This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authorative name server

I am running a public name server (authoritative for my website) and I am stuck on how I should setup the nat rules and firewall rulls. Does anyone have any ideas. I have one in place now but I am generating tons of snort 21355 BAD-TRAFFIC potential dns cache poisoning attempt - mismatched txid errors

This thread was automatically locked due to age.

0 BarryG over 13 years ago

Hi,
You need to determine

1. are the snort alerts correct, or false positives?
If false positives, you should probably disable the rule (use the SID and disable it under Intrusion Prevention -> Advanced).

and

2. do you care? If your nameserver is authoritative, it should be read-only, and shouldn't be vulnerable to cache poisoning.
Making sure the server is up-to-date would help too.

Is your server also used as a resolver for any of your networks?
If not, it should be configured as non-recursive to further reduce potential for poisoning.
If so, consider using a different server, or Astaro's DNS resolver instead.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 watnemoe1@comcast.net over 13 years ago in reply to BarryG

That's whats weird about it, its real sites (safe sites like Amazon and NWS) that are causing some of these errors, so to me they almost look like they are false
Cancel
Vote Up 0 Vote Down

Cancel
0 watnemoe1@comcast.net over 13 years ago in reply to watnemoe1@comcast.net

Althought I still need to make sure the NAT and firewall rules are correct
Cancel
Vote Up 0 Vote Down

Cancel