Is there something that I would be looking at when setting up a new outgoing DNS protocol. When setting up a new IP Address within the firewall for the outgoing DNS Protocol? Any help would be appreciated.

0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity



If I understand your question, you are trying to setup your firewall with external DNS servers. 

If that is the case, best practices are typically to either use the DNS server IPs utilized by your ISP, or to use something like, which is the IP of google DNS servers. Some people like to do both.

Hope that helps.

Answered 10/09/2012 by: matthall
Purple Belt

Please log in to comment

Since we don't have a need for any outside DNS server to contact our internal network, we block almost all incoming ports. We do have our outgoing ports open so any external DNS server addresses that we add are done on our internal domain controllers. That way if we changed, nothing would have to be done on the firewall. 

We use OpenDNS as our external DNS servers since they allow us to block certain categories of sites like pr0n, streaming media, bit torrents, etc. It has made managing the traffic a lot easier.

Answered 10/24/2012 by: cyclopssecurity
White Belt

Please log in to comment