Configuring DNS

Domain Name System (DNS) is the Internet standard for locating domain names and translating them into IP addresses. By default, the SonicWALL appliance inherits its DNS settings from the WAN Zone.

To configure DNS, complete the following steps:

NOTE: Network > DNS is only available in appliances running SonicOS Enhanced.

1	Expand the Network tree and click DNS. The DNS page displays.

 

2	Select the View IP Version:

•	To view the IPv4 DNS settings, click IPv4.

•	To view the IPv6 DNS settings, click IPv6.

3	Select from the following:

•	To specific IP addresses manually, select Specify DNS Servers Manually and enter the IP addresses of the servers.

•	To inherit the DNS settings from the WAN Zone configuration, select Inherit DNS Settings Dynamically from WAN Zone.

4	When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

DNS Rebinding Attack Prevention

DNS rebinding is a DNS-based attack on code embedded in web pages. Normally requests from code embedded in web pages (JavaScript, Java and Flash) are bound to the web-site they are originating from.DNS rebinding attackers register a domain which is delegated to a DNS server they control. The domains exploit very short TTL parameters to scan the attacked network and do other malicious activities.

To configure DNS, complete the following steps:

1	Select Enable DNS Rebinding Attack Prevention.

2	From the Action pull-down menu, select an action to do when a DNS rebinding attack is detected:

•	Log Attack

•	Log Attack & Return a Query Refused Reply

•	Log Attack & Drop DNS Reply

3	(Optional) For the Allowed Domains pull-down menu, select an FQDN Address Object/Group containing allowed domain-names (for example, *.sonicwall.com) for which locally connected/routed subnets should be considered legal responses.