Internal dummy Domain is blocked

Started by Mbl, February 07, 2023, 11:56:37 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 07, 2023, 11:56:37 AM
Same scenario as on my previous thread (https://forum.opnsense.org/index.php?topic=32368.msg156431#msg156431).

It looks like internal (non public resolvable) domains are blocked with the reason "firstly seen sites access".

How to allow inter VLAN communication based on internal FQDN without opening up the security policy "Block firstly Seen Sites"?

February 08, 2023, 02:34:05 PM #1
Hi,

You can exclude it by adding it to the Configuration - Cloud Threat Intel. Its category won't query anymore after adding it there.
February 10, 2023, 10:13:05 AM #2
Hi

Sorry forgot to mention this - the domain is already configured there...

Regards
February 10, 2023, 11:04:06 AM #3
Hi,

Please clear the cache in the Configuration - Cloud Threat Intel - Clear Cache, and then try again.
February 10, 2023, 05:21:27 PM #4
Cleared cache but still have the same issue.

As soon as I activate this policy all internal domains are resolved to 100.2.3.4 which is the nextdns blockpage (blockpage.nextdns.io). I have no clue where the relation is between the Zenarmor Policy and the nextdns blockpage.

For example:

Code Select

PS C:\Windows\system32> nslookup
Standardserver:  opnsense.local
Address:  192.168.100.1

> somehost.local
Server:  opnsense.local
Address:  192.168.100.1

Name:    somehost.local
Address:  192.168.100.20

> somehost.local
Server:  opnsense.local
Address:  192.168.100.1

Name:    somehost.local
Address:  100.2.3.4

>

The only difference between the above two nslookup's is the first has the policy disabled and the second enabled (I have masked hostnames and IP's).

Whats different on this policy to another working one, is with this policy I filter on dedicated internal IP addresses and not on VLAN's

February 24, 2023, 09:34:48 AM #5
am I really the only one who has this problem?
Print
Go Up Pages1
User actions