[SOLVED] get rid of host forgery detected

Started by ruggerio, October 20, 2018, 05:49:21 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
May 07, 2019, 06:56:31 PM #15
Quote from: mimugmail on May 02, 2019, 11:19:54 AM
Do you use IPv6 (or are you aware of it)? I had a similar problem where clients and proxy use the same v4 DNS, but the client did the DNS via v6 and then there were again forgery attacks :)
Right. I use ipv6. How did you resolve this issue? The clients are dual stack, as firewall itself. Firewall acts as ipv6 dns server (unbound). Firewall itself just has ipv4 addresses configured for dns servers. Should I add the ipv6 ips of dns servers, too?
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
May 07, 2019, 08:23:49 PM #16
Port forward for v6 Port 53 to localhost :)
May 07, 2019, 08:50:01 PM #17
Quote from: mimugmail on May 07, 2019, 08:23:49 PM
Port forward for v6 Port 53 to localhost :)
How dies this work? This would violate ipv6 scope.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193568
For this reason, I use the interface ipv6 address for redirect in transparent proxy.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
May 07, 2019, 08:54:21 PM #18
Hm, I'm quite sure it works, will test it tomorrow
Print
Go Up Pages 1 2
User actions