FQDN object is broken, does not return IPs most of the times.
Ally Member
Objects→Address→FQDN is querying IN ANY instead of being more specific like A, AAAA, etc.
Many DNS providers do not respond to ANY queries, or only return a subset of records, because of their misuse in DNS amplification DDoS attacks, hence results are broken.
Example of truncated result:
Trying "dns.cloudflare.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52418
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;dns.cloudflare.com. IN ANY
;; ANSWER SECTION:
dns.cloudflare.com. 2019 IN HINFO "RFC8482" ""
Received 57 bytes from 127.0.0.1#53 in 0 ms
Due to truncated results, FQDN object type is not usable in Security Policy→Policy Control rules.
Please fix it.
Accepted Solution
-
Hi @bbp
We received the same request, and this will be enhanced in the future firmware release.
Zyxel Melen1
Zyxel Employee
All Replies
-
Hi @bbp
We received the same request, and this will be enhanced in the future firmware release.
Zyxel Melen1 -
That's good to hear, thank you Melen.
0
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 219 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 588 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 477 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 102 Security Highlight
