Suricata in IPS mode Block DnsCrypt or Dns over TLS (both Unbound and DnsCrytpt)

Alex_V · December 05, 2024, 10:22:37 AM

I have ths issue with OPNsense 24.7.10 When I enable Suricata in IPS mode (active on the WAN interface), any connection to DNS servers using DNSCrypt or DNS over TLS, generated by DNSCrypt Proxy or Unbound, is blocked by default.

I also tried disabling all the IPS rules, but the blocking still occurs. Therefore, it doesn't seem to be a ruleset issue but rather a problem with Suricata itself.

The issue occurs with both the standard version and the one using the telemetry ruleset.

Suricata in IPS mode Block DnsCrypt or Dns over TLS (both Unbound and DnsCrytpt)

Alex_V

December 05, 2024, 10:22:37 AM Last Edit: December 05, 2024, 10:24:16 AM by Alex_V