Is the limit of Adress/PRT Records of the DNS Configuration really 64 entries?

Brimerland
Brimerland Posts: 2  Freshman Member
First Comment
edited April 2021 in Security
Hi,

we changed to the ZyWall 110 VPN Firewall recently.
But now I am running into problems since I can not configure more than 64 DNS entries in the device.

The table found here
Configuration -> System -> DNS -> Address/PRT Record
opens a message box saying 'Items have reached the maximum number' when I try to add the 65th entry.

First I thought 'Maybe it's just the javascript client...' and added a 65th entry in the configuration file and uploaded it but this caused the device to reject the configuration completely a booted into a factory reset.

So ... is a device supporting 2 lans, 2 wans and a dmz supposed to have only 64 entries or can you raise the count in a future firmware update?

Best Regards

Best Answers

  • Brimerland
    Brimerland Posts: 2  Freshman Member
    First Comment
    Answer ✓
    Thanks for clarifying.

All Replies

  • Brimerland
    Brimerland Posts: 2  Freshman Member
    First Comment
    Answer ✓
    Thanks for clarifying.
  • johnson_charles
    johnson_charles Posts: 1  Freshman Member
    First Comment
    I cannot imagine why Zyxel would wish to be considered a major player, where it limits the number of Items that can be configured to some arbitrarily small number, like 100.  Clearly, this is done to maintain your "performance" record.  But without enabling a larger number of items, you severely limit the ability of network admins to finely tune their routers/switches.

    For instance, at my company, our routers are constantly challenged by large numbers of hackers from disparate subnets around the world.  We have the practice of excluding these subnets at the firewall.  But we don't wish to exclude the entire internet, so we do this selectively. Limiting our ability to create Items increases the difficulty of fine-tuning our approach, leaving us to deal in a "ham-handed" manner with excluding such hackers and the irresponsible networks/ISPs on which they rely.

    It should be a simple matter from a programming standpoint to update the firmware to permit as many as 32,767 entries on the list (presuming that your list is limited by the type length of its index).  Please do so !
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @ johnson_charles 
    Thanks for the suggestion. It’s kind of tradeoff considering to the affordability of the hardware capability. 

Security Highlight