Internal dummy Domain is blocked

[Mbl]

Same scenario as on my previous thread (https://forum.opnsense.org/index.php?topic=32368.msg156431#msg156431).

It looks like internal (non public resolvable) domains are blocked with the reason "firstly seen sites access".

How to allow inter VLAN communication based on internal FQDN without opening up the security policy "Block firstly Seen Sites"?

[sy]

Hi,

You can exclude it by adding it to the Configuration - Cloud Threat Intel. Its category won't query anymore after adding it there.

[Mbl]

Hi

Sorry forgot to mention this - the domain is already configured there...

Regards

[sy]

Hi,

Please clear the cache in the Configuration - Cloud Threat Intel - Clear Cache, and then try again.

[Mbl]

Cleared cache but still have the same issue.

As soon as I activate this policy all internal domains are resolved to 100.2.3.4 which is the nextdns blockpage (blockpage.nextdns.io). I have no clue where the relation is between the Zenarmor Policy and the nextdns blockpage.

For example:

Code: [Select]

PS C:\Windows\system32> nslookup
Standardserver:  opnsense.local
Address:  192.168.100.1

> somehost.local
Server:  opnsense.local
Address:  192.168.100.1

Name:    somehost.local
Address:  192.168.100.20

> somehost.local
Server:  opnsense.local
Address:  192.168.100.1

Name:    somehost.local
Address:  100.2.3.4

>
The only difference between the above two nslookup's is the first has the policy disabled and the second enabled (I have masked hostnames and IP's).

Whats different on this policy to another working one, is with this policy I filter on dedicated internal IP addresses and not on VLAN's

[Mbl]

am I really the only one who has this problem?