DNS
The DNS proxy is a proxy server that intercepts DNS queries and
answers them, without the need to contact a remote DNS server each
time it is necessary to resolve an IP address or a hostname. When a
same query is often repeated, caching its results locally may sensibly
improve performances. The available settings for the DNS proxy are
grouped into three tabs.
A few options for the DNS proxy can be configured in this page.
- Transparent on Green, Transparent on Blue, Transparent on Orange
- Enable the DNS proxy as transparent on the GREEN, BLUE, and ORANGE
zone, respectively. They appear only if the corresponding zones
are enabled.
Specific sources and destinations can be set up to bypass the proxy by
filling in their values in the two text areas.
- Which sources may bypass the transparent Proxy
- Allow the sources under the corresponding text area not to be
subject to the DNS scanning. The sources can be specified as IP
addresses, networks, or MAC addresses.
- Destinations to which bypass the transparent Proxy
- Allow the destinations under the corresponding text area not to
be subject to the DNS proxy scanning. The destinations can be
specified as IP addresses or networks.
This page allows the management of custom domain - nameservers
pairs. In a nutshell, whenever a sub-domain of a domain is queried,
the corresponding nameserver in the list will be used to resolve the
domain into the correct IP address.
A new domain - nameserver combination can be added by clicking on the
Add new custom nameserver for a domain link. When adding
an entry, a few values can be entered for the various options
available:
- Domain
- The domain for which to use the custom nameserver.
- DNS Server
- The IP address of the nameserver.
- Remark
- An additional comment.
On each domain in the list, these actions can be carried out:
- edit the rule.
- delete the rule.
This page presents configuration options about the reaction of the
Panda GateDefender Appliance when asked to resolve a domain name that is known to be
either used to propagate spyware or that serves as phishing site. The
options that can be set are:
- Enabled
- The requests are redirected to localhost. In other words, the
remote site will neither be contacted nor reachable.
- Whitelist domains
- Domain names that are entered here are not treated as spyware
targets, regardless of the list’s content.
- Blacklist domains
- Domain names that are entered here are always treated as spyware
targets, regardless of the list’s content
- Spyware domain list update schedule
- The update frequency of the spyware domain list. Possible
choices are Daily, Weekly, and Monthly. By
moving the mouse cursor over the respective question mark, the
exact time of the update execution is shown.
Hint
to download updated signatures, the system must be
registered to Panda Perimetral Management Console.