Configure DNS-over-TLS settings

DNS over TLS (DoT) secures DNS requests that are forwarded from ETP Client to ETP DNS. This traffic is protected with Transport Layer Security (TLS) encryption. By default, the DoT mode is set to Always Attempted. This mode means that ETP Client always attempts to use DoT. You can also select from these additional modes:
  • Required: Indicates that DoT is required. If DoT is not available, DNS traffic is directed from ETP Client to the local DNS resolver.
  • Disabled: Indicates that DoT is not used to secure DNS traffic from ETP Client.

When configuring DoT, you can also select the port that’s used for DoT. By default, ETP Client uses port 443. However, you also can select port 853. If you use port 853, make sure this port is available and allowed in your firewall.

How to

  1. To edit a policy:
    1. In the navigation menu, select Configuration > Policies.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Policies > Policies.
    2. Click the policy that you want to modify.
  2. Go to the Settings tab.
  3. In the ETP Client Settings mode:
    1. Select a mode from the DNS-over-TLS mode menu.
    2. Select a port from the DNS-over-TLS port menu.
  4. Click Save.

Next steps

  1. Deploy the location configuration change to the ETP network. For instructions, see Deploy Configuration Changes.
  2. Assign a policy to the off-network location