Step-by-Step: Guardian DNS Setup Guide

This guide walks you through setting up CyberTrap Guardian DNS to protect your network at the DNS layer. It covers everything from registering your office IP address in the Guardian DNS portal, to configuring your company DNS server with CyberTrap’s secure forwarders. Once complete, all devices receiving DNS from your server or VPN will be automatically shielded against phishing, malware, and other malicious domains.

Steps

1. Make sure your office internet connection has a static public IP address.
2. Log in to the CyberTrap Guardian DNS Self-Service Portal with your credentials.
3. Click + New → Device → Create → Network → Next.
4. Enter a location name and select a protection profile (the default profile is available).
5. Save the entry.
6. In the company location menu, select Change IP address and enter your fixed IPv4 or IPv6.
7. Click Save to register the IP address.
8. Log in to your company’s main DNS server.
9. Open the DNS forwarding settings.
   • Windows Server: DNS Manager → right-click server → Properties → Forwarders tab.
   • Linux BIND: edit /etc/bind/named.conf.options.
   • Linux Unbound: edit /etc/unbound/unbound.conf.
10. Enter the Guardian DNS servers as forwarders:
    • Primary: 18.192.180.151
    • Secondary: 3.76.239.245
    • Tertiary: 35.156.99.37
11. Save the configuration and restart the DNS service (or restart the router/firewall if required).
12. Ensure the DHCP server distributes the address of your main DNS server to all clients.
13. On a client machine, test the setup:
    • nslookup google.com → resolves normally.
    • nslookup phishing.badinternetdomain.com → blocked with a Guardian DNS warning page.
14. All devices that receive DNS from your DHCP or VPN server are now automatically protected by CyberTrap Guardian DNS.