Difference between revisions of "HIDS 12150"
(Created page with "{{Infobox |header1= Rule 12150 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Bind DNS invalid query flood }} = Description = '''ASL does not cause this...") |
Revision as of 09:08, 17 June 2014
Rule 12150 | |
---|---|
Status | Active |
Alert Message | Bind DNS invalid query flood |
Contents |
Description
ASL does not cause this event to occur. ASL simply reports when your DNS server has rejected multiple queries from a single IP address, within 10 seconds. ASL is not preventing your system from answering these queries, this event is occurring because your DNS server has been configured to reject these requests. Please contact your DNS vendor for assistance if you believe your DNS server should not have rejected these queries.
Disabling this rule will have no effect on your DNS server rejecting these queries. Disabling this rule will just prevent ASL from notifying you when this occurs, however the event will continue to occur. Therefore we do not recommend you disable this rule.
Log examples
Jan 1 10:19:01 hostname named[1234]: client 1.2.3.4#1234: view external: query (cache) `hostname/tld/MX/IN` denied
Troubleshooting
False Positives
None.
Additional Information
Similar Rules
None.
Knowledge Base Articles
None.