Following this thread, what is the best practice in checkpoint security policies allow the DNS service but securing that service.
We have an autorize server that it should be connect with the others DNS servers (cloudfare DNS, cisco DNS, google DNS, etc), so what can be done?
Are there a configuration more specific for that service that a simple rules as below ?
5 - deny countries (a few countries)
10 - allow our public IP DNS server -> any DNS service
15 - allow any -> our public IP DNS server DNS service