This section describes the verification and check operations after the DNS filtering feature is configured.
After configuring the DNS filtering feature, you can do as follows to check the configuration result:
Operation |
Command |
|---|---|
Display the information about DNS filtering profiles. |
display profile type dns-filter name name |
Display the user-defined DNS category list. |
display dns-filter category user-defined [ name name ] |
Display the predefined DNS category list. |
display url-filter category pre-defined [ category-id category-id | subcategory-id subcategory-id | url url-text | host host-text ] NOTE:
Predefined DNS categories and predefined URL categories are the same. Therefore, you can use this command to display information about the predefined DNS category list. |
Display information about all predefined DNS categories of a specific control level. |
display url-filter category pre-defined control-level [ high | low | medium ] NOTE:
Predefined DNS categories and predefined URL categories are the same. Therefore, you can use this command to display information about all predefined DNS categories of a specific control level. |
After configuring the DNS filtering feature, you can do as follows to view or clear statistics:
Action |
Command |
|---|---|
Display the statistics on DNS filtering. |
display dns-filter statistics [ slot slot-id cpu cpu-id ] |
Clear the statistics on DNS filtering. |
reset dns-filter statistics { blacklist | whitelist | category [ user-defined | pre-defined ] | redirect | safe-search | all } |
After referencing the DNS filtering profile in the security policy, the FW checks the data of traffic matching the security policy. When the domain name in a DNS request matches the whitelist/blacklist/category whose action is alert or block in the DNS filtering profile or a DNS request is processed by safe search, a DNS filtering log will be generated.
An example of a DNS filtering log is as follows:
DNSF/4/FILTER(l):The DNS filtering policy was matched. (SyslogId=4, VSys="public", Policy="1", S rcIp=10.1.1.1, DstIp=10.1.2.1, SrcPort=56157, DstPort=53, SrcZone=trust, DstZone=trust, User="unknown", Protocol=UDP, Application="DNS", Profile="a", Type=Timeout or default action, EventNum=1, Category="none", SubCategory="none", DirectIP="none", Host="www.test.com", Item="none", Action=Alert)
The following table lists the fields in a DNS filtering log.
Field |
Description |
|---|---|
syslog-id |
Log ID |
vsys-name |
Virtual system name |
policy-name |
Security policy name |
source-ip-address |
Source IP address of a packet |
destination-ip-address |
Destination IP address of a packet |
source-port |
Source port of a packet |
destination-port |
Destination port of a packet |
source-zone |
Source security zone of a packet |
destination-zone |
Destination security zone of a packet |
user-name |
User name |
protocol |
Protocol name |
application-name |
Application name |
profile-name |
Profile name |
type |
Type of the matched rule defined in the DNS filtering profile, which can be:
|
event-number |
Number of merged events. |
category |
Matched predefined DNS category |
sub-category |
Matched predefined DNS sub-category |
DirectIP |
IP address to which a blocked DNS request packet is redirected |
host |
Name of the target host |
item |
Matched user-defined rule |
action |
Action defined in the DNS filtering profile, which can be:
|