Chapter 40 Reputation Filter
ZyWALL Series CLI Reference Guide
342
40.4 DNS Threat Filter Commands
The following table describes general DNS Threat Filter commands. You must use the configure
terminal
command to enter the configuration mode before you can use these commands.
Table 188 DNS Threat Filter Commands
COMMAND DESCRIPTION
[no] dns-filter black-list
activate
Enables or disables the DNS Threat Filter black list.
The Zyxel Device treats all FQDNs in the blacklist as malicious, and applies
DNS Threat Filter rules when they are queried.
dns-filter black-list FQDN
{activate|deactivate}
Activates or deactivates the specified Fully Qualified Domain Name
(FQDN) in the DNS Threat Filter black list.
If the FQDN is not already in the black list, the Zyxel Device adds it.
FQDN example: www.zyxel.com.tw
no dns-filter black-list
FQDN
Removes the specified Fully Qualified Domain Name (FQDN) from the DNS
Threat Filter black list.
dns-filter black-list
replace <1..256> FQDN
{activate|deactivate}
Replaces the Fully Qualified Domain Name (FQDN) of the specified entry
with a new one in the DNS Threat Filter black list.
[no] dns-filter drop-
malform-packet activate
Sets the Zyxel Device to drop a DNS query packet if the DNS query is invalid,
or if the device cannot read the packet.
A DNS query is invalid under any of the following conditions:
• The number of entries in the DNS header question count field is 0
• An error occurs while parsing the domain name in the question field
• The length of the domain name exceeds 255 characters
Use the [no] command to allow malformed DNS packets to pass through
the Zyxel Device.
[no] dns-filter drop-
malform-packet log
Have the Zyxel Device log a DNS query if the DNS query packet is not a
standard DNS query, or if the device cannot read the packet.
Use the [no] command to stop logging.
dns-filter profile
profilename
Enter subcommand mode and edit the specified DNS Threat Filter
configuration profile. If the profile does not currently exist, the Zyxel Device
creates it.
Note: Only certain Zyxel Device models and firmware versions
support multiple profiles in the Web Configurator. On Zyxel
Devices that do not support multiple profiles, edit the profile
named default_profile to change settings in the Web
Configurator UI.
action {pass|redirect} Choose what the Zyxel Device does when it detects a malicious DNS query
packet.
pass: Have the Zyxel Device allow the DNS query packet and not reply a
DNS reply packet with a fake IP for it.
redirect: Have the Zyxel Device reply with a DNS reply packet containing
a default or custom-defined IP address.
The default redirect IP is the IP address of the DNS Threat Filter server
(dnsft.cloud.zyxel.com).
[no] black-list activate Enables or disables the DNS Threat Filter black list for this profile.
To Next Page
Loading...
