Note: Webroot recommends installing the DNS Protection agent to endpoints and configuring the network to use DNS Protection in order to achieve the best results. This will provide more complete coverage at both the perimeter and device level.
The information contained in this article covers configuring the network component. For information on how to deploy the agent software, please see the User Guide.
There are three main steps involved in configuring the network settings:
- Configuring the Webroot Management console
- Testing the connection to Webroot’s DNS Protection service
- Applying the settings to your router or servers
Configuring the Webroot Management console
1. Log into the Webroot Management console and select the Sites tab.
2. Find the site that you want to configure and click the gear icon under the DNS Protection column.
3. In the Network Settings section area, add the WAN IP, select a policy from the drop-down menu, then click the Add Row button.
- The WAN IP is also known as the egress IP. If you are unsure of your WAN IP, one method to retrieve it is to go to www.google.com and enter what is my ip. Alternately, you can contact your ISP.
- The policy set here will be applied if the device connecting does not already have a policy applied. This will apply to any device that does not have the agent installed, which will probably include guest devices.
Testing the Webroot DNS Protection Servers
Now that the DNS Protection service has been configured with the proper WAN IP, it is time to test, using the process below. Make sure to execute the test from an endpoint that is on this network.
1. Open a command prompt.
2. Type nslookup
3. Change the server to be 184.108.40.206, type server 220.127.116.11
- Note: This IP only serves requests from network DNS requests; agent requests are handled by a different system.
5. Assuming the testing is successful and the DNS Protection service responded properly, proceed to the next step of configuring your routers and/or servers. If you receive errors, do one of the following:
- Call Support directly, click this link to find the best number for your region.
- Click here to open a Support ticket or open a ticket directly from the console.
Applying the settings to your router or servers
The DNS forwarders have to be configured to send DNS requests to the proper IP addresses. On your router or Windows server, set up the DNS forwarders to reflect these settings:
- DNS1: 18.104.22.168
- DNS2: 22.214.171.124
- DNS3: Failover DNS Server; check with ISP or use 126.96.36.199, which is Google’s free DNS service
The Webroot DNS Protection service requires the following IP addresses and ports be allowed on any perimeter security devices (firewalls, IPS/IDS) to function correctly:
- 188.8.131.52 (Required for DNS Protection client)
- 184.108.40.206 (Required for DNS Protection client)
- 53 (TCP & UDP)
- 7777 (TCP & UDP - Required for DNS Protection client)