DNS-Proxy: OPcodes

DNS OPcodes (operation codes) are commands given to the DNS server that tell it to do some action, such as a query (Query), an inverse query (IQuery), or a server status request (STATUS). You can add, delete, or modify rules in the default ruleset. You can allow, deny, drop, or block specified DNS OPcodes.

  1. In the DNS-Proxy Proxy Action configuration, select the OPCodes tab.

Screen shot of the Proxy Action page for the DNS-Outgoing proxy action, OPCodes tab

DNS-Proxy Proxy Action OpCodes tab in Fireware Web UI

Screen shot of the DNS Proxy Action Configuration dialog box, OPCodes page

DNS-Proxy Proxy Action OpCodes tab in Policy Manager

  1. To enable a rule in the list, select the adjacent Enabled check box.
    To disable a rule, clear the Enabled check box.

If you use Active Directory and your Active Directory configuration requires dynamic updates, you must allow DNS OPcodes in your DNS-Incoming proxy action rules. This is a security risk, but can be necessary for Active Directory to operate correctly.

Add a New OPcodes Rule

  1. Click Add.
    The New OPCodes Rule dialog box appears.
  2. Type a name for the rule.
    Rule names can have no more than 200 characters.
  3. Click the arrows to set the OPCode value. DNS OPcodes have an integer value.

For more information on the integer values of DNS OPcodes, see RFC 1035.

Delete or Modify Rules

  1. Add, delete, or modify rules, as described in Add, Change, or Delete Rules.
  2. To change settings for one or more other categories in this proxy, go to the topic on the next category you want to modify.
  3. Save your settings.

If you modified a predefined proxy action, when you save the changes you are prompted to clone (copy) your settings to a new action.

For more information on predefined proxy actions, see About Proxy Actions.

See Also

About the DNS-Proxy