https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/460037#M102030 <P><SPAN class="">Name: Non-RFC Compliant DNS Traffic on Port 53/5353</SPAN></P><P class="">56505</P><P class="">What is the solution for this, and what RFC standard it is not cpmpliant?&nbsp;</P> Fri, 21 Jan 2022 05:18:48 GMT mss-ops 2022-01-21T05:18:48Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/306155#M79552 <P>A couple days ago, the threatvault added <A href="https://threatvault.paloaltonetworks.com/?query=56505" target="_self">threat id 56505</A>, and since then our threat log is getting spammed with the vulnerability type&nbsp;<STRONG>Non-RFC Compliant DNS Traffic on Port 53/5353 </STRONG>(informational). We use dnscrypt, and every single DNS request is now showing up in the threat log. First of all, is this a false positive? And if so, how do I prevent this from inundating my logs?</P> Thu, 09 Jan 2020 16:31:58 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/306155#M79552 Maxstr 2020-01-09T16:31:58Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/306183#M79561 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/25857">@Maxstr</a>,</P><BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/25857">@Maxstr</a>&nbsp;wrote:<BR /><P>First of all, is this a false positive? And if so, how do I prevent this from inundating my logs?</P><HR /></BLOCKQUOTE><P>No, it's not a false positive; it also isn't unexpected if you are utilizing dnscrypt. DNSCrypt is not RFC compliant, hence you are hitting a signature that makes perfect sense. If you don't want it to keep showing up in your logs, you'll need to make an exception for 56505 on your Vulnerability profile and set it to allow.&nbsp;</P> Thu, 09 Jan 2020 19:27:58 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/306183#M79561 BPry 2020-01-09T19:27:58Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/441732#M100026 <P>Helo All,</P><P>In my case I dont have DNSDecry and I see&nbsp; <A href="https://threatvault.paloaltonetworks.com/?query=56505" target="_self" rel="nofollow noopener noreferrer">threat id 56112 .</A></P><P>It is possible I consider a false positive ?</P> Mon, 18 Oct 2021 18:31:04 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/441732#M100026 felcor 2021-10-18T18:31:04Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/441816#M100028 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/138216">@felcor</a>&nbsp;</P> <P>&nbsp;</P> <P>It is not false positive. It is information message only.</P> <P>&nbsp;</P> <P><A href="https://threatvault.paloaltonetworks.com/?query=56505" target="_blank">https://threatvault.paloaltonetworks.com/?query=56505</A></P> <P>&nbsp;</P> <P>Regards</P> Tue, 19 Oct 2021 01:38:39 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/441816#M100028 MP18 2021-10-19T01:38:39Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/460037#M102030 <P><SPAN class="">Name: Non-RFC Compliant DNS Traffic on Port 53/5353</SPAN></P><P class="">56505</P><P class="">What is the solution for this, and what RFC standard it is not cpmpliant?&nbsp;</P> Fri, 21 Jan 2022 05:18:48 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-spammed-with-quot-non-rfc-compliant-dns-traffic-on/m-p/460037#M102030 mss-ops 2022-01-21T05:18:48Z