Umbrella - Whitelist for Suspicious Response

Follow

ellis

February 11, 2017 15:37

We use an external DNS to refer to some of our internal devices. These get flagged as Suspicious Response and fill the reports with info we do not need to see. It would be good to have a Whitelist to exclude these from  Suspicious Response.

-1

• Official comment

  

  Adam Winn April 22, 2017 00:23

  We recently removed the suspicious response category. 

  Comment actions Permalink
• 

  rotblitz February 11, 2017 18:11 (Edited February 11, 2017 19:26)

  This feature blocks DNS requests where RFC-1914 IP addresses are being returned.  It can be disabled at the dashboard.

  "We use an external DNS to refer to some of our internal devices."

  This is clearly the wrong approach.  You should run your own DNS server to do this.  Umbrella should not become corrective for wrong approaches.  Your second best bet is to disable the Suspicious Response feature.  Your next best bet is to assign your public IP address(e) to these hostnames and configure port forwarding on the router to their internal IP addresses, so that the hostnames can be accessed like remote.

  Btw, some routers support such whitelists for internal domains, like mine.

  

  0

  Comment actions Permalink

Please sign in to leave a comment.