Knowledge Base

How to configure the networking component of DNS Protection

How to configure the networking component of DNS Protection
Userlevel 2
Badge +14
How to configure the networking component of DNS Protection
NOTE: Webroot recommends installing the DNS Protection agent to endpoints and configuring the network to use DNS Protection in order to achieve the best results. This will provide coverage at both the perimeter and device level, providing more comprehensive coverage.
The information contained in this article covers configuring the network component. For additional information on how to deploy the agent software, please see the User Guide by clicking here.
There are three main steps involved in configuring the network settings:
  • https://#console
  • https://#testing
  • https://#applying
Configuring the Webroot Console
1.  After logging into the Admin console and selecting sites, choose the site that you want to configure and click the Manage button.

2.  Under Sites, select the DNS tab.

3.  Scroll down to the Network Settings section and click the Add Row button.

4.  In the IP Address field enter the appropriate WAN IP (external IP or egress IP) for the IP Address. If you are unsure of your WAN IP, one method to retrieve it is to go to and enter what is my ip.
5.  From the Policy drop-down menu, select a policy to be used.
The policy applied will only apply to devices that do not have an agent policy assigned.
Testing the Webroot DNS Protection Servers
Now that the DNS Protection service has been configured with the proper WAN IP, it is time to test, using the process below. Make sure to execute the test from an endpoint that is on this network.
  1. Open a command prompt.
  2. Type nslookup
  3. Change the server to be, type server[list]
  4. Note: This IP only serves requests from network DNS requests; agent requests are handled by a different system.
  • Check several sites to ensure that proper response is being given. If you use as part of the test, the correct IP is
  • Assuming the testing is successful and the DNS Protection service responded properly, proceed to the next step of configuring the Webroot console. [/list] 
    Configuring the network
    DNS Forwarders
    The DNS forwarders have to be configured to send DNS requests to the proper IP addresses. On your router or Windows server, set up the DNS forwarders to reflect these settings:
    • DNS1:
    • DNS2:
    • DNS3: Failover DNS Server; check with ISP or use, which is Google’s free DNS service
    The Webroot DNS Protection service requires the following IP addresses and ports be allowed on any perimeter security devices (firewalls, IPS/IDS) to function correctly:
    IP Addresses:
    • (Required for DNS Protection client)
    • (Required for DNS Protection client)
    • 53 (TCP & UDP)
    • 7777 (TCP & UDP - Required for DNS Protection client)
    • 80
    • 8080
    • 443

  • This topic has been closed for comments

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings