DNS OPcodes (operation codes) are commands given to the DNS server that tell it to do some action, such as a query (Query), an inverse query (IQuery), or a server status request (STATUS). They opSerate on items such as registers, values in memory, values stored on the stack, I/O ports, and the bus. You can add, delete, or modify rules in the default ruleset. You can allow, deny, drop, or block specified DNS OPcodes.
- In the DNS-Proxy Proxy Action configuration, select the OPCodes tab.
DNS-Proxy Proxy Action OpCodes tab in Fireware Web UI
DNS-Proxy Proxy Action OpCodes tab in Policy Manager
- To enable a rule in the list, select the adjacent Enabled check box.
To disable a rule, clear the Enabled check box.
If you use Active Directory and your Active Directory configuration requires dynamic updates, you must allow DNS OPcodes in your DNS-Incoming proxy action rules. This is a security risk, but can be necessary for Active Directory to operate correctly.
Add a New OPcodes Rule
- Click Add.
The New OPCodes Rule dialog box appears.
- Type a name for the rule.
Rule names can have no more than 200 characters.
- Click the arrows to set the OPCode value. DNS OPcodes have an integer value.
For more information on the integer values of DNS OPcodes, see RFC 1035.
Delete or Modify Rules
- Add, delete, or modify rules, as described in Add, Change, or Delete Rules.
- To change settings for one or more other categories in this proxy, go to the topic on the next category you want to modify.
- Save your settings.
If you modified a predefined proxy action, when you save the changes you are prompted to clone (copy) your settings to a new action.
For more information on predefined proxy actions, see About Proxy Actions.