Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: senseless on June 21, 2020, 10:21:12 AM

Title: DNS requests to localhost
Post by: senseless on June 21, 2020, 10:21:12 AM
Hi all

In the firewall log I see a lot of DNS requests from localhost to localhost (see screenshot attached). Why does OPNsense do this and what is it good for? Can I get ride of these requests somehow?

Thank you and regards,
Peter
Title: Re: DNS requests to localhost
Post by: phoenix on June 21, 2020, 10:40:16 AM
Why do the DNS requests matter, is it causing you a problem?
Title: Re: DNS requests to localhost
Post by: Mitheor on June 21, 2020, 10:44:07 AM
Quote from: senseless on June 21, 2020, 10:21:12 AM
Hi all

In the firewall log I see a lot of DNS requests from localhost to localhost (see screenshot attached). Why does OPNsense do this and what is it good for? Can I get ride of these requests somehow?

Thank you and regards,
Peter

Any service that has to communicate with Internet has to do that.

Like, checking for new firmware, signature updates ... anything.
Title: Re: DNS requests to localhost
Post by: senseless on June 21, 2020, 11:43:07 AM
Quote from: phoenix on June 21, 2020, 10:40:16 AM
Why do the DNS requests matter, is it causing you a problem?

Not yet... but I try to understand, if it will cause me troubles in future. These drops are only visible after creating an explicit deny all rule at the end of the rule set. With the default rule set there are implicit/automatically created rules allowing this traffic (see screenshot attached). BTW, where can I find the automatically created "pass loopback" rule?

And it fills up the log with drops making troubleshooting more diffcuilt (I know, I could get ride of the log entries by defining a rule for the dns traffic w/o logging. However, this is symptomatic treatment and not eliminating the root cause.)

Quote from: Mitheor on June 21, 2020, 10:44:07 AM
Any service that has to communicate with Internet has to do that.

Like, checking for new firmware, signature updates ... anything.

Okay -  thank you. Why is that? And then the question is, how can I disable this service that makes the firewall to do DNS queries? At the moment, I don't see an apparent reason why the firewall should do DNS queries...  (so there will be no answer), I did not configure a local or remote DNS server, there are no clients configured to query the firewall for DNS... There seems to be some default setting causing this... can it be deactivated?   
Title: Re: DNS requests to localhost
Post by: senseless on June 21, 2020, 04:31:16 PM
@Mitheor: I misinterpreted your answer. Sorry for that.

I realised now localhost is configured as namesserver in "resolv.conf" and I assume that's why the OS is asking localhost for name resolution. Does it make sense to have localhost configured as nameserver in "resolv.conf"? Is this how FreeBSD does consult its DNS cache and/or host file (these entries are loaded into the DNS cache afaik)? Or is there a nameserver operating in OPNsense / FreeBSD?
Text only | Text with Images