AnsweredAssumed Answered

Secure DNS Possible False Positive

Question asked by Chris Jones on May 13, 2020

Hello Fellow Forumers,

 

Hope everyone is well at this mad time!

 

I'm trying to understand a particular vulnerability which is showing on a Domain Controller.

QID:15033

Title: Unauthenticated Dynamic DNS Updates Allow DNS Poisoning Vulnerability Port 53/UDP

OS: Windows 2012 R2

 

We have Secure DNS Updates applied as standard on all DC's. Despite this, the QID is still being detected. Unfortunately this is not a simple patch. The results are a configuiration output which I'm hoping someone may help me understand

Results:

--- IPv4 ---
;; ->>HEADER<<- opcode: UPDATE, rcode: NOERROR, id: 22738
;; flags: qr rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; domain.com. IN SOA

 

;; ANSWER SECTION:

 

;; AUTHORITY SECTION:
qid15033ipv4test.domain.com. 300 IN A 1.1.1.1

 

;; ADDITIONAL SECTION:

 

;; Query time: 6 msec
;; SERVER: nnn.nnn.nnn.nnn
;; WHEN: Wed May 13 05:41:04 2020
;; MSG SIZE rcvd: 62

 

--- IPv6 ---
;; ->>HEADER<<- opcode: UPDATE, rcode: NOERROR, id: 7840
;; flags: qr rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; domain.com. IN SOA

 

;; ANSWER SECTION:

 

;; AUTHORITY SECTION:
qid15033ipv6test.domain.com. 300 IN AAAA 2002:101:101::

 

;; ADDITIONAL SECTION:

 

;; Query time: 6 msec
;; SERVER: nnn.nnn.nnn.nnn
;; WHEN: Wed May 13 05:41:04 2020
;; MSG SIZE rcvd: 74

 

Any help is much appreciated

 

Regards

Outcomes