The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
DNS traffic is dropped by IPS with log "Attack Information: Bad Resource Record format, Illegal EDNS0 RR"
|
Technical Level
|
| Solution ID |
sk112578 |
| Technical Level |
|
| Product |
IPS |
| Version |
R75 (EOL), R76 (EOL), R77 (EOL), R77.10 (EOL), R77.20, R77.30 (EOL) |
| Date Created |
24-Jul-2016
|
| Last Modified |
18-Feb-2019
|
Symptoms
DNS traffic is dropped by IPS with log "Attack Information: Bad Resource Record format, Illegal EDNS0 RR".
Example:
Type: Log
Action: Drop
Service: domain-udp (53)
Protocol: udp
Attack Type: Non Compliant DNS
Attack Information: Bad Resource Record format, Illegal EDNS0 RR
Product: IPS Software Blade
Protection ID: DnsProtocolEnforcement
Protection Name: Non Compliant DNS
Protection Type: Protocol Anomaly DNS
Cause
IPS drops DNS packets whose "Z" field is not null (in the OPT Record TTL field, refer to RFC 6891).
Solution
|
Note: To view this solution you need to
Sign In
.
|
