• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Policy
  • DNS Security Introduction
  • DNS Filtering Dashboard
• Configuring DNS Security Settings
  • About DNS Filtering
    • Configuring DNS Filtering
  • Configuring DNS Sinkhole Service
    • Deleting Entries in the Custom Malicious Domain Name List
  • Configuring DNS Tunnel Detection
    • Configuring DNS Tunnel Detection
    • Detected Suspicious Client Information
    • Creating White list for DNS Tunnel Detection
    • Deleting White List Entries for DNS Tunnel Detection
  • White List
• Reports
  • Statistic
  • Domain
  • Host
  • Database
• SonicWall Support
  • About This Document

Configuring DNS Tunnel Detection

DNS tunneling is a method of bypassing security controls and exfiltrating data from a targeted organization. A DNS tunnel can be used as a full remote-control channel for a compromised internal host. Capabilities include Operating System (OS) commands, file transfers, or even a full IP tunnel.

SonicOS provides the ability to detect DNS tunneling attacks, displays suspicious clients, and allows you to create white lists for DNS tunnel detection.

When DNS tunneling detection is enabled, SonicOS logs whenever suspicious DNS packets are dropped.

DNS Tunneling settings can be made at the group or unit level.

• Configuring DNS Tunnel Detection
• Detected Suspicious Client Information
• Creating White list for DNS Tunnel Detection
• Deleting White List Entries for DNS Tunnel Detection