DNS Filter for DDNS IP

mat17 · February 2023

Hello,

my desktop in a dedicated VLAN see some of its DNS requests flagged as Phishing when my desktop request the DDNS set on the Firewall.

The log traces are:

2023-03-01 09:34:43	info	DNS Filter	DDNS hostname:Phishing	desktop IP:37489	DNS Server IP:53	DNS BLOCK

The configuration is:

DDNS hostname set on the WAN1 interface, updated automatically.

Custom DNS servers as 1 and 2 in the “System > DNS > Domain Zone Forwarder” menu.

In the VLAN configuration,

first DNS server is ZyWALL
second and third DNS servers are the one defined in the previous menu

I'm not sure why my desktop requests my public IP, but I would say these requests are legitimated.

Is it normal they are blocked by the DNS Filter?

Kind regards

Zyxel_Stanley · March 2023

Hi @mat17

If you want to ensure which URL is defined as unsecured by the DNS thread filter, you can Go to Monitor > Security Statistics > DNS Thread Filter and enable the "Collect Statistics" function. The statistics will be recorded and displayed, including the URLs that have been marked as unsafe by the DNS thread filter.

If you confirmed URL is safety, you can add URL into allow list.

And you can submit a correction request to the database server to change the category of the URL.

Zyxel_Stanley · March 2023

Hi @mat17

If you want to ensure which URL is defined as unsecured by the DNS thread filter, you can Go to Monitor > Security Statistics > DNS Thread Filter and enable the "Collect Statistics" function. The statistics will be recorded and displayed, including the URLs that have been marked as unsafe by the DNS thread filter.

If you confirmed URL is safety, you can add URL into allow list.

And you can submit a correction request to the database server to change the category of the URL.

mat17 · March 2023

Thank you.

DNS Filter for DDNS IP

Accepted Solution

All Replies

Categories

Security Highlight

Security Help Center