This article explains how to manage the DNS settings of the SDP users in your account.
By default, Cato Networks provides DNS service for your account and acts as your DNS server. You can use the Cato Management Application to configure Cato to resolve private DNS servers.
When the DNS servers are configured for the entire account, the DNS server in the Cato Cloud attempts to resolve every DNS query sent over the Cato network. If the DNS query is not resolved, then Cato Cloud uses authoritative DNS to resolve the query. As a best practice, we recommend that you configure two different DNS servers to offer the best security, performance, and redundancy.
For more information about DNS settings for the entire account, see Configuring DNS Settings.
In addition to the default account DNS settings, the DNS Settings Policy lets you define different DNS settings for SDP users or groups. The DNS settings are applied from an ordered rulebase.
A company has Product Managers who are members of both the Product user group and the R&D user group. Product Managers are required to use the account level DNS settings, while R&D engineers need access to specific DNS servers.
The company creates the following rules within the DNS Setting policies:
Product Managers - this rule contains the Product user group and assigns the account DNS settings
R&D - this rule contains the R&D user group and has manually configured DNS settings
The DNS Settings policy rule for the Product Managers is higher than the R&D rule. The Product Managers first match the Product rule and receive the account DNS settings.
The DNS Setting Policy provides you with a central location to manage the DNS settings across your account. You can apply the account level DNS settings or define different DNS settings for SDP users, User groups, or operating systems. If a SDP user or device does not match any rule, the account DNS settings are applied by an implicit rule.
For more information about configuring DNS with Cato, see Best Practices for DNS and Your Cato Account.
The DNS Settings Policy is an ordered rulebase that sequentially checks if a SDP user and/or operating system match the rules defined in the policy. Once a SDP user or device matches a rule, the DNS settings defined in the rule are applied. Rules that are listed in the policy after the matching rule are not applied. If a SDP user or device does not match any rule, the account DNS settings are applied by an implicit rule.
You can apply the account DNS settings within a rule. This lets you apply the account DNS settings to SDP users or operating systems and create additional lower ranked rules.
An SDP user with DNS settings defined in the DNS Settings Policy that connects to the Cato Cloud in an office that is behind a Cato Socket or IPsec site, receives the DNS settings for the site.
For more information about Office Mode, see Configuring Office Mode.
DNS Forwarding rules forward any DNS queries with the specified domain names to resolve with a private DNS server. To use DNS Forwarding, use Cato as your DNS server. The DNS settings configured in the DNS Settings Policy take precedence over DNS Forwarding rules.
For more information about DNS Forwarding rules, see Defining DNS Forwarding Rules.
Use the DNS Settings Policy to mange your DNS settings.
To configure the DNS settings policy:
From the navigation menu, click Access > DNS settings Policy.
The New DNS Settings Policy Rule panel opens.
Enter a Name for the rule.
Define the Users & Groups, Platforms, and DNS Settings.
Repeat steps 2-5 for each rule in the DNS Policy.
Enable the DNS Settings Policy and then click Save.
The slider is green when the rule is enabled, and gray when the rule is disabled.