Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
"Lookup hostnames" no longer works in Firewall: Log Files: Live View
« previous
next »
Print
Pages: [
1
]
Author
Topic: "Lookup hostnames" no longer works in Firewall: Log Files: Live View (Read 3259 times)
JohnnyBeee
Jr. Member
Posts: 68
Karma: 0
"Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
on:
October 28, 2022, 11:54:46 am »
Hi folks.
I use reverse DNS, aka "Lookup hostnames" extensively to find out quickly if a potential attacker connected to my email server. - No FQDN=likely an attacker.
But yesterday I looked at the list and found that only the IPs at the top of the list were resolved. It looked like the backwards resolution only worked from the moment I checked "Lookup hostnames".
I tried a few times to uncheck/check that. At some point only a few IPs were resolved, it seemed random. And now NO IPs AT ALL are resolved!
I use DNSCrypt-Proxy and only DNSCrypt-Proxy, for all the name resolutions and so far, for months/years, everything worked as expected:
Click "Lookup hostnames" and all the IPs in the Live View list were immediately resolved to hostnames.
I rebooted the firewall - no luck.
The DNSCrypt-Proxy or firewall logs don't seem to show anything unusual, normal domain name resolution works fine.
Any ideas?
-----------------------------------
OPNsense 22.7.6-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022
Logged
JohnnyBeee
Jr. Member
Posts: 68
Karma: 0
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #1 on:
October 30, 2022, 02:36:31 am »
It is even getting weirder:
When I check "Lookup hostnames" now, "Auto refresh" unchecks!!!
I observe this with Firefox, latest version...
«
Last Edit: October 30, 2022, 02:40:21 am by JohnnyBeee
»
Logged
weeßicknich
Newbie
Posts: 22
Karma: 1
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #2 on:
October 30, 2022, 06:58:00 pm »
I can reproduce this on OPNsense 22.7.6-amd64 using Unbound as DNS resolver.
Logged
Taunt9930
Full Member
Posts: 126
Karma: 3
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #3 on:
October 30, 2022, 08:04:44 pm »
For some balance - No such issues here with Edge and using Unbound on 22.7.6
Logged
weeßicknich
Newbie
Posts: 22
Karma: 1
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #4 on:
October 30, 2022, 09:39:56 pm »
For what it's worth: It's working here again. Not sure if clearing the browser cache helped or if it was some heisenbug.
Edit: Clearing the browser cache fixed this issue with Chrome/Windows 10 as well as Safari/macOS 13.0.
«
Last Edit: November 02, 2022, 02:24:29 pm by weeßicknich
»
Logged
IsaacFL
Full Member
Posts: 217
Karma: 8
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #5 on:
November 02, 2022, 08:38:09 pm »
I'm seeing this also. Using Firefox as my default browser. Tried clearing browser cache but didn't make a difference.
Tried it with MS Edge and same thing.
This was on Windows 10
I also tried it using Safari on an iPad with same outcome. Lookup hostnames doesn't work.
Logged
JohnnyBeee
Jr. Member
Posts: 68
Karma: 0
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #6 on:
November 07, 2022, 02:31:42 am »
Here is the latest status:
I did some debugging.
First I deactivated DNSCRYPT-PROXY and activated UNBOUND instead. That did not help. So I switched back to DNSCRYPT-PROXY.
Then I noticed in the Firewall log an error saying that a FQDN in an alias could not be resolved (or something similar). So I removed that alias and emptied the Firewall log - That seemed to have solved the issue with "Auto refresh" unchecking.
Then I removed the reference to a particularly large alias I had recently added (1400 IPs) from another Alias (type "Network group") and BINGO: the reverse DNS worked again for the Firewall log.
Strangely enough, after I checked the large alias in the Network group alias again, the reverse DNS still works
So I guess this is solved
Logged
JohnnyBeee
Jr. Member
Posts: 68
Karma: 0
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #7 on:
November 16, 2022, 11:37:04 am »
The issue is back...
No luck with any new or previous workarounds.
So any new ideas are most welcome.
Logged
Aergan
Jr. Member
Posts: 55
Karma: 9
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #8 on:
November 16, 2022, 04:03:17 pm »
Also noticing the issue. Enabling it triggers a refresh that never completes. Reloading Live View seems to hang until it times out.
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #9 on:
November 16, 2022, 04:06:34 pm »
I'll look into it.
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #10 on:
November 16, 2022, 04:26:07 pm »
Identified as
https://github.com/opnsense/core/issues/6139
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #11 on:
November 16, 2022, 08:38:27 pm »
Patch is
https://github.com/opnsense/core/commit/da9c21c55
# opnsense-patch da9c21c55
Logged
Helle
Newbie
Posts: 24
Karma: 1
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #12 on:
November 16, 2022, 09:51:38 pm »
I applied the patch but have the same issue after.
Is a reboot necessary ?
//Helle
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #13 on:
November 16, 2022, 09:58:02 pm »
Need to reopen the firewall live log page, possibly flush browser cache.
Well, it mostly works, but the volume fetched now is meddling with the speed of the annotation of DNS so sometimes it still looks like it isn't working with auto-refresh still on.
Cheers,
Franco
Logged
Helle
Newbie
Posts: 24
Karma: 1
Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View
«
Reply #14 on:
November 16, 2022, 10:02:29 pm »
Ok, thanks for the explanation !
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
"Lookup hostnames" no longer works in Firewall: Log Files: Live View