Question

No on prem DNS servers

  • 15 February 2021
  • 6 replies
  • 56 views

Really need a sanity check.  Getting ready to deploy DNS protection to a client that only has endpoint protection.

The only difference between this client and other using DNS protection is that they don’t have a DNS server.  They have no on-prem servers or services that would need to resolve locally.  Storage and apps are cloud based.

I couldn’t find anything in the deployment guides about anything different for this type of environment.  

I suspect it is because there is nothing different that needs to be done, but I thought I would reach out to the community pre-deployment to see if anyone has deploy to a similar environment recently and what to expect.

TIA

Mike


6 replies

Userlevel 7
Badge +17

Hey there @Mike719 ,

I’m gonna ping one of our awesome product experts to help you out here - @coscooper, any ideas?

Thanks! @khumphrey.

Appreciate all assistance.  This is the first deployment I am “in charge” of so I want to make sure that there are no glitches.

A little more detail about the current environment:

The firewall currently handles DNS and DHCP.

The DHCP settings are primary DNS is the gateway (firewall) and there is no secondary DNS.

 

Mike

Userlevel 7
Badge +30

I have this deployment in place at many clients. There’s nothing you need to do. If they do have a static IP, I’d suggest also plugging in the values for Webroot’s DNS servers into the WAN facing DNS settings. Other than that, there’s no local server or services running, so you should be good to go. 

Userlevel 6
Badge +26

@Mike719 - If you deploy the service on top of your existing webroot endpoint protection agents, there’s nothing else to configure. The service changes the local devices DNS to local loopback and answers all DNS requests through our servers no longer even needing the local DNS. Then, it only uses the local network DNS (Router or AD - or wherever it got its DNS information) for when/if local resource resolution is required. If there’s ever a local non TLD, like workgroup or AD, then it requires an agent bypass to tell the agent to use the local DNS. Otherwise, our (Webroots) DNS service handles the DNS requests.

The only reason to configure the local router would be to provide protection to devices that do not have a Webroot service/agent. For example, IOT devices, mobile devices or a file server where you can’t or do not want to manage an agent, you can configure the local FW NSServers with Webroot IPs. Just configure the WAN IP in the Webroot console first, then edit the NSServers on your router with the IPs from the configuration/network selection in the Webroot admin site management console.

Hope that helps. If you need any specific questions answered, DM me here on the community.

Userlevel 6
Badge +26

@jhartnerd123  - we must have been typing at the same time. :grinning:

Thanks all.  

Reply