Configure DNS-over-TLS settings
DNS over TLS (DoT) secures DNS requests that are forwarded from ETP Client to ETP DNS. This traffic is protected with Transport Layer Security (TLS) encryption. By default, the DoT mode is set to Always Attempted. This mode means that ETP Client always attempts to use DoT. You can also select from these additional modes:
- Required: Indicates that DoT is required. If DoT is not available, DNS traffic is directed from ETP Client to the local DNS resolver.
- Disabled: Indicates that DoT is not used to secure DNS traffic from ETP Client.
When configuring DoT, you can also select the port that’s used for DoT. By default, ETP Client uses port 443. However, you also can select port 853. If you use port 853, make sure this port is available and allowed in your firewall.
To edit a policy:
In the navigation menu,
.Note: If you are trying the new Enterprise Center interface, in the navigation menu, select .
- Click the policy that you want to modify.
- In the navigation menu, select .
- Go to the Settings tab.
In the ETP Client Settings mode:
- Select a mode from the DNS-over-TLS mode menu.
- Select a port from the DNS-over-TLS port menu.
- Click Save.
- Deploy the location configuration change to the ETP network. For instructions, see Deploy Configuration Changes.
- Assign a policy to the off-network location