BugZero | WatchGuard Technologies BugID FBX-27254 - DNS Resource Record type 65 (HTTPS) deny log mess...

WatchGuard Technologies - Defect ID: FBX-27254

DNS Resource Record type 65 (HTTPS) deny log messages

WatchGuard Technologies - Defect ID: FBX-27254

DNS Resource Record type 65 (HTTPS) deny log messages

Last updated on May 9th, 2024

BugZero Risk Score
0.0 Coming soon

Overall: N/A

Severity: N/A

Community: N/A

Lifecycle: N/A

What is the BugZero Risk Score?

WatchGuard Technologies Integration

Learn more about where this data comes from

WatchGuard Technologies Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 2

Description

Issue

DNS Resource Record type 65 (HTTPS) is a recent resource record type defined in RFC 9460 . An HTTPS resource record can include additional information that a traditional A or AAAA record lookup does not include. These web browsers support HTTPS resource record lookups: Safari for macOS and iOS Mozilla Firefox for macOS and iOS The default DNS-proxy of the Firebox blocks all outgoing HTTPS resource record types with this log message: DNS query type match . The record type will be listed as query_type="Type-65" . Example: 2024-01-01 13:18:33 Deny 203.0.113.1 8.8.8.8 dns/udp 53917 53 Trusted 64-External ProxyDeny: DNS query type match (DNS-proxy-00) DNS-Outgoing.2 proc_id="dns-proxy" rc="595" msg_id="1DFF-0006" proxy_act="DNS-Outgoing" rule_name="Default" query_type="Type-65" geo_dst="USA" Traffic

Workaround/Solution

To avoid these DNS-proxy deny log messages, add this rule to allow DNS-proxy query Type-65 : Rule Name: HTTPS record Value: 65 Action: Allow For more information about how to add a rule, go to DNS-Proxy: Query Types in Help Center .

Change history

2024-05-09 Added: 11.1.x, 11.10, 11.10.1, 11.10.2, 11.10.3, 11.10.4, 11.10.5, 11.10.6, 11.10.7, 11.11, 11.11.1, 11.11.2, 11.11.4, 11.12, 11.12.1, 11.12.2, 11.12.4, 11.2.x, 11.3.1, 11.3.2, 11.3.3, 11.3.4, 11.3.5, 11.3.6, 11.4, 11.4.1, 11.4.2, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6, 11.6.1, 11.6.3, 11.6.5, 11.6.6, 11.7, 11.7.2, 11.7.3, 11.7.4, 11.7.5, 11.8, 11.8.1, 11.8.3, 11.8.4, 11.9, 11.9.1, 11.9.3, 11.9.4, 11.9.5, 11.9.6, 12.0.x, 12.1, 12.1.1, 12.1.3, 12.10.x, 12.11.x, 12.2.x, 12.3.x, 12.4.x, 12.5.x, 12.6.x, 12.7.x, 12.8.x, 12.9.x, 2025.1

Links

Original Vendor Announcement

Relevant Products

Click on a version to see all relevant bugs

Affected versions:11.1.x, 11.10, 11.10.1, 11.10.2, 11.10.3, 11.10.4, 11.10.5, 11.10.6, 11.10.7, 11.11, 11.11.1, 11.11.2, 11.11.4, 11.12, 11.12.1, 11.12.2, 11.12.4, 11.2.x, 11.3.1, 11.3.2, 11.3.3, 11.3.4, 11.3.5, 11.3.6, 11.4, 11.4.1, 11.4.2, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6, 11.6.1, 11.6.3, 11.6.5, 11.6.6, 11.7, 11.7.2, 11.7.3, 11.7.4, 11.7.5, 11.8, 11.8.1, 11.8.3, 11.8.4, 11.9, 11.9.1, 11.9.3, 11.9.4, 11.9.5, 11.9.6, 12.0.x, 12.1, 12.1.1, 12.1.3, 12.10.x, 12.11.x, 12.2.x, 12.3.x, 12.4.x, 12.5.x, 12.6.x, 12.7.x, 12.8.x, 12.9.x, 2025.1

Fixed versions: No known fixed versions

Relevant Products

Click on a version to see all relevant bugs

Fixed versions: No known fixed versions

Top WatchGuard Technologies Defects

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

WatchGuard Technologies - Defect ID: FBX-27254

DNS Resource Record type 65 (HTTPS) deny log messages

WatchGuard Technologies - Defect ID: FBX-27254

DNS Resource Record type 65 (HTTPS) deny log messages

Last updated on May 9th, 2024

BugZero Risk Score0.0 Coming soon

Bug Details

Issue

Workaround/Solution

Links

Top WatchGuard Technologies Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
0.0 Coming soon