What difference does enabling the DNS Proxy make in terms of detecting bad DNS traffic?

Rkerry

I'm slightly confused so hoping someone can help. If for example you have an existing network with an on premise DNS server handling all incoming and outgoing DNS requests, what difference does it make (in terms of detecting and preventing bad requests) to enable the DNS proxy function on the Sonicwall? I would have thought all traffic going out on the WAN including DNS requests would be scanned using DPI anyway, and any bad or illegitamte requests would therefore be picked up on and prevented?

I understand there are other benefits of enabling the DNS proxy, but struggling to wrap my head around this point specifically.

Thanks!

TKWITS

It doesn't really. You are assuming too much with your statement: "I would have thought all traffic going out on the WAN including DNS requests would be scanned using DPI anyway, and any bad or illegitamte requests would therefore be picked up on and prevented?"

Just because DPI is enabled doesn't mean a 'bad or illegitimate' DNS request would be prevented. There needs to be a mechanism for prevention.

Suggested reading: https://www.sonicwall.com/support/knowledge-base/configuring-dns-proxy-in-sonic-os/170505634644040/

https://en.wikipedia.org/wiki/Domain_Name_System#Transport_protocols

https://en.wikipedia.org/wiki/Deep_packet_inspection