Using Trusted DNS Servers

This article lists the DNS servers Cato considers to be trusted.

Overview

The Global DNS services listed in this article are verified as secure, and together with the DNS servers configured for your account, are treated by Cato as trusted DNS servers. DNS servers not on this list, or not configured for your account, are considered as untrusted DNS servers.

The DNS behavior is different for trusted and untrusted DNS servers. For example, only requests to trusted DNS servers are inspected by PoPs. This means that the PoP applies the logic for several DNS-related features, including DNS Forwarding, Content Restriction, and sending DNS requests to multiple servers for resiliency. For untrusted DNS servers, the PoP does not apply this logic to the DNS requests.

The list of trusted servers is a global list with servers from various regions. This creates uniformity across all Cato PoPs so you can create the DNS configurations for your account. In the Cato Cloud infrastructure, DNS queries are only resolved by the DNS servers in the same region as the PoP. If a trusted server has a performance issue, Cato may resolve DNS queries with other well-known servers not on this list. These servers are not considered trusted servers.

Trusted DNS Servers

These are the DNS service Cato considers to be trusted:

  • 10.254.254.1 (Cato DNS server)

  • 8.8.8.8

  • 9.9.9.9

  • 1.1.1.1

Was this article helpful?

0 out of 0 found this helpful

0 comments