Chapter 43 System
ZyWALL/USG Series User’s Guide
838
The following table describes the labels in this screen.
43.6.14 Adding a DNS Service Control Rule
Click the Add icon in the Service Control table to add a service control rule.
Figure 581 Configuration > System > DNS > Service Control Rule Add
The following table describes the labels in this screen.
Table 354 Configuration > System > DNS > Security Option Control Edit (Customize)
LABEL DESCRIPTION
Name You may change the name for the customized security option control policy. The
customized security option control policy is checked first and if an address object match is
not found, the Default control policy is checked
Query Recursion Choose if the ZyWALL/USG is allowed or denied to forward DNS client requests to DNS
servers for resolution. This can apply to specific open DNS servers using the address
objects in a customized rule.
Additional Info
from Cache
Choose if the ZyWALL/USG is allowed or denied to cache Resource Records (RR) obtained
from previous DNS queries.
Address List Specifiying address objects is not available in the default policy as all addresses are
included.
Available This box displays address objects created in Object > Address. Select one (or more),
and click the > arrow to have it (them) join the Member list of address objects that will
apply to this rule. For example, you could specifiy an open DNS server suspect of sending
compromised resource records by adding an address object for that server to the
member list.
Member This box displays address objects that will apply to this rule.
OK Click OK to save your customized settings and exit this screen.
Cancel Click Cancel to exit this screen without saving
Table 355 Configuration > System > DNS > Service Control Rule Add
LABEL DESCRIPTION
Create new
Object
Use this to configure any new settings objects that you need to use in this screen.
Address Object Select ALL to allow or deny any computer to send DNS queries to the ZyWALL/USG.
Select a predefined address object to just allow or deny the computer with the IP address
that you specified to send DNS queries to the ZyWALL/USG.
Zone Select ALL to allow or prevent DNS queries through any zones.
Select a predefined zone on which a DNS query to the ZyWALL/USG is allowed or denied.
To Next Page
Loading...
