In order for you to begin enforcing your settings, all DNS traffic from the clients on your network should be routed through your Virtual Appliances.
- First, start by testing on a few devices by manually configuring their DNS settings to use the Virtual Appliances. Try different operating systems or hardware types (mobile devices, for instance) to ensure compatibility with all your devices.
Note: When testing the policy enforcement, some DNS responses may already be cached for several minutes to days. You should flush the DNS cache via both the browser and the OS to avoid waiting for the cached responses to expire.
- If possible, a good next step is to change the DNS settings for a specific DHCP server pool or scope in your organization.
- Once you’ve verified correct enforcement of policies with your pilot group of computers, you can either stage the cut over to using the Virtual Appliances for DNS or cut over the entire organization. The best time to affect the cut over is typically after users log out for the day. Note there's no easy way to force clients to renew their DHCP scope remotely or automatically,
- When users log in after the installation is complete, they should begin sending all DNS queries to the one of the VAs forwarding DNS traffic.
Note: Most stub DNS resolvers, those that reside on endpoint devices, do not have a true primary versus secondary DNS server relationship. Stub DNS resolvers’ behavior on many operating systems is undocumented in regards to which DNS server they will use at any time.