• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Network
  • DNS Introduction
• Configuring DNS Settings
  • Configuring DNS for IPv4
    • Specifying which DNS Servers are Used
    • Enabling Proxy of Split DNS Servers
    • DNS Rebinding Attack Prevention
    • DNS Rebinding and Cache Lookup
  • Configuring DNS for IPv6
    • Specifying which DNS Servers are Used
    • Enabling DNS Host Name Lookup over TCP for FQDN
  • Configuring Domain-Specific DNS Servers for Split DNS
    • About Split DNS
      • About Per-Partition DNS Servers and Split DNS
    • Adding a Split DNS Server
    • Editing Split DNS Entries
    • Deleting Split DNS Entries
• Configuring Dynamic DNS
  • About Dynamic DNS
    • Supported DDNS Providers
  • Dynamic DNS Profiles
    • Configuring Dynamic DNS Profiles
    • Editing Dynamic DNS Profiles
    • Deleting Dynamic DNS Profiles
• Configuring DNS Proxy Settings
  • About DNS Proxy
    • Supported Interfaces
    • DNS Server Liveness Detection and Failover
    • DNS Cache
    • High Availability Stateful Synchronization of DNS Cache
    • DHCP Server
  • Enabling Log Settings
  • Monitoring Packets
  • Configuring DNS Proxy Settings
    • Configuring DNS Proxy Settings
    • Deleting Static DNS Cache Entries
    • Viewing DNS Proxy Cache Objects
    • Flushing Dynamic DNS Cache Entries
• SonicWall Support
  • About This Document

DNS Rebinding and Cache Lookup

This section provides settings related to the prevention of DNS rebinding attacks using FQDN address objects.

DNS Binding For FQDN

To enable DNS binding for FQDN

1. Navigate to NETWORK | DNS > Settings.
2. Scroll to the DNS Rebinding and Cache Lookup section.
3. Under the DNS Binding for FQDN heading, select FQDN Object Only Cache DNS Reply from Sanctioned Server. This option is not selected by default.
4. Click Accept.

Enabling DNS Host Name Lookup over TCP for FQDN

By default, DNS queries are sent over UDP. The DNS response can include a Truncated flag if the response length exceeds the maximum allowed by UDP.

When the Enable DNS host name lookup over TCP for FQDN option is:

• Enabled and the Truncated flag is set in the DNS response, SonicOS sends an additional DNS query over TCP to determine the full DNS response for multiple IP addresses.
• Disabled, DNS queries are sent over UDP, and SonicOS only processes the IP addresses in the DNS response packet, although the Truncated flag is set in the response.

The DNS query times out after one second if no DNS response over TCP is received from the DNS server.

This option is used to gain more IP addresses when sending DNS queries from FQDN over TCP while the Security Appliance receives DNS responses over UDP.

To enable DNS host name lookup over TCP for FQDN

1. Navigate to Network | DNS > Settings.
2. Under the DNS host name lookup over TCP for FQDN heading, select Enable DNS host name lookup over TCP for FQDN. This option is not selected by default.
3. Click Accept.

DNS Cache Lookup

With the DNS Cache Lookup feature, you can view the cached names and IP addresses from DNS resolution. To show the contents of the general DNS cache, click Lookup DNS Cache. A pop-up displays the cache contents.

What	DNS Server name: Forward DNS cache, the host name. Reverse DNS cache, a string representation of the IP address.
DNS Name	Domain name, such as www.SonicWall.com, or IP address.
IP Address	Resolved IP address.
TTL (secs)	Time to Live; the TTL value from the DNS response.
flush	Clicking this flushes the server’s DNS cache entry
flush all	Clicking this flushes all DNS cache entry of all listed servers