DNS Spoof query
I have a Debain email and web server which normally uses my ISPs DNS server.
My ISP's DNS server was having some issues, so I switched the Debain server to
use my internal DNS server on 192.168.2.10. This is a Windows DC. After
doing that, my Snort report from my Debian server started showing the
following:
62 192.168.2.10 209.170.146.89 DNS SPOOF query response with TTL of 1
min. and no authority
I'm trying to figure out if this is a false positive, a misconfiguration on my
DNS server, or a sign of possible compromise.
Reply to: