Excluding a DNS Search from a DNS Wildcard

📘

Note:

This is a limited release feature. For more information contact Axis Security Support: [email protected]

You can exclude a DNS Search from a DNS Wildcard for the following applications:

Use the SSH Range DNS Exclusion option to exclude a DNS search from a DNS wildcard in an SSH Range application.  This is useful, for example, for allowing an SSH Range application to access *.acme.com and excluding a set of one or more addresses from the SSH Range application that you do not want users to access, such as home.acme.com.

📘

Notes:

  • The exclusion requires Axis Client version 2.40.0 and connector version 2.35
  • The exclusion only applies to DNS searches and not CIDR/ IP ranges.
  • The exclusion does not affect other SSH Range applications.
  • Once enabled, the feature can only be disabled if all exclusions are deleted.

To exclude a DNS search from the DNS wildcard:

  1. Go to Settings > Applications > SSH Range.
  2. In the Name field, enter the entity name of the network range application.
  3. In the Local Address Range, click the Enable DNS exclusions toggle to exclude DNS searches from the wildcard.
1620

The DNS exclusion menu appears.

1632
  1. Under the Exclude column, click Exclude a DNS Search. 
  2. In the Exclude DNS wildcard field, enter the DNS address or DNS search.
1628
  1. Click Next. 
  2. To commit your changes, go to the top-right menu, click Apply Changes, then select Commit Changes.
  3. Next step: Verifying the Configuration.

Verifying the DNS Exclusion

Use the Audit Log to make sure your changes were recorded. 
An audit log is a record of events and changes in the system. It allows the administrator to monitor changes to the tenant and contains information about changes to the system.

To verify the DNS Exclusion in the SSH Range Application:

  1. Go to Settings -> Audit Log. 
  2. In the Audit Log screen click the Information icon next to the relevant entry.  

The Detailed Log window appears. 

1280
  1. Scroll the window until you see the Excluded DNS Search row.