Possible security break? DNS injection or ?

From:	"Tomas Hood" <nw7us at hfradio dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Possible security break? DNS injection or ?
Date:	Sat, 28 Jun 2008 11:42:19 -0600

Hi,

I'm running M0n0wall with three interfaces.  The last few days, my DNHC  
client computers which get DNS info from M0n0wall, are getting incorrect  
DNS - yet if I set static DNS in a client computer, bypassing the DNS of  
M0n0wall, the DNS information is correct.  If I restart M0n0wall (reboot),  
then DNS is ok for a while.  Seems like someone might be injecting or has  
broken into the DNS of M0n0wall.

I am not an ipchains expert, so I am not sure what to look at to figure  
this out with M0n0wall.

What information should I include in my report to you, in order for  
someone on this list to help me figure out what might be happening?

Thanks,

Tomas

-- 
73 de NW7US
http://prop.hfradio.org
http://myspace.com/tomashood

Linux User #32405 - Since 1996
See my profile: http://www.linkedin.com/in/tomashood