DNS-Incoming Rulesets

There are six default rulesets included with the DNS-Incoming proxy action. These rulesets are shown in the Categories list to the left of the DNS Proxy Configuration dialog box.

General
    This ruleset includes the basic DNS protocol anomaly detection rules to deny malformed and non-standard DNS queries. We do not recommend that you change the default settings for these rules.

OpCodes
    Use this ruleset to allow or deny specific DNS OPcodes (operation codes). OPcodes are commands sent to a DNS server, such as query, update, or status requests.

Query Types
    Use the Query Types ruleset to allow or deny DNS connections based on the type of DNS query being sent in the connection.

Query Name
    Use the Query Names ruleset to allow or deny DNS connections based on the fully qualified domain name being sent in the connection.

Intrusion Prevention
    The Intrusion Prevention ruleset lets you turn on the Intrusion Prevention Service's monitoring of incoming DNS requests to look for signatures that match those in the IPS database (if you have purchased the optional Intrusion Prevention Service).

Proxy Alarm
    The Proxy Alarm ruleset lets you define the type of alarm that will be sent any time a notification is triggered by a DNS-Incoming ruleset.

 

Return to Top

Copyright 1996 - 2005 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use