The DNS server allows cache snooping queries, enabling attackers to determine if specific domains are cached.
This can leak information about internal hostnames and user activity (e.g., Citrix infrastructure or external services), aiding reconnaissance and targeted attacks.This feature is available with v4.50 Service Pack 6 or in v4.50 Service Pack 5 Hotfix 20251108-19
¶ Prevent DNS cache snooping
To prevent DNS cache snooping you need to only allow recursive DNS queries from your internal or trusted networks and separate resolvers for internal and public queries (split-DNS).
To do this, you must enable the Access Control feature.
This feature restricts the DNS server to respond only to networks you’ve marked as “Trusted” in Artica’s Network section.
- On the left menu, go to “
DNS Cache Service > Status" - Click on Access Control link
- Turn on the “Access Control” feature
- Enabling this feature allows only trusted networks to query the DNS server and enforce the DNS server security.
¶ Trust Networks
- On the left menu, go to
Network & NICs > Your networks - Add all networks allowed to query the DNS service.
- You have 2 major options:
“Trusted Network” is the strong option that allows network to query DNS server and all Artica services ( include Firewall protection) and “Allow incoming DNS queries” for specific DNS operations.
