I have a Debain email and web server which normally uses my ISPs DNS server. My ISP's DNS server was having some issues, so I switched the Debain server to use my internal DNS server on 192.168.2.10. This is a Windows DC. After doing that, my Snort report from my Debian server started showing the following:
62 192.168.2.10 209.170.146.89 DNS SPOOF query response with TTL of 1 min. and no authority I'm trying to figure out if this is a false positive, a misconfiguration on my DNS server, or a sign of possible compromise. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
