Hi there,
I'm trying to figure out what exactly is happening to DNS traffic in my network.
I have Untangle set up with three interfaces, all bridged together. It's really only serving as a firewall between three network segments (Internal, DMZ, and External). In no way should it be handling DNS of any kind. I have the DNS server turned off.
Recently, Nessus discovered that the Untangle box is actually resolving DNS somehow. Not only is it doing so, but it's doing so in such a way that allows cache snooping, so my internal vulnerability scan is coming back noncompliant. I've resolved the matter with my internal DNS server (one that I control, running Windows Server 2003), and have confirmed that the issue is resolved there with nslookup. Untangle's WAN interface is configured to use that server as its DNS server. The problem is that it can't be forwarding the DNS to that server, because that server's vulnerability has been fixed, hence my confusion. I have no idea what Untangle is doing with that DNS query: the server is off, and the only other server it knows about is confirmed patched... yet the vulnerability still exists.
So my question is this: How can I configure Untangle to not accept, process, or forward any DNS traffic that is targeted at its IP address? I don't want it redirecting DNS traffic to another server, but I *do* want any DNS traffic flowing through it bound for other IPs to be permitted.
I have a rule in my firewall for DNS traffic that allows it from anywhere to anywhere.
Please advise.
Thanks!
I'm trying to figure out what exactly is happening to DNS traffic in my network.
I have Untangle set up with three interfaces, all bridged together. It's really only serving as a firewall between three network segments (Internal, DMZ, and External). In no way should it be handling DNS of any kind. I have the DNS server turned off.
Recently, Nessus discovered that the Untangle box is actually resolving DNS somehow. Not only is it doing so, but it's doing so in such a way that allows cache snooping, so my internal vulnerability scan is coming back noncompliant. I've resolved the matter with my internal DNS server (one that I control, running Windows Server 2003), and have confirmed that the issue is resolved there with nslookup. Untangle's WAN interface is configured to use that server as its DNS server. The problem is that it can't be forwarding the DNS to that server, because that server's vulnerability has been fixed, hence my confusion. I have no idea what Untangle is doing with that DNS query: the server is off, and the only other server it knows about is confirmed patched... yet the vulnerability still exists.
So my question is this: How can I configure Untangle to not accept, process, or forward any DNS traffic that is targeted at its IP address? I don't want it redirecting DNS traffic to another server, but I *do* want any DNS traffic flowing through it bound for other IPs to be permitted.
I have a rule in my firewall for DNS traffic that allows it from anywhere to anywhere.
Please advise.
Thanks!
