Restricting DNS lookups on the ProxySG
search cancel

Restricting DNS lookups on the ProxySG

book

Article ID: 166878

calendar_today

Updated On:

Products

ProxySG Software - SGOS Advanced Secure Gateway Software - ASG

Issue/Introduction

Restricting DNS lookups on the ProxySG
You want to restrict DNS lookup

Resolution

The DNS lookup restriction list is a list of domain names that apply globally, regardless of policy layer definitions. Once a domain name is added to the list, DNS lookup requests do not occur for that domain name while policy is evaluated. To create or modify the DNS Lookup Restriction list:

  1. From the VPM menu bar, select Configuration > Set DNS Lookup Restrictions; the Set DNS lookup restrictions dialog appears. The default is None; no domain names are restricted.
  2. To restrict every domain name, select All.
  3. To add specific domain names, perform the following steps.
    1. Select Listed Host Patterns. This enables the Host Patterns field.
    2. Click Add; the Add Host Pattern dialog appears.
    3. Enter a domain name; click OK.
    4. Repeat to add other domain names.
    5. Click OK.

Additional Information

DNS restrict suppress any DNS resolution triggered by the policy, eg web site categorization, SAN/CN entries DNS resolution etc. Cause many of policy gestures requires/relies on DNS.

However it will not stop DNS resolution for proxy upstream connectivity since proxy needs to know how to reach destination server based on FQDN from the HTTP request