Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
DNS traffic from WAN IP to Google servers
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNS traffic from WAN IP to Google servers (Read 3430 times)
fonsmark
Newbie
Posts: 3
Karma: 0
DNS traffic from WAN IP to Google servers
«
on:
March 17, 2017, 08:51:54 pm »
Hi,
I see quite a lot of DNS queries from the WAN-interface of a newly installed OPNsense 17.1.3-i386 to 8.8.8.8 and 8.8.4.4.
I think it must be the apinger which is using Google DNS, but I don't quite understand why this is necessary for monitoring my GW.
I don't wish to feed the Google. Can I avoid sending traffic in their direction?
BR Fonsmark :-)
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: DNS traffic from WAN IP to Google servers
«
Reply #1 on:
March 17, 2017, 09:02:42 pm »
OPNsense should NOT do that in a default installation. If you use one of this addresses for gateway monitoring, you will get blocked soon anyway.
There are two possible reasons:
a) You got the route from an upstream DHCP and OPNsense is configured to use those
b) A client has this DNS server set
Logged
fonsmark
Newbie
Posts: 3
Karma: 0
Re: DNS traffic from WAN IP to Google servers
«
Reply #2 on:
March 17, 2017, 09:42:01 pm »
Hi fabian,
Thanks for your reply.
The WAN-address, default GW and DNS-servers is static configured.
I have thought that a client might use Google DNS servers, but in the FW-logs the source IP of the traffic is the WAN-address of the FW. Furthermore the FW is pinging 8.8.8.8 (also from the WAN IP).
I have exported the config, and in the XML there is no mention of "8.8".
When searching in logs in my other OPNsense (16.x) FWs I can't see similar traffic, so this might be an error in the version I've got.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: DNS traffic from WAN IP to Google servers
«
Reply #3 on:
March 17, 2017, 10:00:46 pm »
That it is the WAN IP of the firewall says nothing as there is probably source NAT configured, which means any outgoing traffic will have the source IP of the firewall. The best way to find out, which device it is, is adding a quick floating rule allowing DNS to 8.8.8.8 on all interfaces, which are not WAN interfaces, where logging is enabled (pass, block, reject is not important for debugging). This way you should get the device from the logs.
Logged
fonsmark
Newbie
Posts: 3
Karma: 0
Re: DNS traffic from WAN IP to Google servers
«
Reply #4 on:
March 17, 2017, 11:15:10 pm »
Thanks! Of course I only saw the traffic in the log after NAT.
There is an exact match of traffic from someones specific client and the entries I saw before.
I got blinded by the source IP, and blamed the FW.
Thanks again :-)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
DNS traffic from WAN IP to Google servers