Creating a DNS Security Profile helps to guard against DNS-related attacks.
Create a DNS Security profile, and configure TTL in the DNS Security Profile. You can do the following after you set up the DNS Security Profile:
-
Snoop on DNS responses for a VM, or a group of VMs on the transport node to associate FQDN with IP addresses.
-
Create a group with VMs as members, and apply DNS profiles to groups.
Procedure
- Navigate to .
- Click .
- Enter the following values:
Option Description Profile Name Provide a profile name. TTL This field captures the Time to live for the DNS cache entry in seconds. You have the following options:
TTL 0 - cached entry never expires.
TTL 1 to 3599 - invalid
TTL 3600 to 864000 – valid
TTL left empty – automatic TTL, set from the DNS response packet.
Note: DNS Security Profile has a default DNS cache timeout of 24 hours.Applied To You can select a group based on any criteria to apply the DNS security profile to. Note: Only one DNS server profile is applied to a VM.Tags Optional. Assign a tag and scope to the DNS profile to make it easy to search. See Add Tags to an NSX Object for more information.
- Click Save.
What to do next
After saving, click Manage Group to Profile Precedence to manage group to profile binding precedence.