Umbrella - Whitelist for Suspicious Response

Comments

2 comments

  • Official comment
    Avatar
    Adam Winn

    We recently removed the suspicious response category. 

    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    This feature blocks DNS requests where RFC-1914 IP addresses are being returned.  It can be disabled at the dashboard.

    "We use an external DNS to refer to some of our internal devices."

    This is clearly the wrong approach.  You should run your own DNS server to do this.  Umbrella should not become corrective for wrong approaches.  Your second best bet is to disable the Suspicious Response feature.  Your next best bet is to assign your public IP address(e) to these hostnames and configure port forwarding on the router to their internal IP addresses, so that the hostnames can be accessed like remote.

    Btw, some routers support such whitelists for internal domains, like mine.

    0
    Comment actions Permalink

Please sign in to leave a comment.