Umbrella - Whitelist for Suspicious Response
We use an external DNS to refer to some of our internal devices. These get flagged as Suspicious Response and fill the reports with info we do not need to see. It would be good to have a Whitelist to exclude these from Suspicious Response.
-
Official comment
We recently removed the suspicious response category.
Comment actions -
This feature blocks DNS requests where RFC-1914 IP addresses are being returned. It can be disabled at the dashboard.
"We use an external DNS to refer to some of our internal devices."
This is clearly the wrong approach. You should run your own DNS server to do this. Umbrella should not become corrective for wrong approaches. Your second best bet is to disable the Suspicious Response feature. Your next best bet is to assign your public IP address(e) to these hostnames and configure port forwarding on the router to their internal IP addresses, so that the hostnames can be accessed like remote.
Btw, some routers support such whitelists for internal domains, like mine.
Please sign in to leave a comment.
Comments
2 comments