1
22.7 Legacy Series / Re: Firewall host sends multiple DNS requests to many different IPs
« on: December 15, 2022, 05:23:02 pm »
Ahh ok, that explains this behavior! Thanks for that! 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
22.7 Legacy Series / Re: Firewall host sends multiple DNS requests to many different IPs
« on: December 15, 2022, 05:05:05 pm »
Thanks for the reply!
I also figured something out: once i (hopefully) correctly configured DNS servers and the Unbound service - all those DNS requests went finally to the assigned IPs!
Also interestingly: every time I updated and restarted the Unbound service, for a few moments the DNS requests went to other IPs again and then back to the assigned ones...seems like when my DNS isn't correctly configured the firewall uses all those random servers.
I also figured something out: once i (hopefully) correctly configured DNS servers and the Unbound service - all those DNS requests went finally to the assigned IPs!
Also interestingly: every time I updated and restarted the Unbound service, for a few moments the DNS requests went to other IPs again and then back to the assigned ones...seems like when my DNS isn't correctly configured the firewall uses all those random servers.
3
22.7 Legacy Series / Firewall host sends multiple DNS requests to many different IPs
« on: December 15, 2022, 04:04:45 am »
Hello OPNsense Forum!
I have a question: i found that the firewall host sends multiple DNS requests from its WAN address to different destinations (not just Google and Microsoft...but also, for example, IPs from russia that are hosted by "Misaka Network, Inc." - apparently an american company)...so why is this happening? DNS requests to 8.8.8.8 is understandable but the others?
They all pass my firewall rules because they are labeled as "let out anything from firewall host itself (force gw)".
Is this normal? Or does this mean there is malware on the firewall?
Regards,
David
I have a question: i found that the firewall host sends multiple DNS requests from its WAN address to different destinations (not just Google and Microsoft...but also, for example, IPs from russia that are hosted by "Misaka Network, Inc." - apparently an american company)...so why is this happening? DNS requests to 8.8.8.8 is understandable but the others?
They all pass my firewall rules because they are labeled as "let out anything from firewall host itself (force gw)".
Is this normal? Or does this mean there is malware on the firewall?
Regards,
David
Pages: [1]