Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1716 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

X-Forwarded field option on DNS Requests

IT Sec SOC

 Does Sophos have an option to add X-Forward Field in its header for requests like DNS? If yes then which version ?



This thread was automatically locked due to age.
Parents
  • 0

    Hi and welcome to the UTM Community!

    In fact, I've never heard of an X-Forwarded field except in HTTP.  What problem are you trying to solve?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello,

    Currently, we have our local DNS Server configured on AD, which then forward request to Sophos to resolve external queries. 

    Problem Case: 

    I am trying to trace the origin of malicious DNS request. Therefore, I am presuming that there would be a field that contains the information about originating system such as X-Forwarded-For field.

    Constraint: 

    1. Cannot open DNS Debugged logs, as it will highly impact AD performance.

     

    I hope this will help to understand the case. Any help in this matter will be highly appreciated. Thanks.

Reply
  • 0 in reply to BAlfson

    Hello,

    Currently, we have our local DNS Server configured on AD, which then forward request to Sophos to resolve external queries. 

    Problem Case: 

    I am trying to trace the origin of malicious DNS request. Therefore, I am presuming that there would be a field that contains the information about originating system such as X-Forwarded-For field.

    Constraint: 

    1. Cannot open DNS Debugged logs, as it will highly impact AD performance.

     

    I hope this will help to understand the case. Any help in this matter will be highly appreciated. Thanks.

Children
  • 0 in reply to IT Sec SOC

    In that case, I would temporarily change DHCP to have the UTM as the primary DNS server for internal clients.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML