EasyManua.ls Logo

ZyXEL Communications USG FLEX H Series - 17.3 DNS Threat Filter Screen

ZyXEL Communications USG FLEX H Series
462 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 17 Reputation Filter
USG FLEX H Series User’s Guide
278
17.3 DNS Threat Filter Screen
A Domain Name System (DNS) server records mappings of FQDN (Fully Qualified Domain Names) to IP
addresses. A FQDN consists of a host and domain name. For example, www.zyxel.com is a fully qualified
domain name, where “www” is the host, “zyxel” is the second-level domain, and “com” is the top level
domain.
DNS threat filtering inspects DNS queries made by clients on your network and compares the queries
against a database of blocked or allowed Fully Qualified Domain Names (FQDNs).
If a user attempts to connect to a suspect site, where the DNS query packet contains an FQDN with a
bad reputation, then a DSN query is sent from the user’s computer and detected by the DNS Threat
Filter.
The Zyxel Device DNS Threat Filter will either drop the DNS query or reply to the user with a fake DNS
response using the default dnsft.cloud.zyxel.com IP address (where the user will see a “Web Page
Blocked!” page) or a custom IP address.
The following types of DNS queries are allowed by the Zyxel Device:
Type “A” for IPv4 addresses
The Zyxel Device replies with a DNS server error for the following types of DNS queries:
Type “NS” (Name Server) to get information about the authoritative name server
Type “MX” (Mail eXchange) to request information about the mail exchange server for a specific DNS
domain name.
Type “CNAME” (Canonical Names) that specifies a domain name that has to be queried in order to
resolve the original DNS query
Type “PTR” (Pointer) that specifies a reverse query (requesting the FQDN corresponding to the IP
address you provided)
Type “SOA” (Start Of zone Authority) used when transferring zones
The priority for DNS Threat Filter checking is as follows:
1 Allow List
2 Block List
3 Cloud Query Cache
Status The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is
inactive.
IPv4 Address This field displays the IPv4 address of this entry.
Apply Click Apply to save your changes back to the Zyxel Device.
Reset Click Reset to return the screen to its last-saved settings.
Table 139 Configuration > Security Service > Reputation Filter > IP Reputation > Block List (continued)
LABEL DESCRIPTION

Table of Contents

Related product manuals