I’d like to be able to create generic rules for all the requests done to the DNS server(s), whatever the application.
AFAIK this is not possible to specify in the app monitor, as it is not possible to tell “any app”. that would have been quite risky to offer such a feature here, so I can understand it is not possible.
As a workaround, I attempted to create 1 new network rule for each of my DNS servers:
each rule being something like “Allow UDP out from [Any] to [DNS server IP address] where source port is [any] and remote port is 53” (a stricter rule would have set as well the source port as 53, but let’s forget it)
I hoped that would prevent to be prompted for each application trying to resolve an IP address, but it actually didn’t help.
So, is there any way to tell CPF to allow UDP traffic out to port 53 to a list of a few given remote IP addresses?
Thanks for the tip egemen, but I don’t think it fills the bill: I don’t want to allow any DNS request to any DNS server (what sounds to be the case once I disabled this option), I want to create a rule for each of the 3 DNS servers of my ISP to allow any app to make queries, but only to these specific servers.
So, is this possible to reach such a result?
So instead of “Security->Advanced->Application behavior analysis->Monitor DNS Queries” you want to have somthing to marklike “Allow DNS queries on port [nn] and IP[nn] globaly” where the nn is user input and can be a single value or a range?
Kind of a global rule and so valid for all programs? I like the idea.
Would say instead “Allow UDP requests on port…”, with the rest as you say, yes that’s what I’d like to have, instead of having to create 3 specific rules for each and every of my allowed apps (1 rule for each of the 3 DNS servers).
Anyway, even with IP grouping capability (what would be great BTW), are you sure that your above solution would work? I’m afraid it won’t. Indeed, following your recommendation, I tried to disable “MOnitor DNS reqs”, and created 1 “allow” rule for each of my IP server (as described in my initial post). But it didn’t help, I was still prompted for each new app attempting to resolve an IP address.
Do you think that would be considerable to have such a possibility in a next version?
When DNS Monitoring disabled, make sure you also have Windows DNS Client Service is enabled. Otherwise, all applications will still make their own queries. If it is started, then only svchost.exe will issue such requests.
Btw, you need to add these rules to network monitor.