This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outbound DNS

Hi all,

tried to search and came up dry.  but I have a question, and forgive me in advance if it's a bone-headed one.  Knowing that attackers try to use DNS to fingerprint networks, is it a good idea to have a packet filter rule to allow outbound DNS requests from the internal network?

Currently i have my ASG220 running my PPPoE access, and serving as the public IP addy endpoint,  and it automatically gets DNS forwarding server info from the PPPoE connection.  so do i need the packet filter rule:

Internal network --> DNS ----> Any   "Allow"   ?

[:S]

or can i just turne that rule off?

This thread was automatically locked due to age.

Parents

0 Benderle over 15 years ago

i've done those steps.. but still getting massive amounts of traffic in my "Network Security" log for outbound DNS traffic being blocked.. what am I doing wrong?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Benderle over 15 years ago

i've done those steps.. but still getting massive amounts of traffic in my "Network Security" log for outbound DNS traffic being blocked.. what am I doing wrong?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 eganders_01 over 15 years ago in reply to Benderle

Astaro's log files will tell you the IP's the requests are coming from. Track them down. Do all your computers use DHCP? Some might have static DNS routes.

Also, some software packages seem to come with their own pointers. Typically these are programs like IM's, or P2P's, etc. But other software can do it too.
Cancel
Vote Up 0 Vote Down

Cancel
0 Benderle over 15 years ago in reply to eganders_01

seems most of them are coming from my internal DC / DNS Server and heading outbound..

I've since edited the packet filter rule, and allowed outbound UDP port 53 for DNS lookups.. but not TCP port 53 which is zone transfers..
Cancel
Vote Up 0 Vote Down

Cancel