Configure DNS-over-TLS settings

DNS over TLS (DoT) secures DNS requests that are forwarded from ETP Client to ETP DNS. This traffic is protected with Transport Layer Security (TLS) encryption. By default, the DoT mode is set to Always Attempted. This mode means that ETP Client always attempts to use DoT. You can also select from these additional modes:
  • Required: Indicates that DoT is required. If the DoT connection cannot be established, the client shows that the device is not protected.
  • Disabled: Indicates that DoT is not used to secure DNS traffic from ETP Client.

When configuring DoT, you can also select the port that’s used for DoT. By default, ETP Client uses port 443. However, you also can select port 853. If you use port 853, make sure this port is available and allowed in your firewall.

How to

  1. To edit a policy:
    1. In the Enterprise Center navigation menu, select Policies > Policies.
    2. Click the policy that you want to modify.
  2. Go to the Settings tab.
  3. In the ETP Client Settings mode:
    1. Select a mode from the DNS-over-TLS mode menu.
    2. Select a port from the DNS-over-TLS port menu.
  4. Click Save.

Next steps

  1. Deploy the configuration change to the ETP network. For instructions, see Deploy Configuration Changes.
  2. Configure ETP Client