Chapter 40 Reputation Filter
ZyWALL Series CLI Reference Guide
345
40.5 Blocking Secure DNS Query Packets Command
Examples
You want to:
• Make sure users in your Zyxel Device network cannot access malicious sites through DNS query
packets that the Zyxel Device cannot inspect, such as an HTTPS site.
DNS over HTTPS/TLS packets are DNS query packets encrypted by HyperText Transfer Protocol Secure
(HTTPS) or Transport Layer Security (TLS). When a client accesses an HTTPS site, the client is sending out
an encrypted DNS query packet that the Zyxel Device cannot inspect.
• Have the Zyxel Device generate logs when users try to access suspect sites through encrypted DNS
packets.
When a user sends out encrypted DNS over HTTPS or DNS over TLS query packets, the Zyxel Device will
check the DNS over HTTPS or DNS over TLS server IP address to which the query packets are sent. If the
DNS over HTTPS or DNS over TLS server IP address is in the Zyxel Device database, the Zyxel Device will
block these packets. If not, the Zyxel Device will not block these packets.
The DNS threat filter general settings use the parameters in the table below. General settings are for all
traffic in the Zyxel Device network.
1 Configure the DNS threat filter general settings.
show utm-manager {doh |dot}
defaultport
Displays the port through which the encrypted DNS query packets are sent.
show secure-dns search
{FQDN|IP Address}
Enters an IP address or FQDN to check if the associated DoH or DoT server is
included in the Zyxel Device database.
Table 188 DNS Threat Filter Commands (continued)
COMMAND DESCRIPTION
Table 189 DNS Threat General Settings Example
ACTION WHEN DETECTING DNS OVER HTTPS/TLS PACKETS
drop/log
Router# configure terminal
Router(config)#
Router(config)# dns-filter secure-dns action drop
Router(config)# dns-filter secure-dns log
To Next Page
Loading...
