Netskope Help

Configure DNS Connector

The Microsoft AD DNS server uses conditional forwarder zones to forward queries to the Secure Forwarder. Conditional forwarder allows specifying one or more external DNS servers for a specific domain. All DNS queries for the configured domain are forwarded to the configured DNS server. Secure Forwarder using the DNS connector to automatically update the conditional forwarder zone in the DNS server.

Netskope DNS Connector connects to the Secure Forwarder to securely obtain the list of managed cloud app domains and automatically updates the conditional forwarder zone in the DNS server.

Prerequisites
  • The DNS Connector requires that Remote Server Administration Tool (RSAT) be installed on the Windows machine where the DNS Connector will be installed.

  • DNS Server Tools should be turned on in Control Panel > Programs > Turn Windows Features On or Off > Remote Server Administration Tools > Role Administration Tools after RSAT is installed.

  • The Secure Forwarder DNS listener IP should be mapped to a fully qualified domain name and that name is same as the common name in the server certificate that is installed on the Secure Forwarder. You can find the Secure Forwarder DNS listener-ip from show dns listener-ip command.

  • The CA chain used to sign the Secure Forwarder certificate must be installed on the trusted root CA certificate store in the Windows machine by logging in as the service user specified during the installation.

Configuration

When the above steps are completed, click the DNS Connector tab:

DNSconnector.png

The options in this tab are:

  • MS DNS IP Address: Enter the IP address of the Microsoft AD DNS server.

  • Legacy Mode: Use this option if you have a non-forest environment and if the server is upgraded from Windows 2003.

  • Secure Forwarder IP: Enter the fully qualified hostname for the Secure Forwarder.

  • DNS Server IPs: Optional list of DNS server IPs that overrides the DNS server IP obtained from the Secure Forwarder.

  • Status: Shows the status of the selected component.

  • Service Name: Shows the name of the active DNS Connector.