There are six default rulesets included
with the DNS-Incoming proxy action. These rulesets are shown in the Categories
list to the left of the DNS Proxy Configuration dialog box.
This ruleset includes the basic DNS protocol anomaly detection rules to deny malformed and non-standard DNS queries. We do not recommend that you change the default settings for these rules.
Use this ruleset to allow or deny specific DNS OPcodes (operation codes). OPcodes are commands sent to a DNS server, such as query, update, or status requests.
Use the Query Types ruleset to allow or deny DNS connections based on the type of DNS query being sent in the connection.
Use the Query Names ruleset to allow or deny DNS connections based on the fully qualified domain name being sent in the connection.
The Intrusion Prevention ruleset lets you turn on the Intrusion Prevention Service's monitoring of incoming DNS requests to look for signatures that match those in the IPS database (if you have purchased the optional Intrusion Prevention Service).
The Proxy Alarm ruleset lets you define the type of alarm that will be sent any time a notification is triggered by a DNS-Incoming ruleset.
Return to Top
Copyright © 1996 - 2005 WatchGuard Technologies, Inc. All rights reserved.