ZyXEL Communications USG FLEX H Series User Manual page 245

then the Zyxel Device replies to the DNS query with a IP address that points to the block page. Unlike the
HTTP(S) Traffic Scan, the DNS Domain Scan works if the user is using TLS 1.3 with ESNI.
DNS Domain Scan Process
A user enters a URL into their web browser.
1
The user's computer sends a DNS query for the URL.
2
The DNS Domain Scan inspects the website in the DNS query packet.
3
If the website contains prohibited material, the DNS reply is redirected to a block page.Finding Out More
See Section 16.7 on page 266
4
External Content Filtering Service
When you register for and enable the external Content Filtering service, your Zyxel Device accesses an
external database that has millions of web sites categorized based on content. You can have the Zyxel
Device block, block and/or log access to web sites based on these categories.
External Content Filter Server Lookup Procedure
The content filter lookup process is described below.
Figure 164 Content Filter Lookup Procedure
A computer behind the Zyxel Device tries to access a web site.
1
The Zyxel Device looks up the web site in its cache. If an attempt to access the web site was made in the
2
past, a record of that web site's category will be in the Zyxel Device's cache. The Zyxel Device blocks,
blocks and logs or just logs the request based on your configuration.
If the Zyxel Device has no record of the web site, it queries the external content filter database.
3
Chapter 16 Content Filtering
for content filtering background/technical information.
USG FLEX H Series User's Guide
245