Configure DNS setting

When you execute files, the files can send DNS queries to resolve names. DNS queries are an attempt by malware to determine if they are being run in a sandbox environment. If the DNS query fails, the file might take an alternate path. When Advanced Threat Defense dynamically analyzes such a file, you might want to provide a proxy DNS service in order to bring out the actual behavior of the file.

Before you begin

  • The DNS server is required to have access to a public domain or the internet.
  • Ensure that the IP configured for DNS should be resolved by the DNS server using reverse lookup.

Note: Malware DNS is used during VM activation, and also for any name resolution requests originating from the analyzer VM.

Task

  1. Log on to the Advanced Threat Defense web interface.
  2. Click ManageATD ConfigurationDNS.
  3. In DNS Setting, complete these settings, then click Apply.
    • Domain — Type your domain name.
    • Preferred DNS Server — Type IP address of the primary DNS server.
    • Alternate DNS Server — Type IP address of the secondary DNS server.
  4. In Malware DNS Setting, type IP address of the DNS server to resolve name resolution queries originated from the sandbox environment, then click Apply.