Knowledge Base

How to configure the networking component of Webroot DNS Protection

  • 13 June 2018
  • 0 replies
How to configure the networking component of Webroot DNS Protection
Userlevel 3
Badge +15
How to configure the networking component of Webroot DNS Protection

Note: Webroot recommends installing the DNS Protection agent to endpoints and configuring the network to use DNS Protection in order to achieve the best results. This will provide more complete coverage at both the perimeter and device level.

The information contained in this article covers configuring the network component. For information on how to deploy the agent software, please see the User Guide.

There are three main steps involved in configuring the network settings:
  • Configuring the Webroot Management console
  • Testing the connection to Webroot’s DNS Protection service
  • Applying the settings to your router or servers

Configuring the Webroot Management console

1. Log into the Webroot Management console and select the Sites tab.
2. Find the site that you want to configure and click the gear icon under the DNS Protection column.

3. In the Network Settings section area, add the WAN IP, select a policy from the drop-down menu, then click the Add Row button.
  • The WAN IP is also known as the egress IP. If you are unsure of your WAN IP, one method to retrieve it is to go to and enter what is my ip. Alternately, you can contact your ISP.
  • The policy set here will be applied if the device connecting does not already have a policy applied. This will apply to any device that does not have the agent installed, which will probably include guest devices.

Testing the Webroot DNS Protection Servers
Now that the DNS Protection service has been configured with the proper WAN IP, it is time to test, using the process below. Make sure to execute the test from an endpoint that is on this network.

1. Open a command prompt.
2. Type nslookup
3. Change the server to be, type server
  • Note: This IP only serves requests from network DNS requests; agent requests are handled by a different system.
4. Check several sites to ensure that proper response is being given. If you use as part of the test, the correct IP is
5. Assuming the testing is successful and the DNS Protection service responded properly, proceed to the next step of configuring your routers and/or servers. If you receive errors, do one of the following:

Applying the settings to your router or servers

DNS Forwarders
The DNS forwarders have to be configured to send DNS requests to the proper IP addresses. On your router or Windows server, set up the DNS forwarders to reflect these settings:
  • DNS1:
  • DNS2:
  • DNS3: Failover DNS Server; check with ISP or use, which is Google’s free DNS service
The Webroot DNS Protection service requires the following IP addresses and ports be allowed on any perimeter security devices (firewalls, IPS/IDS) to function correctly:

IP Addresses:
  • (Required for DNS Protection client)
  • (Required for DNS Protection client)
  • 53 (TCP & UDP)
  • 7777 (TCP & UDP - Required for DNS Protection client)
  • 80
  • 8080
  • 443

This topic has been closed for comments