Applies To: DNSWatch in WatchGuard Cloud
This feature is only available to participants in the WatchGuard Cloud Beta program.
References to DNSWatch in this topic relate to DNSWatch in WatchGuard Cloud. To learn about the legacy DNSWatch UI, go to About WatchGuard DNSWatch in Fireware Help.
When you enable DNSWatch on a locally-managed Firebox, two separate actions occur:
- Firebox Registration — The Firebox contacts the DNSWatch servers and registers itself. After the Firebox is registered, it receives the IP addresses of two DNSWatch DNS servers and a Blackhole Server.
- DNS Forwarding — The Firebox forwards all outbound DNS queries to the DNSWatch DNS servers unless another DNS setting configured on the Firebox has precedence. For more information about precedence of DNS settings, go to Precedence for DNSWatch in WatchGuard Cloud and a Firebox.
For all interfaces with DNSWatch Usage Enforcement enabled, the Firebox intercepts all DNS requests on port 53 and forwards them to a DNSWatch DNS Server, even if the DNS request was addressed to another DNS server. For more information, go to Enable DNSWatch on Your Firebox.
Troubleshoot Registration and Status Errors
To determine the registration status of your Firebox, you can look at the information on the DNSWatch configuration page in Fireware Web UI. The DNSWatch page shows the Firebox registration status, and shows whether there are any errors related to the DNSWatch service. It also shows the IP addresses of DNSWatch DNS servers.
If the Firebox is registered and there are no DNSWatch errors, the DNSWatch page in Fireware Web UI shows:
Registration Date: Registered at <date and time>
Status: Operational
If registration fails, or if any other error affects the DNSWatch service, the Status line includes an error message that can be useful for troubleshooting.
Quick Start — Set Up DNSWatch in WatchGuard Cloud