DNS Spoof query

To: debian-user@lists.debian.org
Subject: DNS Spoof query
From: Daniel D Jones <ddjones@riddlemaster.org>
Date: Sun, 26 Jul 2009 11:33:27 -0400
Message-id: <[🔎] 200907261533.27202.ddjones@riddlemaster.org>

I have a Debain email and web server which normally uses my ISPs DNS server.  
My ISP's DNS server was having some issues, so I switched the Debain server to 
use my internal DNS server on 192.168.2.10.  This is a Windows DC.  After 
doing that, my Snort report from my Debian server started showing the 
following:

62  192.168.2.10     209.170.146.89   DNS SPOOF query response with TTL of 1 
min. and no authority

I'm trying to figure out if this is a false positive, a misconfiguration on my 
DNS server, or a sign of possible compromise.

Reply to:

Prev by Date: Re: Frequent crashes whilst using X (try 2)
Next by Date: Re: (EE) Failed to load module "freetype" (module does not exist)
Previous by thread: Re: Chinese in rxvt
Next by thread: Obtaining firmware - can one use Sidux files?
Index(es):
- Date
- Thread