Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] IDS/IPS DNS issues with LibreSSL
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] IDS/IPS DNS issues with LibreSSL (Read 6924 times)
tamer
Newbie
Posts: 15
Karma: 1
[SOLVED] IDS/IPS DNS issues with LibreSSL
«
on:
February 08, 2016, 02:05:04 pm »
After enabling LibreSSL and then trying to enable IDS/IPS with some rules the local (firewall) DNS resolver stops responding to any request even local host. However the issue might not be specific to the DNS resolvers as using dig with explicitly using another resolver still fails when IPS is enabled. On other hosts using an explicit DNS resolver works.
Firewall:
root@router:~ # dig google.com
; <<>> DiG 9.10.3-P3 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
root@router:~ # dig @8.8.8.8 google.com
; <<>> DiG 9.10.3-P3 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Other hosts:
$ dig google.com
; <<>> DiG 9.8.3-P1 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
$ dig @8.8.8.8 google.com
; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9677
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 299 IN A 93.62.101.241
google.com. 299 IN A 93.62.101.207
google.com. 299 IN A 93.62.101.222
google.com. 299 IN A 93.62.101.211
google.com. 299 IN A 93.62.101.251
google.com. 299 IN A 93.62.101.245
google.com. 299 IN A 93.62.101.236
google.com. 299 IN A 93.62.101.230
google.com. 299 IN A 93.62.101.249
google.com. 299 IN A 93.62.101.237
google.com. 299 IN A 93.62.101.215
google.com. 299 IN A 93.62.101.221
google.com. 299 IN A 93.62.101.219
google.com. 299 IN A 93.62.101.226
google.com. 299 IN A 93.62.101.234
;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.
;; WHEN: Mon Feb 8 14:01:09 2016
;; MSG SIZE rcvd: 268
I have tested this issue will 16.1-16.1.2.
(PS I don't think that that emoji should be interpreted
)
«
Last Edit: February 12, 2016, 07:24:06 pm by tamer
»
Logged
tamer
Newbie
Posts: 15
Karma: 1
Re: IDS/IPS DNS issues with LibreSSL
«
Reply #1 on:
February 12, 2016, 07:23:44 pm »
This is a non-issue I did not realise that after disabling hardware CRC checks I needed to reboot the router, it works as expected.
Logged
franco
Administrator
Hero Member
Posts: 17672
Karma: 1612
Re: [SOLVED] IDS/IPS DNS issues with LibreSSL
«
Reply #2 on:
February 15, 2016, 07:55:32 am »
Hi tamer, thanks for checking back on this issue.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] IDS/IPS DNS issues with LibreSSL