FSDFWD sneds DNS query

Why does FSDFWD send dns queries frequently ?

First, we added a blacklist of malicious domain in F-secure firewall rule. And we found that FSDFWD made DNS Client Service (Windows 7) send the DNS Query(malicious domain we added) frequently. Is this Normal ? What should we adjust to improve it ?

 

BTW, our environment is Windows 7 SP1 with f-secure client premium 12.20.

Best Answer

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser
    Accepted Answer

    Hi,

    what remote address did you enter to be blocked?
    An IP or a DNS-name?

     

    In the depth of  implementation a firewall can only block traffic based on IPs and ports. So if you want to block "malware.com" the firewall needs to know which IPs (can be several) hide behind malware.com.

     

    There is nothing bad in the DNS request itself, esp. if your DNS server is inhouse.

     

    BenMillet

Comments

  • LakshLaksh Posts: 4,432 Community Manager

    Hi Millet,

     

    This needs further investigation. Please get in touch with our Support team with the fsdiag so that they can troubleshoot further.

     

    Millet

  • @MJ-perComp wrote:

    Hi,

    what remote address did you enter to be blocked?
    An IP or a DNS-name?

     

    In the depth of  implementation a firewall can only block traffic based on IPs and ports. So if you want to block "malware.com" the firewall needs to know which IPs (can be several) hide behind malware.com.

     

    There is nothing bad in the DNS request itself, esp. if your DNS server is inhouse.

     



    What we added is the domain name("malware.com").Thank your explanation, we're going to adjust it.

     

    Whether is it possible that the f-secure server(inhouse) sent that dns queries instand of every client doing it ?

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser
    The better idea is to configure the company firewall to block. The local firewall on a Windows system is to protect that system from intruders either from the internet or from an already compromised other host. Also blacklisting one URL is pretty useless while thousands of other malicious sites are still up.
    Without further knowledge on your local network or what you really want to protect your users from it is difficult to give proper advise. Maybe you could try F-Secure Internet Gatekeeper to block from such sites.

    No, the local firewall must be independent from any external ressource. There is no way to avoid local DNS resolution as long as any software requests to resolve that URL.

    But as I wrote without detailed knowledge....
This discussion has been closed.