• SonicOS and SonicOSX 7
• Configuring DNS Settings
  • Configuring DNS for IPv4
    • Specifying which DNS Servers are Used
    • Enabling Proxy of Split DNS Servers
    • DNS Rebinding Attack Prevention
    • DNS Rebinding and Cache Lookup
    • Enabling DNS Host Name Lookup over TCP for FQDN
    • DNS Cache Lookup
  • Configuring DNS for IPv6
  • Configuring Domain-Specific DNS Servers for Split DNS
    • About Split DNS
      • About Per-Partition DNS Servers and Split DNS
    • Adding a Split DNS Server
    • Editing Split DNS Entries
    • Deleting Split DNS Entries
• Configuring Dynamic DNS
  • About Dynamic DNS
    • Supported DDNS Providers
  • Dynamic DNS Profiles
    • Configuring Dynamic DNS Profiles
    • Editing Dynamic DNS Profiles
    • Deleting Dynamic DNS Profiles
• Configuring DNS Proxy Settings
  • About DNS Proxy
    • Supported Interfaces
    • DNS Server Liveness Detection and Failover
    • DNS Cache
    • High Availability Stateful Synchronization of DNS Cache
    • DHCP Server
  • Enabling Log Settings
  • Monitoring Packets
  • Configuring DNS Proxy Settings
    • Enabling DNS Proxy
    • Configuring DNS Proxy Settings
    • Deleting Static DNS Cache Entries
    • Viewing DNS Proxy Cache Objects
    • Flushing Dynamic DNS Cache Entries
• Configuring DNS Security
  • About DNS Sinkholes
  • Configuring DNS Security Settings
  • Deleting Entries in the Lists
  • Configuring DNS Tunnel Detection
    • Configuring DNS Tunneling Detection
    • Viewing Detected Suspicious Clients
    • Creating DNS Tunnel Detection White Lists
    • Deleting DNS Tunnel Detection White List Entries
• SonicWall Support
  • About This Document

Configuring DNS Tunnel Detection

DNS tunneling is a method of bypassing security controls and exfiltrating data from a targeted organization. A DNS tunnel can be used as a full remote-control channel for a compromised internal host. Capabilities include Operating System (OS) commands, file transfers, or even a full IP tunnel.

SonicOS/X provides the ability to detect DNS tunneling attacks, displays suspicious clients, and allows you to create white lists for DNS tunnel detection.

When DNS tunneling detection is enabled, SonicOS/X logs whenever suspicious DNS packets are dropped.

DNS Tunneling settings can be made at the group or unit level.

• Configuring DNS Tunneling Detection
• Viewing Detected Suspicious Clients
• Creating DNS Tunnel Detection White Lists
• Deleting DNS Tunnel Detection White List Entries