DNSWatch Components

The DNSWatch subscription service has these components:

DNSWatch

A cloud-based service that monitors DNS requests to prevent connections to known malicious or filtered domains. You can enable the DNSWatch service on a Firebox or configure it on your network.

DNSWatchGO Client

A client-based application installed on portable host computers, such as laptops, to enforce your policy when a device is not connected to your network. The client submits DNS requests to both the DNSWatch server and the upstream DNS server.

  • If the domain is considered malicious or suspicious, DNSWatchGO returns the block page from the DNSWatch Blackhole server.
  • If no issues are found by the DNSWatch server, DNSWatchGO returns the requested content.

For more information, see About DNSWatchGO Client.

Content Filter Policy

Sometimes you want to filter content that users can access both on and off your network. With DNSWatch, you can create a content filter policy to block domains in specific categories, such as gambling, alcohol, or adult content. When a user tries to access a filtered web site, DNSWatch replaces the requested content with the block page. You can have one policy for off-network and a different policy for each on-premise network. For more information about policies, see DNSWatchGO Content Filter Policies.

Block Page

When DNSWatch determines that a requested domain is malicious or filtered, the block page appears instead of the requested content. DNSWatch also attempts to gather more information about the source of the blocked DNS request and the type of threat. When DNSWatch denies a DNS request, it generates an alert with the collected information for administrators. For more information, see Customize DNSWatch Block Pages.

Domain Feeds

To protect your network, DNSWatch uses a complex set of heuristics to identify requests to malicious domains or domains with suspicious certificates. DNSWatch polls a variety of commercial threat intelligence feeds daily to identify new malicious domains and update the domain feeds. To help improve DNSWatch for all users, you can share the domains you manually add to the block list with WatchGuard. You can see a list of the domain feeds in the DNSWatch Web UI. For more information, see About DNSWatch Domain Feeds.

DNS Resolvers

The DNSWatch DNS resolvers resolve DNS queries from protected networks. WatchGuard hosts DNSWatch DNS servers in multiple regions. For more information, see About DNSWatch DNS Servers.

Blackhole Servers

When DNSWatch receives a DNS request for a denied domain, it resolves the domain to the IP address of the Blackhole Server. When the client who originated the DNS request connects to the Blackhole, DNSWatch tries to gather more information about the source of the blocked DNS request and the type of threat. The collected information appears in an alert that DNSWatch generates when a DNS request is denied. For a denied DNS request that occurs for HTTP or HTTPS connections, users see the DNSWatch block page in their browser. For more information, see About DNSWatch Blackhole Servers.

See Also

About DNSWatchGO Client

About DNSWatchGO Protected Networks

About DNSWatch on the Firebox

About the DNSWatch Web UI

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search