Hello all,
I wanted to ask if there is any way to configure Netskope to block all DNS revolving of public DNS namens by default?
We want to manually specify a list of FQDNs or Domain-Wildcards to be allowed to resolve (ie. *.teams.microsoft.com or dns.msftncsi.com).
We saw the option to Blackliste a FQDN or Domain-Wildcard in the DNS profile but there seems no option to block ALL except of ...
Best regards
Stefan
Best answer by sartioli
Hi Stefan,
today Netskope DNS security is not meant to be a fully comprehensive DNS filtering solution, so it lacks the ability to block "everything" unless explicitly allowed in the "Allow List".
As part of the DNS Security improvements we're looking to expand the DNS Security capabilities introducing APIs for the Allow and Block Lists management, potentially expand the DNS Categorisation outside Security categories, etc.
The use case you describe is indeed a possible valid use case for DNS Security, so I ask you to work with your Netskope representatives to create an Enhancement Request (ER) for the ability to specify a DNS profile that blocks all requests except for records, domains and FQDNs in the Allow List.
Regards,
Stefano Artioli
Global Solutions Architect - Netskope
Hi Stefan,
today Netskope DNS security is not meant to be a fully comprehensive DNS filtering solution, so it lacks the ability to block "everything" unless explicitly allowed in the "Allow List".
As part of the DNS Security improvements we're looking to expand the DNS Security capabilities introducing APIs for the Allow and Block Lists management, potentially expand the DNS Categorisation outside Security categories, etc.
The use case you describe is indeed a possible valid use case for DNS Security, so I ask you to work with your Netskope representatives to create an Enhancement Request (ER) for the ability to specify a DNS profile that blocks all requests except for records, domains and FQDNs in the Allow List.
Regards,
Stefano Artioli
Global Solutions Architect - Netskope
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
