• SonicOS and SonicOSX 7
• Configuring DNS Settings
  • Configuring DNS for IPv4
    • Specifying which DNS Servers are Used
    • Enabling Proxy of Split DNS Servers
    • DNS Rebinding Attack Prevention
    • DNS Rebinding and Cache Lookup
    • Enabling DNS Host Name Lookup over TCP for FQDN
    • DNS Cache Lookup
  • Configuring DNS for IPv6
  • Configuring Domain-Specific DNS Servers for Split DNS
    • About Split DNS
      • About Per-Partition DNS Servers and Split DNS
    • Adding a Split DNS Server
    • Editing Split DNS Entries
    • Deleting Split DNS Entries
• Configuring Dynamic DNS
  • About Dynamic DNS
    • Supported DDNS Providers
  • Dynamic DNS Profiles
    • Configuring Dynamic DNS Profiles
    • Editing Dynamic DNS Profiles
    • Deleting Dynamic DNS Profiles
• Configuring DNS Proxy Settings
  • About DNS Proxy
    • Supported Interfaces
    • DNS Server Liveness Detection and Failover
    • DNS Cache
    • High Availability Stateful Synchronization of DNS Cache
    • DHCP Server
  • Enabling Log Settings
  • Monitoring Packets
  • Configuring DNS Proxy Settings
    • Enabling DNS Proxy
    • Configuring DNS Proxy Settings
    • Deleting Static DNS Cache Entries
    • Viewing DNS Proxy Cache Objects
    • Flushing Dynamic DNS Cache Entries
• Configuring DNS Security
  • About DNS Sinkholes
  • Configuring DNS Security Settings
  • Deleting Entries in the Lists
  • Configuring DNS Tunnel Detection
    • Configuring DNS Tunneling Detection
    • Viewing Detected Suspicious Clients
    • Creating DNS Tunnel Detection White Lists
    • Deleting DNS Tunnel Detection White List Entries
• SonicWall Support
  • About This Document

Viewing Detected Suspicious Clients

SonicOS/X displays information about all hosts that have established a DNS tunnel in the Detected Suspicious Clients Info table.

To view detected suspicious client Information

1. Navigate to Network | DNS > DNS Security.
2. Click on the Detected Suspicious Clients Info tab.

This table is populated only if DNS tunnel detection is enabled. Hosts are dropped only if blocking clients DNS traffic is enabled. For more information, refer to Configuring DNS Tunneling Detection.