Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=DNS-protection

DNS Protection

DNS Protection provides a globally available secure DNS resolution service. It prevents your users from accessing domains that don't comply with your corporate policy.

To use DNS Protection, you must add the locations you want to protect to Sophos Central by specifying the public IP addresses of their networks. You must then update the DNS settings on your networks to use DNS Protection for resolving DNS requests. You can now create policies for these locations to allow or block domains.

For domains you've blocked, users can see a message (HTTPS response) explaining why these domains are blocked. To show this HTTPS response, ensure you install the DNS Protection root certificate in users' browsers.

You can use logs and reports to check whether or not DNS requests are going through DNS Protection and troubleshoot other issues with DNS Protection.

The DNS Protection dashboard shows the usage summary, a graph of the web gateway traffic, and a table highlighting the number of queries for the top domains in the last seven days.

Set up DNS Protection

To set up DNS Protection, you must do as follows:

  1. Add locations you want to protect. See Locations.
  2. Set up your network. See Set up your network.
  3. Add policies. See Policies.