The DNS analyzer currently does not detect the type of DNS query nor does it perform zero-rating on A type DNS queries.
The new command dns query-type is introduced to enable the DNS analyzer (ECS) to query the DNS type to counter DNS fraud without huge impacts. This capability supports zero-rating on A type of queries and DNS tunneling on TXT and NULL type queries.
The Rule Match engine is enabled to support matching based on the query type.
The dns query-type command defines rule expressions to match the query type in the DNS request messages. This command is added under the ACS Ruledef Configuration Mode.
The following call flow displays how the DNS analyzer (ECS) detects the type of DNS query.
DNS query types based rule-matching never occurred. If there were multiple answers, unsupported query-type skipped parsing the complete answer.
The following DNS query types can be configured in a ruledef. These are parsed and rule-matched.
If there are multiple answers, unsupported query-type skips parsing only that answer and continues parsing the next answer.
DNS packets now start matching the query-type ruledefs.