Manage Connection Sources (Advanced DNS Security Resolver)

1. Log in to the Strata Cloud Manager on the hub.
2. Select ConfigurationADNS Resolver and view currently available Connection Sources. This provides an overview of all configured connection sources.
3. Click Create Connection Source and provide a Name and optional Description.
4. Select a DNS Security Profile with the appropriately configured security policies for the connection source.
5. Add IPv4 and IPv6 addresses or subnets for the connection source. If you do not provide any at this time, a popup will notify you to add IP address(es) to your new connection. You can specify up to 1000 subnets across connection sources for a given tenant.

   Valid IP addresses must conform with the following parameters:

   • IPv6—Individual node addresses must have prefix length of /128. For broader subnet allocations, use a prefix length within the /56 to /64 range.
   • IPv4—Individual addresses must have CIDR prefix of /32. For broader subnet allocations, use a prefix length within the /28 to /32 range.

   While the Advanced DNS Security Resolver supports dual-stack IPv4 and IPv6 connectivity, to ensure proper routing and system compatibility, please use the standard notation for each protocol rather than using IPv4-mapped IPv6 formats.

   1. From the IP Addresses panel, + Add or delete entries (using the icon) to modify the IP Addresses list entries as necessary.
   2. Click Save when finished. An icon appears next to new unverified connection sources.
6. To Verify the IP address, you must download the token using the supplied link (option 1) or generate one by using the curl command (option 2). After you receive the token, you must then Enter Verification Token in the provided field.

   The client device used for verification (the accessing URL) must be within the specified subnet or IP range for successful IP/Subnet verification.
7. Click Verify to continue.
8. Repeat as necessary for additional IP addresses.

   If you are verifying a subnet, it is only necessary to verify a single IP address in the subnet IP range; all other IP addresses in that subnet are automatically verified.