Excluding a DNS Search from a DNS Wildcard

📘

Note

This is a limited release feature. For more information contact Axis Security Support: [email protected]

You can exclude a DNS Search from a DNS Wildcard for the following applications:

This article shows you how to create a DNS exclusion in a Network Range application and how to verify your configuration using the Audit Log.

Use the Network Range DNS Exclusion option to exclude a DNS search from a DNS wildcard in a Network Range application.  This is useful, for example, for allowing a network range application to access *.acme.com and excluding a set of one or more addresses from the network range application that you do not want users to access, such as home.acme.com.

📘

Notes:

  • The exclusion requires Atmos Agent version 2.40.0 and connector version 2.35
    • The exclusion only applies to DNS searches and not CIDR/ IP ranges.
    • The exclusion does not affect other Network Range applications.
    • Once enabled, the feature can only be disabled if all exclusions are deleted.

To exclude a DNS search from the DNS wildcard:

  1. Go to the Settings > Destinations > Network Range.
  2. In the Name field, enter the entity name of the network range application.
  3. In the Local Address Range, click the Enable DNS exclusions toggle to exclude DNS searches from the wildcard.

The DNS exclusion menu appears.

  1. Under the Exclude column, click Exclude a DNS Search. 
  2. In the Exclude DNS wildcard field, enter the DNS address or DNS search. 

  1. Click Next. 
  2. To commit your changes, go to the top-right menu, click Apply Changes, then select Commit Changes. 
  3. Next step: Verifying the Configuration.

Verifying the DNS Exclusion

Use the Audit Log to make sure your changes were recorded. 
An audit log is a record of events and changes in the system. It allows the administrator to monitor changes to the tenant and contains information about changes to the system.

To verify the DNS Exclusion in the Network Range Application:  

  1. Go to the Settings -> Audit Log screen. 
  2. In the Audit Log screen click the Information icon next to the relevant entry.  

The Detailed Log window appears. 
The following screen shows and verifies that the DNS search, home.acme.com, was successfully recorded and excluded from the DNS search *acme.com in the Network Range application.

  1. Scroll the window until you see the Excluded DNS Search row.