This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
S_E_
Advisor
‎2024-05-07 05:33 AM

FQDN - how does it work under the hood?


hi,
I was asked today how FQDN objects work, especially when the client resolved the URL already in the LAN.


1. Assuming NON-FQDN mode
e.g.
- client resolves apps.apple.com from internal DNS server to IP address 95.1.1.1
- client forwards request to default router and then via firewall to internet
- The firewall has an NON-FQDN object apple.com which allows the traffic.
However, the firewall see the IP address and not the URL, correct?
Does the firewall always do a reverse DNS lookup to see if the destination IP is part of any FQDN object?
Default TTL = 60 seconds


The FQDN-A-Deeper-Dive-Customer.pdf did refer to older version.
https://community.checkpoint.com/t5/Management/Domain-Objects-FQDN-An-Unofficial-ATRG/m-p/40789/thre...


2. Assuming FQDN mode and destination www.apple.com
Default TTL = 3600 seconds
Does the firewall always do a reverse DNS lookup to see if the destination IP is part of any FQDN object?
Same question

 

Any idea?

Thanks; Regards

0 Kudos
(1)
Who rated this post