Score : 0.00
(nombre de votes : 0, total : 0)
Arkoon Monitoring display me many blocked connection to my DNS servers for the following reasons:
Unknown type 43
Unknown type 48
Unknown type 3001
I don't know what is the dns request type 3001, but the type 43 and 48 is RFC 4034 (DNSSEC).
DNS UDP fast_module isn't update?
Now I resolve my problem add this DNS request type to "allowed type" field.
Do you have other suggestions?
Hi Max,
You are right, the DNS fast module only allow 0-42 and 249-255 DNS request type. (It has been developped in 2003)
Adding them to the list of known request type, will filter them normaly: that was the smart choice.
The 3001 DNS request seems to be a corrupted one, because this type is not assigned right now (http://www.iana.org/assignments/dns-parameters). You could capture it with tcpdump to see what's inside.
Regards,
Julien
Julien B. - Arkoon il y a 2 mois