Astaro software version (Firmware 7.4.80)
Pattern File: 10305
I have set up Open DNS as my two DNS forwarders. (208.67.222.222 and 208.67.220.220) Queries from the firewall succeed ok but from the internal DNS server 192.168.1.10, they fail.
The ASG is set to allow Surfing via the HTTP/S proxy to authenticated users. Authentication is done using SSO against the back end Win2k Active Directory server. I have tested the user back-end AD authentication and that works ok.
I checked the IPS system and found that the queries were failing with the following log line:
"2009:08:16-11:47:38 Astaro snort[31673]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="DNS SPOOF query response with TTL of 1 min. and no authority" group="241" srcip="208.67.220.220" dstip="192.168.1.10" proto="17" srcport="53" dstport="61872" sid="254" class="Potentially Bad Traffic" priority="2" generator="1" msgid="0" "
As I understand it Open DNS have applied all of the security patches well ahead of the recent DNS poisoning issue so I have to assume that this is a false positive response.
Guest User!
You are not Sophos Staff.
