Okay I have a Sophos UTM 9 Firewall set up. I have built two BIND DNS servers; one internal for doing recursive queries and one for an external domain with no recursion (so it doesn't act as if it's an open resolver.)
I've correctly configured DNATs for external as follows:
And the following Firewall Rule:
Everything works fine when turned on, except my Firewall log keeps getting hammered with traffic:
on port 53 from several different random public IPs.
I've done some research online, and have read in many cases that this is normal. I have IPS on and configured correctly. UDP flood protection on (in which I've set low to test.)
I've also configured a group of these public IPs to DROP automatically via Firewall rule. Although the packets are being dropped, I'm still being flooded with UDP:53 attempts, and my firewall log keeps building up in the Gigabytes. However if I turned my NAT rule back on along with Firewall rule, these public IPs are able to get in, with the NAT rule taking precedence over the:
I have millions of packets being filtered daily, all from random IPs on port 53. My CPU doesn't get pegged out, but everything is slow on the DNS side when these rules are turned back on. Should I be putting the external DNS in a DMZ even though it's recursion is turned off?
Thank you for any ideas!
This thread was automatically locked due to age.
 
				 
		 
					 
				