On my DC internally i get events from DNS saying
"The DNS server encountered an invalid domain name in a packet from 200.216.68.42. The packet is rejected."
my subnet is 192.168.0.0/24 so i dont see how these packets can reach the DC.
i want to set up IPsec to block all DNS packets from outside 192.168.0.0/24. Its easy to make a rule that allows all 192.168.0.0/24 to request on port 53 to "my own ip" on the DC.
but if i make another rule saying "block" 0.0.0.0 ....
well how do i do that, if i block all, 192.168.0.0/24 will not get through ?
usually on firewalls the rules are read from top, until a matching filter is found.
will ipsec work the same way ?
I hope i have explained clearly.
MVH Nicolai
"The DNS server encountered an invalid domain name in a packet from 200.216.68.42. The packet is rejected."
my subnet is 192.168.0.0/24 so i dont see how these packets can reach the DC.
i want to set up IPsec to block all DNS packets from outside 192.168.0.0/24. Its easy to make a rule that allows all 192.168.0.0/24 to request on port 53 to "my own ip" on the DC.
but if i make another rule saying "block" 0.0.0.0 ....
well how do i do that, if i block all, 192.168.0.0/24 will not get through ?
usually on firewalls the rules are read from top, until a matching filter is found.
will ipsec work the same way ?
I hope i have explained clearly.
MVH Nicolai
