients to use these DNS servers via DHCP or use them as an upstream for your firewall or domain controller. Your external (WAN) IP gets linked to your DNS Guard server to match queries.

In this example, your company is called "John Doe Company". You have a network with a firewall and multiple clients. Your clients query your internal firewall (or domain controller). Your firewall has the DNS Guard IP addresses configured as upstream. When the DNS requests enter the SecurityHive datacenter, smart software will couple requests from your external IP with your DNS Guard server.

Go to your DNS Guard server in the SecurityHive Portal. You will need to go to the Settings tab for this change.

Click the circle arrow to link the external WAN IP you're browsing from with this DNS Guard server. That's all! You can now configure your firewall, domain controller, VPN server, and other devices to use the DNS servers mentioned on your DNS Guard server page. The queries will be linked to your DNS Guard, and the ruleset will apply.

Note: if you want to link a network with devices in a domain-joined network, configure the DNS servers as upstream of your domain controller. This way, your domain controller will handle internal DNS, and only external traffic goes to the DNS Guard server.

For optimal protection, it's recommended to create firewall rules to block all DNS queries except for queries from your clients to your firewall/domain controller (internal DNS server). If you still allow DNS queries to other destinations like Google (8.8.8.8) and Cloudflare (1.1.1.1), a user or hacker can still bypass your security measures.