Follow up. Cisco has it down as a bug to be fixed in future release and recommends that we put an ACL in place to filter incoming DNS requests.
-Neil -- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938<tel:+13193840938> Fax: +1 319 335-2951<tel:+13193352951> E-Mail: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu> Lync: neil-john...@uiowa.edu<sip:neil-john...@uiowa.edu> From: <Johnson>, Neil Johnson <neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Friday, January 17, 2014 12:21 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] Cisco LWAP disable DNS resolver We are testing a few Cisco LWAP's and our security office dinged us in a scan because they are acting as open DNS resolvers. I can't find a way to turn that "feature" off. Any ideas ? -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: +1 319 384-0938<tel:+13193840938> Fax: +1 319 335-2951<tel:+13193352951> E-Mail: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu> Lync: neil-john...@uiowa.edu<sip:neil-john...@uiowa.edu> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.