DNS Filter for DDNS IP

mat17
mat17 Posts: 45  Freshman Member
First Anniversary 10 Comments Friend Collector

Hello,

my desktop in a dedicated VLAN see some of its DNS requests flagged as Phishing when my desktop request the DDNS set on the Firewall.

The log traces are:

2023-03-01 09:34:43

info

DNS Filter

DDNS hostname:Phishing

desktop IP:37489

DNS Server IP:53

DNS BLOCK

The configuration is:

DDNS hostname set on the WAN1 interface, updated automatically.

Custom DNS servers as 1 and 2 in the “System > DNS > Domain Zone Forwarder” menu.

In the VLAN configuration,

  • first DNS server is ZyWALL
  • second and third DNS servers are the one defined in the previous menu

I'm not sure why my desktop requests my public IP, but I would say these requests are legitimated.

Is it normal they are blocked by the DNS Filter?

Kind regards

Accepted Solution

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2023 Answer ✓

    Hi @mat17

    If you want to ensure which URL is defined as unsecured by the DNS thread filter, you can Go to Monitor > Security Statistics > DNS Thread Filter and enable the "Collect Statistics" function. The statistics will be recorded and displayed, including the URLs that have been marked as unsafe by the DNS thread filter.

    If you confirmed URL is safety, you can add URL into allow list.

    And you can submit a correction request to the database server to change the category of the URL.

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2023 Answer ✓

    Hi @mat17

    If you want to ensure which URL is defined as unsecured by the DNS thread filter, you can Go to Monitor > Security Statistics > DNS Thread Filter and enable the "Collect Statistics" function. The statistics will be recorded and displayed, including the URLs that have been marked as unsafe by the DNS thread filter.

    If you confirmed URL is safety, you can add URL into allow list.

    And you can submit a correction request to the database server to change the category of the URL.

  • mat17
    mat17 Posts: 45  Freshman Member
    First Anniversary 10 Comments Friend Collector

    Thank you.

Security Highlight