Tag Archives: malicious

If only one DNS query is malicious …

… the whole Internet breaks down. So happened on a Palo Alto with a DNS proxy and a (slightly misconfigured) anti-spyware profile.

All network clients had a single DNS server configured, namely the DNS proxy of the Palo Alto. And as a single network client requested an URL that was classified as “spyware”, the Palo correctly (!) blocked the DNS session from its DNS proxy to the Internet. Unluckily, this session stayed active for a long time (with drop-all-packets) since many DNS requests were traversing through it. But since it stayed blocked, the Internet was “unavailable” for all end-users.

Continue reading If only one DNS query is malicious …