summaryrefslogtreecommitdiffstats
path: root/source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst22
1 files changed, 22 insertions, 0 deletions
diff --git a/source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst b/source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst
new file mode 100644
index 0000000..81562ef
--- /dev/null
+++ b/source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst
@@ -0,0 +1,22 @@
+$DropMsgsWithMaliciousDnsPTRRecords
+-----------------------------------
+
+**Type:** global configuration parameter
+
+**Default:** off
+
+**Description:**
+
+Rsyslog contains code to detect malicious DNS PTR records (reverse name
+resolution). An attacker might use specially-crafted DNS entries to make
+you think that a message might have originated on another IP address.
+Rsyslog can detect those cases. It will log an error message in any
+case. If this option here is set to "on", the malicious message will be
+completely dropped from your logs. If the option is set to "off", the
+message will be logged, but the original IP will be used instead of the
+DNS name.
+
+**Sample:**
+
+``$DropMsgsWithMaliciousDnsPTRRecords on``
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-24 17:19:42 +0000