Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS Alert to unauthorized DNS Server
« previous
next »
Print
Pages: [
1
]
Author
Topic: IDS Alert to unauthorized DNS Server (Read 1207 times)
andrewoliv
Newbie
Posts: 23
Karma: 1
IDS Alert to unauthorized DNS Server
«
on:
May 09, 2022, 12:32:49 am »
I keep getting this alert in my IDS:
Dest IP. Port Rule Message
156.154.67.196 53 ET INFO Observed DNS Query to .biz TLD
I have rules in my firewall preventing external DNS queries yet this keeps getting through. The rules are applied on all 3 LAN Ports and not on the WAN port.
I checked the IP address its a DNS server with no indications of having a bad reputation. Is it possible the OPNSense firewall is sending random DNS Requests? I have no other explanation for this. I have watched the live firewall logs and may rules appear to be working.
Any information on this would be helpful
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS Alert to unauthorized DNS Server