To enable SecureDNS, make sure that you have filled in the onboarding document and sent this to your Account Manager.
After confirmation and configuration on our side you will then receive the following:
- You will receive an onboarding confirmation mail which will contain the specific technical information needed to do the onboarding.
- You will also receive an activation link for the Secutec Portal (https://portal.secutec.com).
Define the scope
First, determine the scope:
- Which parts of my organization's network needs DNS-level protection?
- On which possible servers and appliances will I be changing the DNS servers/forwarders?
Once you have an idea where to activate SecureDNS, you can consult the following articles on this Help Center for the technical setup/onboarding.
For Windows:
Automated onboarding
Use our PowerShell script to do all the available steps of an onboarding automatically on a Windows server:
Using the Self-Onboarding PowerShell Script on Windows Server
Manual onboarding
Change the DNS forwarders on a Windows DNS server (in most cases this is also the Domain Controller):
Setting the DNS Forwarders on Windows Server
If you would like to see the Private IP Address in the dashboards on the Secutec Portal, use the following guide:
Enabling DNS Log Enrichment on Windows Server
If you would like to see the Hostname in the dashboards on the Secutec Portal, use the following guide:
Enabling DHCP Log Enrichment on Windows Server
For Linux:
Manual onboarding
If you have a Linux-based DNS server, chances are high you are using BIND as DNS system, please use the following guide to change the DNS forwarders in the BIND config:
Setting the DNS Forwarders on Linux
If you would like to see the Private IP Address in the dashboards on the Secutec Portal, use the following guide:
Enabling DNS Log Enrichment on Linux
For Appliances:
To change the DNS servers on a network appliance such as a Firewall, consult the documentation of the appliance.
Note: to have Private IP address or Hostname enrichment on our Portal if all DNS traffic is being resolved by the appliance, a workaround is possible. For this, an export of the logs of the appliance will be needed to another server via syslog, for more information contact support@secure-dns.eu