IDS Alert to unauthorized DNS Server

Started by andrewoliv, May 09, 2022, 12:32:49 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 09, 2022, 12:32:49 AM
I keep getting this alert in my IDS:

Dest IP.             Port  Rule Message     
156.154.67.196   53   ET INFO Observed DNS Query to .biz TLD

I have rules in my firewall preventing external DNS queries yet this keeps getting through.  The rules are applied on all 3 LAN Ports and not on the WAN port.

I checked the IP address its a DNS server with no indications of having a bad reputation.  Is it possible the OPNSense firewall is sending random DNS Requests? I have no other explanation for this. I have watched the live firewall logs and may rules appear to be working.

Any information on this would be helpful

Print
Go Up Pages1
User actions