DNS Filtering has the following requirements:
Domain Requirements
The DNS Filtering module only supports Fully Qualified Domain Names or Partially Qualified Domains name for the allow and block list. Single-Label Domains are not supported.
- Fully Qualified Domain Name - mail.google.com
- Partially Qualified Domain Name - google.com
- Single-label Domain - google
Feature Requirements
- An active subscription to Incident Response, Endpoint Protection, or Endpoint Detection and Response.
- An active subscription to the DNS Filtering module.
Endpoint Requirements
Endpoints must be running one of the following operating systems to filter network traffic with the DNS Filtering module. For our Endpoint Protection requirements, see System requirements for Nebula.
- Windows Server: 2022, 2019, 2016, 2012, 2012 R2
-
Windows: 11, 10, 8.1
Note: Devices with an Advanced RISC Machine (ARM) processor are not supported. - macOS: Sequoia 15, Sonoma 14, Ventura 13, Monterey 12, Big Sur 11
CAUTION - DNS Filtering is not supported on DNS Servers and will block communications.
Network Requirements
Endpoints running DNS Filtering need to allow HTTPS outbound connections that resolve DNS lookups to https://*.cloudflare-gateway.com
Browser and system requirements
DNS over HTTPS (DoH) or Secure DNS must be disabled for browsers and operating systems to allow DNS filtering to operate properly. See the following articles for managing Windows and browser DoH settings via Group Policy.
Note: Look up instructions for your specific browser if DoH needs to be disabled manually on an endpoint.
Return to Nebula DNS Filtering guide.