Business Use Case
Large university with 32,000+ students. Security administrator wanted to identify usage of external DNS servers. They were worried that clients were using bad DNS servers. Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to on the Internet. By controlling DNS, a criminal can get an unsuspecting user to connect to a fraudulent website or to interfere with that user’s online web browsing.
An DNS server report was created using a whitelist of approved DNS servers. 11 clients were found to be using a DNS server hosted in China which are referenced on this page.
How to setup an alert if a network device is using an unauthorized DNS server
- Create a DNS server whitelist
- Create a custom DNS server report using this whitelist
- Use alerts based on reports feature to generate an alert if unauthorized DNS server activity is detected