...
Rebind protection is applied to a DNS query after it has been processed by all the security policy rules in the security policy. This means that if you need to allow legitimate public DNS queries to an FQDN that resolves to RFC1918 IP addresses, you can add that FQDN to a custom list and add the custom list to the security policy with an action of Allow - No Log. This permits the query to resolve without creating any security event log. You can set the security policy rule to Allow - With Log if you require a security event log. For example, http://dns[.]msftncsi[.]comis a domain used by Microsoft Windows 10 and later for network connectivity testing. It resolves to a public IPv4 address but a private IPv6 address and thus can produce a very large number of security events if Rebind protection is enabled.
...