Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
I am having trouble with my DNS and NTP settings getting bypassed
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: I am having trouble with my DNS and NTP settings getting bypassed (Read 741 times)
someone
Full Member
Posts: 115
Karma: 2
Re: I am having trouble with my DNS and NTP settings getting bypassed
«
Reply #15 on:
November 18, 2024, 02:35:25 am »
Firewall rules
443 IN tcp
53 In udp
Thats it
I am constantly hit on port 0, anyone know how to block it, unless its stateful, I havnt seen a way
Of course also ports 80,8081, 22, 23, and server ports, 123 and its not NTP and some others
Hit with constant syn, acks, rst, syn ack, etc with high starting sequence numbers that I think
stateful firewall would block but suricata catches them first from blocklists, 25 percent
of my blocklist from varied sources, and my custom blocklist catch 75 percent
But not all and they are auto IPs spoofed
thanks
Logged
someone
Full Member
Posts: 115
Karma: 2
Re: I am having trouble with my DNS and NTP settings getting bypassed
«
Reply #16 on:
November 18, 2024, 02:39:40 am »
443 In tcp
53 in udp
thats it
thanks
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: I am having trouble with my DNS and NTP settings getting bypassed
«
Reply #17 on:
November 18, 2024, 07:41:59 am »
Remove these, they are dangerous and not necessary. Why would you open DNS to the world?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
someone
Full Member
Posts: 115
Karma: 2
Re: I am having trouble with my DNS and NTP settings getting bypassed
«
Reply #18 on:
November 21, 2024, 06:25:02 am »
How I fixed it
I reloaded
Set unbound settings
Set DNS servers in system > general
Disabled firefox DNS
Is now working correctly so far
There were a few changes in unbound
Enable DNS sec support
I have listen port on 853 for quad9 but its using 53
Flush Dns cache on reboot
And aggressive nsec
enabled query forwarding for dns.quad9.net at 9.9.9.9
but at the top it is using the DNS servers I listed in system > general
8.8.8.8,8.8.4.4,9.9.9.9
Probably why quad9 is using 53 instead of 853
enabled DNS over TLS with dns.quad9.net also on port 853
also at the top shows DNS servers set in system > general
havnt changed it yet
also made snapshot
doing good so far even if using 53
Logged
someone
Full Member
Posts: 115
Karma: 2
Re: I am having trouble with my DNS and NTP settings getting bypassed
«
Reply #19 on:
November 21, 2024, 06:30:26 am »
I will try that
I think it wasnt working when I didnt open those ports but will try again
It hits outbound servers on those ports
Inbound response is usually a high port number and covered by stateful firewall lets it in
Thanks I will definitely close that if I can
I will check the DHCP response
And the syn and rst packets response
I think ack is on the established port
And icmp
I will try it
thanks
«
Last Edit: November 21, 2024, 06:40:45 am by someone
»
Logged
someone
Full Member
Posts: 115
Karma: 2
Re: I am having trouble with my DNS and NTP settings getting bypassed
«
Reply #20 on:
November 21, 2024, 07:15:39 am »
Thanks, its working with no wan firewall rules but defaults
That closes a security hole, thanks
I unchecked the box in unbound query forwarding to use system DNS servers
So it uses the settings in Query forwarding and DNS over TLS
Did a reboot
But it is using quad9 but still outgoing 53 instead of 853 to quad9, but works
Maybe 853 is a subscription thing, will have to check
thanks
«
Last Edit: November 21, 2024, 05:33:47 pm by someone
»
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
I am having trouble with my DNS and NTP settings getting bypassed