Why do I have to block incoming DNS from WAN

Fender
Fender Posts: 24  Freshman Member
First Comment Friend Collector Seventh Anniversary
edited April 2021 in Security
I never had to make a rule for incoming DNS request from WAN_to_Zywall, because it is blocked by default. Now I have a Zywall 110 where I did have to make such a rule! If I check the policy Control rules there is nowhere another rule such as WAN_to_Zywall that allows DNS in anyway. The only rule that allows WAN_to_Zywall is my own Fixed IP addresses from office. Are there any hidden rules in Zywall where there still could be an opening? 

Comments

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Blocked by default here on my Zywall 110
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    25 Answers First Comment Friend Collector

    Hi @Fender,

    By default Zyxel device blocks DNS request that comes from WAN interface for security purposes.

     

    If you want to allow DNS request to Zyxel firewall there are two options we can allow that;

    1- Configuration > Security Policy > Policy Control



    2- Configuration > Object > Service > Service Group > Default_Allow_WAN_To_ZyWALL



    Best regards.
  • Fender
    Fender Posts: 24  Freshman Member
    First Comment Friend Collector Seventh Anniversary
    Hi Zyxel_Can, thanks, I willl check it again. 

Security Highlight