Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kaustubh
Explorer

Implied rule for DNS Accept domain name over UDP queries.

In my scenario we have enabled implied rule for DNS "Accept domain name over UDP queries." as before last in Global properties.

In logs i can see lot of company machines to external DNS servers (hitting on implied rule) my task is disable option "Accept domain name over UDP queries." from Global properties.

Question as :

1 I already have my internal DNS specified in explicit rule. but still few user machines hitting external DNS server hitting through implied rule. is there any specific reason of this behavior ?

2 In above scenario if i directly disable option "Accept domain name over UDP queries. as before last" will  it have any impact ?

 

0 Kudos
4 Replies
_Val_
Admin
Admin

1. Implied rule for DNS is looking as "ANY--ANY--domain-UDP--Accept", so if you choose "First" option for that, all DNS traffic will go through an implied rule.

2. If you choose "Before Last", make sure none on explicit rules drops DNS, just in case. In other words, check drop rules in the policy, to answer your question.

 

That said, it DNS through implied rules is not enable by default, as you may need to control this traffic properly, with tighter rules.

0 Kudos
kaustubh
Explorer

Hello Val,

Sorry for delay.

current implied rule for "queries over UDP" set as "Before Last".. but i have defined my internal DNS server as well in explicit rule.. but still i can see random ip's are trying to connect to external DNS servers..( my task is to disable option "queries over UDP".i have fear if i directly disable it then legitimate traffic may get break.

what could be the possible reason of that ? 

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

What are the random IPs and how is their DNS settings configured?

CCSM R77/R80/ELITE
0 Kudos
kaustubh
Explorer

I checked few windows machines/fw's & their DNS servers in N/W adaptor is my internal DNS server only.. but still logs showing these devices are trying to connect nearest ISP's DNS servers.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events