You may have heard about DNS flag day (2019 | DNS flag day ) and are now asking yourself how will this impact your environment. A number of DNS providers "have agreed to coordinate removing accommodations for non-compliant DNS implementations from their software or services, on or around February 1st 2019. This change will affect only sites operating non-compliant software." This primarily impacts authoritative DNS servers. As a result of these changes, you may see your Check Point gateway running IPS drop certain traffic due to Non Compliant DNS.
Gateways running R77.30 JHF 345 and above (including R80.10 and R80.20) are not impacted. If you're running a lower version and cannot upgrade then you will need to set the IPS protection "Non Compliant DNS" to detect. For further information, please see sk112578 or reach out to your local SE.