OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.1 Legacy Series »
  • [SOLVED] IDS/IPS DNS issues with LibreSSL
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] IDS/IPS DNS issues with LibreSSL  (Read 6919 times)

tamer

  • Newbie
  • *
  • Posts: 15
  • Karma: 1
    • View Profile
[SOLVED] IDS/IPS DNS issues with LibreSSL
« on: February 08, 2016, 02:05:04 pm »
After enabling LibreSSL and then trying to enable IDS/IPS with some rules the local (firewall) DNS resolver stops responding to any request even local host. However the issue might not be specific to the DNS resolvers as using dig with explicitly using another resolver still fails when IPS is enabled. On other hosts using an explicit DNS resolver works.

Firewall:
root@router:~ # dig google.com

; <<>> DiG 9.10.3-P3 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached


root@router:~ # dig @8.8.8.8 google.com

; <<>> DiG 9.10.3-P3 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Other hosts:
$ dig google.com

; <<>> DiG 9.8.3-P1 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached


$ dig @8.8.8.8 google.com

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9677
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.         IN   A

;; ANSWER SECTION:
google.com.      299   IN   A   93.62.101.241
google.com.      299   IN   A   93.62.101.207
google.com.      299   IN   A   93.62.101.222
google.com.      299   IN   A   93.62.101.211
google.com.      299   IN   A   93.62.101.251
google.com.      299   IN   A   93.62.101.245
google.com.      299   IN   A   93.62.101.236
google.com.      299   IN   A   93.62.101.230
google.com.      299   IN   A   93.62.101.249
google.com.      299   IN   A   93.62.101.237
google.com.      299   IN   A   93.62.101.215
google.com.      299   IN   A   93.62.101.221
google.com.      299   IN   A   93.62.101.219
google.com.      299   IN   A   93.62.101.226
google.com.      299   IN   A   93.62.101.234

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb  8 14:01:09 2016
;; MSG SIZE  rcvd: 268


I have tested this issue will 16.1-16.1.2.

 (PS I don't think that that emoji should be interpreted  ;))
« Last Edit: February 12, 2016, 07:24:06 pm by tamer »
Logged

tamer

  • Newbie
  • *
  • Posts: 15
  • Karma: 1
    • View Profile
Re: IDS/IPS DNS issues with LibreSSL
« Reply #1 on: February 12, 2016, 07:23:44 pm »
This is a non-issue I did not realise that after disabling hardware CRC checks I needed to reboot the router, it works as expected.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17661
  • Karma: 1611
    • View Profile
Re: [SOLVED] IDS/IPS DNS issues with LibreSSL
« Reply #2 on: February 15, 2016, 07:55:32 am »
Hi tamer, thanks for checking back on this issue. :)
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.1 Legacy Series »
  • [SOLVED] IDS/IPS DNS issues with LibreSSL
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2