As DNS over TLS popularity is increasing, port 853 becomes
more interesting for an attacker as a bypass method. Enabling
this port for DNS monitoring makes sense in order to avoid
unusual activity (non-DNS traffic) as well as "normal" DNS
attacks.
Partially fixes #11808
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
tcp:
enabled: yes
detection-ports:
- dp: 53
+ dp: "[53,853]"
udp:
enabled: yes
detection-ports:
- dp: 53
+ dp: "[53,853]"
http:
enabled: yes
# memcap: 64mb