https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136555#M24415 <P>1. Implied rule for DNS is looking as "ANY--ANY--domain-UDP--Accept", so if you choose "First" option for that, all DNS traffic will go through an implied rule.</P> <P>2. If you choose "Before Last", make sure none on explicit rules drops DNS, just in case. In other words, check drop rules in the policy, to answer your question.</P> <P>&nbsp;</P> <P>That said, it DNS through implied rules is not enable by default, as you may need to control this traffic properly, with tighter rules.</P> Thu, 16 Dec 2021 14:58:33 GMT _Val_ 2021-12-16T14:58:33Z https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136548#M24414 <P>In my scenario we have enabled implied rule for DNS "Accept domain name over UDP queries." as before last in Global properties.</P><P>In logs i can see lot of company machines to external DNS servers (hitting on implied rule) my task is disable option "Accept domain name over UDP queries." from&nbsp;Global properties.</P><P>Question as :</P><P>1 I already have my internal DNS specified in explicit rule. but still few user machines hitting external DNS server hitting through implied rule. is there any specific reason of this behavior ?</P><P>2 In above scenario if i directly disable option "Accept domain name over UDP queries. as before last" will&nbsp; it have any impact ?</P><P>&nbsp;</P> Thu, 16 Dec 2021 14:30:55 GMT https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136548#M24414 kaustubh 2021-12-16T14:30:55Z https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136555#M24415 <P>1. Implied rule for DNS is looking as "ANY--ANY--domain-UDP--Accept", so if you choose "First" option for that, all DNS traffic will go through an implied rule.</P> <P>2. If you choose "Before Last", make sure none on explicit rules drops DNS, just in case. In other words, check drop rules in the policy, to answer your question.</P> <P>&nbsp;</P> <P>That said, it DNS through implied rules is not enable by default, as you may need to control this traffic properly, with tighter rules.</P> Thu, 16 Dec 2021 14:58:33 GMT https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136555#M24415 _Val_ 2021-12-16T14:58:33Z https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136970#M24459 <P>Hello Val,</P><P>Sorry for delay.</P><P>current implied rule for "queries over UDP" set as "<SPAN>Before Last".. but i have defined my internal DNS server as well in explicit rule.. but still i can see random ip's are trying to connect to external DNS servers..( my task is to disable option "queries over UDP".i have fear if i directly disable it then legitimate traffic may get break.</SPAN></P><P><SPAN>what could be the possible reason of that ?&nbsp;</SPAN></P><P>&nbsp;</P> Wed, 22 Dec 2021 10:33:20 GMT https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136970#M24459 kaustubh 2021-12-22T10:33:20Z https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136971#M24460 <P>What are the random IPs and how is their DNS settings configured?</P> Wed, 22 Dec 2021 10:39:20 GMT https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136971#M24460 Chris_Atkinson 2021-12-22T10:39:20Z https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136972#M24461 <P>I checked few windows machines/fw's &amp; their DNS servers in N/W adaptor is my internal DNS server only.. but still logs showing these devices are trying to connect nearest ISP's DNS servers.</P> Wed, 22 Dec 2021 10:42:32 GMT https://community.checkpoint.com/t5/General-Topics/Implied-rule-for-DNS-Accept-domain-name-over-UDP-queries/m-p/136972#M24461 kaustubh 2021-12-22T10:42:32Z