27 Jun
2017
27 Jun
'17
5:32 p.m.
Further inspecting the firewall, only 5 packets in over 20,000 were dropped. Perhaps the SYN Flood setting is too sensitive for a series of multiple DNS queries at the same time.
I sometimes see mis-detections of floods on TCP port 53 too. The resolver has to open a separate connection for each request once it has to use TCP mode. Due to the increased use of DNSSEC this happens more often than in the past.
Rob