Video Screencast Help

How does Smart DNS work?

Created: 26 Apr 2012 • Updated: 27 Apr 2012 | 6 comments
This issue has been solved. See solution.

My SEP version is 12.1.

I have already enabled "Smart DNS" in built-in rules of firewall policy.

but sometimes i can still see in the logs the port of tcp/udp 53 was blocked by the firewall.

( i disabled the rule "allow all applications")

can someone tell me how does Smart DNS work? and need i create a rule to allow tcp/udp 53 even if  i enable "Smart DNS"? if i needn't, so shall i ignore the logs?

thanks a lot.

Comments 6 CommentsJump to latest comment

P_K_'s picture

A smart traffic filtering option that allows a Domain Name System (DNS) client to resolve a domain name from a DNS server while providing protection against DNS attacks from the network. This option blocks all Domain Name System (DNS) traffic except outgoing DNS requests and the corresponding reply. If a client computer sends a DNS request and another computer responds within five seconds, the communication is allowed. All other DNS packets are dropped. Smart DNS does not block any packets; blocking is done by the normal security rule set.

  Allows the outbound DNS requests to and corresponding inbound replies from assigned DNS servers only.

If a computer sends out a DNS request and the response comes back within five seconds, the communication is allowed. All other DNS packets are dropped.

If you disable this setting, you must create a firewall rule that allows UDP traffic for remote port 53 (domain) to use DNS.

This option is enabled by default.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

pete_4u2002's picture

did you check the firewall rule that is blocking the traffic. Basically if the SMART DNS is enabled then it will not affect if firewall is blocking the traffic.

Leo Young's picture

i did not creat a rule to block tcp/udp 53.  so SMART DNS can be fuctional. And actually,the clients have no problem to communicate with DNS server.

since SMART DNS is on, so that tcp/udp 53 traffic will no be blocked.

so i just confuse why i can still see the logs (block all other ip traffic) that some  tcp/udp 53 traffic was blocked

P_K_'s picture

The ip address of which the port is blocked is it correct DNS server?

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Leo Young's picture

Thanks again. you do a great help for me .