27 Jun
2017
27 Jun
'17
5:32 p.m.
Further inspecting the firewall, only 5 packets in
over 20,000 were
dropped. Perhaps the SYN Flood setting is too sensitive for a series of
multiple DNS queries at the same time.
I sometimes see mis-detections of floods on TCP port 53 too. The resolver
has to open a separate connection for each request once it has to use TCP mode.
Due to the increased use of DNSSEC this happens more often than in the past.
Rob