OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: andrewoliv on May 09, 2022, 12:32:49 am
-
I keep getting this alert in my IDS:
Dest IP. Port Rule Message
156.154.67.196 53 ET INFO Observed DNS Query to .biz TLD
I have rules in my firewall preventing external DNS queries yet this keeps getting through. The rules are applied on all 3 LAN Ports and not on the WAN port.
I checked the IP address its a DNS server with no indications of having a bad reputation. Is it possible the OPNSense firewall is sending random DNS Requests? I have no other explanation for this. I have watched the live firewall logs and may rules appear to be working.
Any information on this would be helpful