D-Link NetDefendOS User Manual page 151

An FQDN Address object has the following properties:
• Name - The logical name of the object. This is specified by the administrator.
• Address - The FQDN of the object. This is specified by the administrator.
• Active Address - If the FQDN has been resolved then this will be the FQDN's IP address.
Otherwise, this property has no value assigned to. This property can only be set by
NetDefendOS.
Only Certain NetDefendOS Objects Can Use FQDN Address Objects
Currently, only IP Policy objects or Mail Altering objects can contain a reference to an FQDN
Address object.
For an IP Address object, either the Source Network property or the Destination Network property
can refer to an FQDN Address object. FQDN Address objects cannot be used with IP Rule objects.
FQDN Resolution Requires a Configured DNS Server
For FQDN Address objects to function correctly, at least one external DNS server must be
configured in NetDefendOS by creating at least one DNS Server object in the NetDefendOS
configuration. For a description of configuring DNS servers in NetDefendOS, see Section 3.10,
"DNS"
The DNS Lookup Should Be Consistent
The administrator should ensure that the DNS lookup used for FQDN Address objects referenced
by IP Policy objects returns the same results as the DNS lookup used by hosts that are affected by
those policies. The best way to do this is to ensure that NetDefendOS is using the same DNS
server as the hosts it is protecting.
FQDN Address Object Usage Triggers FQDN Resolution
NetDefendOS will try to perform the DNS resolution only when a new configuration is deployed
and that configuration makes use of an FQDN Address object. In other words, an FQDN Address
object might already be in the current NetDefendOS configuration but the DNS lookup will only
be performed when the configuration is changed so that the address object is referred to by, for
example, an IP Policy object.
If no DNS server is configured, NetDefendOS will generate an error when attempting to deploy a
configuration that makes use of an FQDN Address object in, for example, an IP Policy object.
FQDN Address Objects Can Store Multiple IPs
Depending on the FQDN, the DNS lookup can return both IPv4 and IPv6 addresses and there can
be multiple IPs of each type. NetDefendOS can store up to 128 IPv4 addresses and/or 128 IPv6
addresses for each FQDN Address object. Any IP address sent by the DNS server in excess of the
128 limit for either type will be dropped.
FQDN Address Caching
NetDefendOS uses an internal FQDN Address Cache to ensure that the same FQDN Address object
does not need to be resolved every time it is referenced. The current cache contents can be
examined using the following CLI command:
151
Chapter 3: Fundamentals