Messages

I am wondering the same. Why does OPNsense try to contact the following IPs with UDP/123 (i.e. NTP) 185.17.70.106, 212.25.1.1, etc. (see picture attached)? These are not the default OPNsense NTP Servers (which by the way at the moment are configured as "do not use").

Where are the NTP servers show in the picture configured?

@Mitheor: I misinterpreted your answer. Sorry for that.

I realised now localhost is configured as namesserver in "resolv.conf" and I assume that's why the OS is asking localhost for name resolution. Does it make sense to have localhost configured as nameserver in "resolv.conf"? Is this how FreeBSD does consult its DNS cache and/or host file (these entries are loaded into the DNS cache afaik)? Or is there a nameserver operating in OPNsense / FreeBSD?

Why do the DNS requests matter, is it causing you a problem?

Not yet... but I try to understand, if it will cause me troubles in future. These drops are only visible after creating an explicit deny all rule at the end of the rule set. With the default rule set there are implicit/automatically created rules allowing this traffic (see screenshot attached). BTW, where can I find the automatically created "pass loopback" rule?

And it fills up the log with drops making troubleshooting more diffcuilt (I know, I could get ride of the log entries by defining a rule for the dns traffic w/o logging. However, this is symptomatic treatment and not eliminating the root cause.)

Any service that has to communicate with Internet has to do that.

Like, checking for new firmware, signature updates ... anything.

Okay -  thank you. Why is that? And then the question is, how can I disable this service that makes the firewall to do DNS queries? At the moment, I don't see an apparent reason why the firewall should do DNS queries...  (so there will be no answer), I did not configure a local or remote DNS server, there are no clients configured to query the firewall for DNS... There seems to be some default setting causing this... can it be deactivated?   

Hi all

In the firewall log I see a lot of DNS requests from localhost to localhost (see screenshot attached). Why does OPNsense do this and what is it good for? Can I get ride of these requests somehow?

Thank you and regards,
Peter