Hi,

I am looking for some advise.

In my firewall (2860 & 2862 running latest firmware) I have set all WAN-> LAN traffic on port 53 to BLOCK to prevent any DNS traffic entering my network (I do not run any DNS servers internally).

However, in Syslog I see the following message [Pass][Unknown DNS query type][Hostname=]

What setting have I got wrong in my firewall?

Thank in advance
Iain

Have you set the rule to be both TCP and UDP?

Yes

My equivalent rule uses a 'Service Object' (though that in itself shouldn't make a difference).

The Object is defined:

Code:

Name DNS Protocol TCP/UDP Source Port = 1 ~ 65535 Destination Port = 53 ~ 53

If that helps..

I just had a thought...

Could this be outbound DNS?

i.e. Are you using the 2860/2862 as a caching DNS server for the LAN?

OK, I have set up a "Service Object" and lets see if it makes a difference.

Now I had't considered an outbound DNS, let alone the routers operating as a caching server, I have not set this up so may be a defasult. Do you know how to check?

Iain