The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
DNS traffic is dropped by IPS with log "Attack Information: Bad Resource Record format, Illegal EDNS0 RR"
| Solution ID |
sk112578 |
| Product |
IPS |
| Version |
R75, R76, R77, R77.10, R77.20, R77.30 |
| Date Created |
24-Jul-2016
|
| Last Modified |
18-Feb-2019
|
Symptoms
DNS traffic is dropped by IPS with log "Attack Information: Bad Resource Record format, Illegal EDNS0 RR".
Example:
Type: Log
Action: Drop
Service: domain-udp (53)
Protocol: udp
Attack Type: Non Compliant DNS
Attack Information: Bad Resource Record format, Illegal EDNS0 RR
Product: IPS Software Blade
Protection ID: DnsProtocolEnforcement
Protection Name: Non Compliant DNS
Protection Type: Protocol Anomaly DNS
Cause
IPS drops DNS packets whose "Z" field is not null (in the OPT Record TTL field, refer to RFC 6891).
Solution
|
Note: To view this solution you need to
Sign In
.
|
