We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

What is one possible explanation for DNS infection activity reported on my Barracuda Web Filter?

  • Type: Knowledgebase
  • Date changed: 6 years ago

Solution #00006272

 

Scope:

All Barracuda Web Filters. All firmware versions.

 

Answer:


Sometimes internal DNS servers appear in the Web Filter's Infection Activity log. This can be concerning. These entries usually show a port number of 53. Most of the time, several scans with different anti-virus and anti-malware products on the Domain Controllers will find no infection.

This traffic could be registered in the Infection Activity log because the internal DNS server is trying to do a DNS look-up on a known poisoned DNS server. This traffic is being blocked by the Web Filter outbound feature and this action will, therefore, show up in the Infection Activity log.

One possible solution to stop these look-ups would be to flush the DNS cache on the DC. This should then allow the DNS look-ups to perform queries to a server that is not infected.


Link to this page:

https://campus.barracuda.com/solution/501600000013NyiAAE