[SOLVED] IDS/IPS DNS issues with LibreSSL

Started by tamer, February 08, 2016, 02:05:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 08, 2016, 02:05:04 PM Last Edit: February 12, 2016, 07:24:06 PM by tamer
After enabling LibreSSL and then trying to enable IDS/IPS with some rules the local (firewall) DNS resolver stops responding to any request even local host. However the issue might not be specific to the DNS resolvers as using dig with explicitly using another resolver still fails when IPS is enabled. On other hosts using an explicit DNS resolver works.

Firewall:
root@router:~ # dig google.com

; <<>> DiG 9.10.3-P3 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached


root@router:~ # dig @8.8.8.8 google.com

; <<>> DiG 9.10.3-P3 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Other hosts:
$ dig google.com

; <<>> DiG 9.8.3-P1 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached


$ dig @8.8.8.8 google.com

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9677
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.         IN   A

;; ANSWER SECTION:
google.com.      299   IN   A   93.62.101.241
google.com.      299   IN   A   93.62.101.207
google.com.      299   IN   A   93.62.101.222
google.com.      299   IN   A   93.62.101.211
google.com.      299   IN   A   93.62.101.251
google.com.      299   IN   A   93.62.101.245
google.com.      299   IN   A   93.62.101.236
google.com.      299   IN   A   93.62.101.230
google.com.      299   IN   A   93.62.101.249
google.com.      299   IN   A   93.62.101.237
google.com.      299   IN   A   93.62.101.215
google.com.      299   IN   A   93.62.101.221
google.com.      299   IN   A   93.62.101.219
google.com.      299   IN   A   93.62.101.226
google.com.      299   IN   A   93.62.101.234

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb  8 14:01:09 2016
;; MSG SIZE  rcvd: 268


I have tested this issue will 16.1-16.1.2.

(PS I don't think that that emoji should be interpreted  ;))
February 12, 2016, 07:23:44 PM #1
This is a non-issue I did not realise that after disabling hardware CRC checks I needed to reboot the router, it works as expected.
February 15, 2016, 07:55:32 AM #2
Hi tamer, thanks for checking back on this issue. :)
Print
Go Up Pages1
User actions