Weird dns cache entries
Posted: Fri May 11, 2018 8:33 am
I got a lot of dns entries with random string name in this past few day.
From the same ip address,its a legitimate client/device.
Dns setting is allow remote request from internal network,with drop dns request from external network in firewall(above accept established/related new connection).
Currently dropping connection from that client : add action=drop chain=input comment="CLIENT REQUEST WEIRD DNS !!!!!" src-mac-address=94:DE:80:57:53:60
Pretty sure its come from adware though,given a lot of ads poping out every now and then on that device.
Whats the risk if i allow this client "putting" such dns entries?
From the same ip address,its a legitimate client/device.
Dns setting is allow remote request from internal network,with drop dns request from external network in firewall(above accept established/related new connection).
Currently dropping connection from that client : add action=drop chain=input comment="CLIENT REQUEST WEIRD DNS !!!!!" src-mac-address=94:DE:80:57:53:60
Pretty sure its come from adware though,given a lot of ads poping out every now and then on that device.
Whats the risk if i allow this client "putting" such dns entries?