The DNS Security security engine allows you to prevent access to malicious and phishing web sites at the DNS query stage. DNS Security analyzes the user's DNS queries and DNS responses and can block access to malicious and phishing domains or redirect such requests to a special server that you can specify.
A regularly updated database is used to identify malicious and phishing domains and IP addresses. This database, included in the distribution kit of the solution, is maintained by Kaspersky experts and is updated when Kaspersky NGFW components are updated. In all cases, only this database is used to scan DNS traffic.
The following DNS Security profiles are used to scan DNS traffic, block malicious or phishing domains and IP addresses, or redirect the user's request to a specified server:
The default DNS Security profile is included in the default security profile group. The Block action is specified in the default profile, which means that all DNS queries and DNS responses containing malicious domains are blocked. You can edit the default profile.
You can create, edit, or delete custom profiles. In a custom profile, you can specify the action to be applied to DNS queries and DNS responses containing malicious and phishing domains or IP addresses; you can also configure logging when the profile is triggered.
For traffic to be scanned by DNS Security, the following conditions must be satisfied:
Kaspersky NGFW processes DNS queries and DNS responses that contain information about multiple domains or IP addresses. DNS traffic is scanned on all ports, not just port 53.