Hi, We are running OSSEC 2.3 and the DNS rule 1002 keeps firing for query (cache) denied. That is fine but just wondering how other people handle the situation where you are authorative for a domain yet the MX record points to a third party filtering service.
My understand is that when a query packet comes in for the MX, BIND checks the MX, sees that it is hosted elsewhere but continue to check the named cache. As cache querying is not allowed externally it throws the denied error. This is probably OT and more a BIND question but just seeking how others handle it ? Best Regards,
