Creating a DNS Security Profile helps to guard against DNS-related attacks.
You can do the following after you set up the DNS Security Profile:
Snoop on DNS responses for a VM, or a group of VMs on the transport node to associate FQDN with IP addresses.
Add global and default DNS server information, and apply it to all VMs that are using DFW rules.
Specify selected DNS server information for selected VMs.
Apply DNS profiles to groups.
- Navigate to .
- Click .
- Enter the following values:
Option Description Profile Name Provide a profile name. TTL
This field captures the Time to live for the DNS cache entry in seconds. You have the following options:
TTL 0 - cached entry never expires.
TTL 1 to 3599 - invalid
TTL 3600 to 864000 – valid
TTL left empty – automatic TTL, set from the DNS response packet.Note: DNS Security Profile has a default DNS cache timeout of 24 hours.
Applied To You can select a group based on any criteria to apply the DNS security profile to.Note: Only one DNS server profile is applied to a VM. Tags
Optional. Assign a tag and scope to the DNS profile to make it easy to search. See Add Tags to an Object for more information.
- Click Save.
What to do next
After saving, click Manage Group to Profile Precedence to manage group to profile binding precedence.