About the DNS-Proxy

The Domain Name System (DNS) is a network system of servers that translates numeric IP addresses into readable, hierarchical Internet addresses, and vice versa. DNS enables your computer network to understand, for example, that you want to reach the server at 200.253.208.100 when you type a domain name into your browser, such as www.example.com. With the Firebox, you have two methods to control DNS traffic: the DNS packet filter and the DNS-proxy policy. The DNS-proxy is useful only if DNS requests are routed through your Firebox .

When you create a new configuration file, the file automatically includes an Outgoing packet filter policy that allows all TCP and UDP connections from your trusted and optional networks to external. This allows your users to connect to an external DNS server with the standard TCP 53 and UDP 53 ports. Because Outgoing is a packet filter, it is unable to protect against common UDP outgoing trojans, DNS exploits, and other problems that occur when you open all outgoing UDP traffic from your trusted networks. The DNS-proxy has features to protect your network from these threats. If you use external DNS servers for your network, the DNS-Outgoing ruleset offers additional ways to control the services available to your network community.

To add the DNS-proxy to your Firebox configuration, go to Add a Proxy Policy to Your Configuration.

Which Proxy Action to Use

When you configure a Proxy policy, you must select a Proxy Action appropriate to the policy. For a policy which allows connections from your internal clients to the internet, use the Outgoing proxy action. For a policy which allows connections to your internal servers from the internet, use the Incoming proxy action.

The default predefined proxy actions have "Standard" appended to the proxy action name. These settings are updated from previous defaults to reflect the latest Internet network traffic trends.

Configure DNS-Proxy

Related Topics

About Proxy Policies and ALGs