cancel
Showing results for 
Search instead for 
Did you mean: 

FSDFWD sneds DNS query

SOLVED
Scholar

FSDFWD sneds DNS query

Why does FSDFWD send dns queries frequently ?

First, we added a blacklist of malicious domain in F-secure firewall rule. And we found that FSDFWD made DNS Client Service (Windows 7) send the DNS Query(malicious domain we added) frequently. Is this Normal ? What should we adjust to improve it ?

 

BTW, our environment is Windows 7 SP1 with f-secure client premium 12.20.

1 ACCEPTED SOLUTION

Accepted Solutions
Superuser

Re: FSDFWD sneds DNS query

Hi,

what remote address did you enter to be blocked?
An IP or a DNS-name?

 

In the depth of  implementation a firewall can only block traffic based on IPs and ports. So if you want to block "malware.com" the firewall needs to know which IPs (can be several) hide behind malware.com.

 

There is nothing bad in the DNS request itself, esp. if your DNS server is inhouse.

 

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

4 REPLIES
Community Manager

Re: FSDFWD sneds DNS query

Hi Millet,

 

This needs further investigation. Please get in touch with our Support team with the fsdiag so that they can troubleshoot further.

 

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Superuser

Re: FSDFWD sneds DNS query

Hi,

what remote address did you enter to be blocked?
An IP or a DNS-name?

 

In the depth of  implementation a firewall can only block traffic based on IPs and ports. So if you want to block "malware.com" the firewall needs to know which IPs (can be several) hide behind malware.com.

 

There is nothing bad in the DNS request itself, esp. if your DNS server is inhouse.

 

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Highlighted
Scholar

Re: FSDFWD sneds DNS query


MJ-perComp wrote:

Hi,

what remote address did you enter to be blocked?
An IP or a DNS-name?

 

In the depth of  implementation a firewall can only block traffic based on IPs and ports. So if you want to block "malware.com" the firewall needs to know which IPs (can be several) hide behind malware.com.

 

There is nothing bad in the DNS request itself, esp. if your DNS server is inhouse.

 



What we added is the domain name("malware.com").Thank your explanation, we're going to adjust it.

 

Whether is it possible that the f-secure server(inhouse) sent that dns queries instand of every client doing it ?

Superuser

Re: FSDFWD sneds DNS query

The better idea is to configure the company firewall to block. The local firewall on a Windows system is to protect that system from intruders either from the internet or from an already compromised other host. Also blacklisting one URL is pretty useless while thousands of other malicious sites are still up.
Without further knowledge on your local network or what you really want to protect your users from it is difficult to give proper advise. Maybe you could try F-Secure Internet Gatekeeper to block from such sites.

No, the local firewall must be independent from any external ressource. There is no way to avoid local DNS resolution as long as any software requests to resolve that URL.

But as I wrote without detailed knowledge....

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de