Author Topic: [SOLVED] get rid of host forgery detected (Read 15868 times)

hbc · « **Reply #15 on:** May 07, 2019, 06:56:31 pm »

Quote from: mimugmail on May 02, 2019, 11:19:54 am

Do you use IPv6 (or are you aware of it)? I had a similar problem where clients and proxy use the same v4 DNS, but the client did the DNS via v6 and then there were again forgery attacks

Right. I use ipv6. How did you resolve this issue? The clients are dual stack, as firewall itself. Firewall acts as ipv6 dns server (unbound). Firewall itself just has ipv4 addresses configured for dns servers. Should I add the ipv6 ips of dns servers, too?

mimugmail · « **Reply #16 on:** May 07, 2019, 08:23:49 pm »

Port forward for v6 Port 53 to localhost

hbc · « **Reply #17 on:** May 07, 2019, 08:50:01 pm »

Quote from: mimugmail on May 07, 2019, 08:23:49 pm

Port forward for v6 Port 53 to localhost

How dies this work? This would violate ipv6 scope.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193568
For this reason, I use the interface ipv6 address for redirect in transparent proxy.

mimugmail · « **Reply #18 on:** May 07, 2019, 08:54:21 pm »

Hm, I'm quite sure it works, will test it tomorrow

Author Topic: [SOLVED] get rid of host forgery detected (Read 15868 times)

hbc

Re: [SOLVED] get rid of host forgery detected

mimugmail

Re: [SOLVED] get rid of host forgery detected

hbc

Re: [SOLVED] get rid of host forgery detected

mimugmail

Re: [SOLVED] get rid of host forgery detected