Configure a Private DNS server with Cato DNS

Hi.  Our DNS Forwarding rules in the CMA are for all the required private domains and forward to the private DNS Server IP.  

We have configured the external forwarders on the private DNS server to point to the Cato DNS Servers.  This means if there is a DNS query for something the DNS server cannot resolve locally i.e. the internet, it uses Cato DNS to resolve.  This is better than using public DNS servers as Cato DNS gives:

Performance Benefits:

• Global PoP caching - Cato's DNS service leverages the global PoP locations in the Cato Cloud to provide fast DNS resolution and significantly reduce DNS latency. PoPs store DNS responses in cache, so future requests are served more quickly from the closest PoP to your location.
• Quick response times - Hosts connecting to the Cato Cloud retrieve DNS responses from the PoP they're connected to (usually the closest one), resulting in very quick response times.

Security Protections:

• DNS inspection - Cato's IPS service includes DNS Protection that analyzes DNS requests and responses, providing protections based on reputation, behavioral signatures, and heuristics.
• Threat blocking - Malicious DNS requests are blocked before any connection is established between the host and malicious servers (no TCP or UDP handshake occurs).
• Multiple protection types - Includes protection against malicious domains, phishing campaigns, DNS tunneling, and more.

If you're using DHCP, you can set the DNS servers as the Cato DNS servers.  That will then allow private domains to be forwarded to your private DNS server, and the internet to be forwarded to Cato.