Protective DNS Authorized Sources Training Video
•February 10, 2026
0
Why It Matters
Properly authorizing sources is essential to enable Protective DNS filtering for an organization’s traffic and to prevent misconfiguration that could block or expose network segments; the one-at-a-time IP requirement and role-based permissions enforce security and reduce bulk errors.
Summary
The video explains how to authorize sources to route traffic to a Protective DNS resolver, a required step before configuring internal destinations. Authorized sources are individual IP addresses (IPv4, IPv6, or SSE providers) grouped into logical "source sets" that reflect organizational structure, location, or device role; CIDR blocks and bulk imports are not permitted. Users need the Configuration Management role to add sources via My Organization → Authorized Sources → Add New Source, filling Type, Address, Source Set (or creating one), and Description, then saving; registration can take up to two minutes. CISA recommends separate source sets for guest networks and security appliances, and the UI shows errors for missing fields or permission issues.
Original Description
CISA’s Protective Domain Name System (#ProtectiveDNS) service delivers greater protection, increased visibility, and enhanced capabilities for federal civilian executive branch agencies and select critical infrastructure partners in our mission to reduce cyber risk.
Watch our newest Protective DNS authorized sources training video.
To learn more about Protective DNS, visit CISA.gov or contact protectivedns@cisa.dhs.gov.
0
Comments
Want to join the conversation?
Loading comments...