Adding A Dns Service Control Rule - ZyXEL Communications ZyWall USG20-VPN User Manual

Figure 377 Configuration > System > DNS > Security Option Control Edit (Customize)
The following table describes the labels in this screen.
Table 239 Configuration > System > DNS > Security Option Control Edit (Customize)
LABEL
Name
Query Recursion
Additional Info
from Cache
Address List
Available
Member
OK
Cancel

30.6.14 Adding a DNS Service Control Rule

Click the Add icon in the Service Control table to add a service control rule.
Chapter 30 System
DESCRIPTION
You may change the name for the customized security option control policy. The
customized security option control policy is checked first and if an address object match is
not found, the Default control policy is checked
Choose if the USG is allowed or denied to forward DNS client requests to DNS servers for
resolution. This can apply to specific open DNS servers using the address objects in a
customized rule.
Choose if the USG is allowed or denied to cache Resource Records (RR) obtained from
previous DNS queries.
Specifiying address objects is not available in the default policy as all addresses are
included.
This box displays address objects created in Object > Address. Select one (or more),
and click the > arrow to have it (them) join the Member list of address objects that will
apply to this rule. For example, you could specifiy an open DNS server suspect of sending
compromised resource records by adding an address object for that server to the
member list.
This box displays address objects that will apply to this rule.
Click OK to save your customized settings and exit this screen.
Click Cancel to exit this screen without saving
USG20(W)-VPN Series User's Guide
553