Follow

Critical Targets for DNSDefense Policies

This is important for customers who have created policies from scratch. All policies for DNS devices should include the following targets to avoid people on the network from circumventing DNS defense and getting infected.

Targets:

Apple Private Relay FQDNs - Domains

DNS over HTTPS Servers - Domains

DOH Providers - IPs


These are included in default policies now, so if you make a new policy by copying one of ours it should be there, but always check to be safe, as these services are designed to circumvent company set DNS providers but don't provide any protection.

Was this article helpful?
0 out of 0 found this helpful

Comments