OPNsense Forum
Archive => 22.7 Legacy Series => Topic started by: JohnnyBeee on October 28, 2022, 11:54:46 am
-
Hi folks.
I use reverse DNS, aka "Lookup hostnames" extensively to find out quickly if a potential attacker connected to my email server. - No FQDN=likely an attacker.
But yesterday I looked at the list and found that only the IPs at the top of the list were resolved. It looked like the backwards resolution only worked from the moment I checked "Lookup hostnames".
I tried a few times to uncheck/check that. At some point only a few IPs were resolved, it seemed random. And now NO IPs AT ALL are resolved! :o
I use DNSCrypt-Proxy and only DNSCrypt-Proxy, for all the name resolutions and so far, for months/years, everything worked as expected:
Click "Lookup hostnames" and all the IPs in the Live View list were immediately resolved to hostnames.
I rebooted the firewall - no luck.
The DNSCrypt-Proxy or firewall logs don't seem to show anything unusual, normal domain name resolution works fine.
Any ideas?
-----------------------------------
OPNsense 22.7.6-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022
-
It is even getting weirder:
When I check "Lookup hostnames" now, "Auto refresh" unchecks!!!
I observe this with Firefox, latest version...
-
I can reproduce this on OPNsense 22.7.6-amd64 using Unbound as DNS resolver.
-
For some balance - No such issues here with Edge and using Unbound on 22.7.6
-
For what it's worth: It's working here again. Not sure if clearing the browser cache helped or if it was some heisenbug.
Edit: Clearing the browser cache fixed this issue with Chrome/Windows 10 as well as Safari/macOS 13.0.
-
I'm seeing this also. Using Firefox as my default browser. Tried clearing browser cache but didn't make a difference.
Tried it with MS Edge and same thing.
This was on Windows 10
I also tried it using Safari on an iPad with same outcome. Lookup hostnames doesn't work.
-
Here is the latest status:
I did some debugging.
First I deactivated DNSCRYPT-PROXY and activated UNBOUND instead. That did not help. So I switched back to DNSCRYPT-PROXY.
Then I noticed in the Firewall log an error saying that a FQDN in an alias could not be resolved (or something similar). So I removed that alias and emptied the Firewall log - That seemed to have solved the issue with "Auto refresh" unchecking.
Then I removed the reference to a particularly large alias I had recently added (1400 IPs) from another Alias (type "Network group") and BINGO: the reverse DNS worked again for the Firewall log.
Strangely enough, after I checked the large alias in the Network group alias again, the reverse DNS still works ???
So I guess this is solved 8)
-
The issue is back...
No luck with any new or previous workarounds.
So any new ideas are most welcome.
-
Also noticing the issue. Enabling it triggers a refresh that never completes. Reloading Live View seems to hang until it times out.
-
I'll look into it.
Cheers,
Franco
-
Identified as https://github.com/opnsense/core/issues/6139
-
Patch is https://github.com/opnsense/core/commit/da9c21c55
# opnsense-patch da9c21c55
-
I applied the patch but have the same issue after.
Is a reboot necessary ?
//Helle
-
Need to reopen the firewall live log page, possibly flush browser cache.
Well, it mostly works, but the volume fetched now is meddling with the speed of the annotation of DNS so sometimes it still looks like it isn't working with auto-refresh still on.
Cheers,
Franco
-
Ok, thanks for the explanation !