This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
itinfranetwork
Explorer
‎2025-07-09 05:04 AM
Jump to solution

AAAA (IPv6) DNS requests control

Hi,

Some devices on our network generate a lot of AAAA DNS requests, despite having their IPv6 stack disabled. This causes an unwanted extra load on our DNS servers, which we'd like to avoid.

Is there a way to specifically drop AAAA DNS queries with a CheckPoint R81.20 gateway ?

Thanks.

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2025-07-10 08:27 AM
Jump to solution

That would imply there's an explicit rule allowing traffic to the relevant DNS server in the first place.
Or you allow DNS traffic via Global Properties:

image.png

In R82, we provide dnsmasq, which might help with this situation.
Note that dnsmasq is also available in earlier releases, but it's not formally supported and must be activated manually.
As far as filtering specific types of DNS requests (i.e. specific lookups) outside of Threat Prevention capabilities, don't believe this is possible.

View solution in original post

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2025-07-10 08:27 AM
Jump to solution

That would imply there's an explicit rule allowing traffic to the relevant DNS server in the first place.
Or you allow DNS traffic via Global Properties:

image.png

In R82, we provide dnsmasq, which might help with this situation.
Note that dnsmasq is also available in earlier releases, but it's not formally supported and must be activated manually.
As far as filtering specific types of DNS requests (i.e. specific lookups) outside of Threat Prevention capabilities, don't believe this is possible.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events