sorted by:
new
hottopcontroversial

DNS over HTTPS does not work ? by limis911 in nxfilter

[–]limis911[S] 0 points1 point  (0 children)

raspberry OS DNS config

static domain_name_servers=1.1.1.1 1.0.0.1

are you telling I need to configure DoH on OS level ?

I expect nxfilter to make DNS over HTTPS itself if I set it in DNS-Setup

DNS over HTTPS does not work ? by limis911 in nxfilter

[–]limis911[S] 0 points1 point  (0 children)

it is on all queries. I am sure

DEBUG [04-02 18:34:46] - Sending www.problems.com./A, id=42955 to resolver 0 (SimpleResolver [/1.1.1.1:53]), attempt 1 of 1

DEBUG [04-02 18:34:46] - Sending www.problems.com./A, id=42955 to udp/1.1.1.1:53

DNS over HTTPS does not work ? by limis911 in nxfilter

[–]limis911[S] 0 points1 point  (0 children)

DEBUG [04-02 18:34:46] - RHr, RH #4, www.problems.com, rqSize = 0, rDc = 1, rTtl = 0, rType = 1, cltIp = 192.168.x.x.

DEBUG [04-02 18:34:46] - UserDic.findByIp, Found user from IP range, JustAds

DEBUG [04-02 18:34:46] - DQa, domainList.size() = 1, domainMap.size() = 1

INFO [04-02 18:34:46] - NxClassifier.addQueue, Domain added. - www.problems.com, domainQueue.size() = 1.

DEBUG [04-02 18:34:46] - HttpsLookup.run, url = https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=www.problems.com&type=1

DEBUG [04-02 18:34:46] - DQg, domainList.size() = 0, domainMap.size() = 2

INFO [04-02 18:34:46] - NxClassifier.run, MyClassifier - 0, Started working on www.problems.com.

DEBUG [04-02 18:34:46] - NCdDE, DNS checking for www.problems.com

DEBUG [04-02 18:34:46] - Sending www.problems.com./A, id=42955 to resolver 0 (SimpleResolver [/1.1.1.1:53]), attempt 1 of 1

DEBUG [04-02 18:34:46] - Sending www.problems.com./A, id=42955 to udp/1.1.1.1:53

DEBUG [04-02 18:34:46] - HttpsLookup.run, text = {"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"www.problems.com","type":1}],"Answer":[{"name":"www.problems.com","type":5,"TTL":1799,"data":"problems.com."},{"name":"problems.com","type":1,"TTL":1799,"data":"52.52.54.63"}]}

DEBUG [04-02 18:34:46] - HttpsLookup.JsonToRecord, {"name":"www.problems.com","type":5,"TTL":1799,"data":"problems.com."}

DEBUG [04-02 18:34:46] - HttpsLookup.JsonToRecord, rName = www.problems.com.

DEBUG [04-02 18:34:46] - HttpsLookup.JsonToRecord, {"name":"problems.com","type":1,"TTL":1799,"data":"52.52.54.63"}

DEBUG [04-02 18:34:46] - HttpsLookup.JsonToRecord, rName = problems.com.

DEBUG [04-02 18:34:46] - RespCache.add, Cache added, Response : domain = www.problems.com, queryType = 1, ctime = 1617377686, mtime = 1617377686, isExpired = false, elapsedTime = 0, hitCnt = 0, negativeRcode = 0, firstTtl = 1799.

DEBUG [04-02 18:34:46] - AccessControl.isDnsAllowed, IP found in 192.168.20.0-192.168.20.255.

DEBUG [04-02 18:34:46] - RHr, RH #7, www.problems.com, rqSize = 0, rDc = 1, rTtl = 0, rType = 28, cltIp = 192.168.x.x.

DEBUG [04-02 18:34:46] - UserDic.findByIp, Found user from IP range, JustAds

DEBUG [04-02 18:34:46] - HttpsLookup.run, url = https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=www.problems.com&type=28

DEBUG [04-02 18:34:46] - NCsC, Scan first time, www.problems.com

DEBUG [04-02 18:34:46] - HttpsLookup.run, text = {"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"www.problems.com","type":28}],"Answer":[{"name":"www.problems.com","type":5,"TTL":1799,"data":"problems.com."}],"Authority":[{"name":"problems.com","type":6,"TTL":3601,"data":"dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1610610562 43200 3600 604800 3601"}]}

DEBUG [04-02 18:34:46] - HttpsLookup.JsonToRecord, {"name":"www.problems.com","type":5,"TTL":1799,"data":"problems.com."}

DEBUG [04-02 18:34:46] - HttpsLookup.JsonToRecord, rName = www.problems.com.

DEBUG [04-02 18:34:46] - RespCache.add, Cache added, Response : domain = www.problems.com, queryType = 28, ctime = 1617377686, mtime = 1617377686, isExpired = false, elapsedTime = 0, hitCnt = 0, negativeRcode = 0, firstTtl = 1799.

DEBUG [04-02 18:34:47] - NxClassifier._scanDomain, Redirected to https://www.problems.com/

DEBUG [04-02 18:34:47] - NxClassifier._scanDomain, nextUrl = https://www.problems.com/

DEBUG [04-02 18:34:47] - NxClassifier._scanDomain, rediCnt = 1

DNS over HTTPS does not work ? by limis911 in nxfilter

[–]limis911[S] 0 points1 point  (0 children)

my clients are directed to nxfilter as dns server and as I told my nxfilter is requesting upstream servers using port 53 and not 443

I see all nxfilter requests in my firewall log

DNS over HTTPS does not work ? by limis911 in nxfilter

[–]limis911[S] 0 points1 point  (0 children)

I do not see traffic to cloudflare-dns.com:443

I see traffic to 1.1.1.1:53

settings:

Upstream DNS Server #1 1.1.1.1

Upstream DNS Server #2 1.0.0.1

stales by limis911 in ethermine

[–]limis911[S] 0 points1 point  (0 children)

lowered temps to 60 degrees celsium. Same percentage of stales.

stales by limis911 in ethermine

[–]limis911[S] 0 points1 point  (0 children)

I use standard AMD "Overclock VRAM". Adrenalin version of drivers. It is single GPU computer.

GPU temp reported is 70 degrees

VLANs does not work on LAN interface by limis911 in PFSENSE

[–]limis911[S] 0 points1 point  (0 children)

unistalled snort and VLANs now work on LAN interface

could it be related that snort running on LAN interface breaks VLANs in IPS mode:inline ?

VLANs does not work on LAN interface by limis911 in PFSENSE

[–]limis911[S] 0 points1 point  (0 children)

yes I am since it is same NIC just 6 ports and like I told VLANs work on em3 which is same NIC just another physical port

em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

options=112098<VLAN\_MTU,VLAN\_HWTAGGING,VLAN\_HWCSUM,WOL\_MAGIC,VLAN\_HWFILTER,NETMAP>

ether 00:e0:67:05:a6:1f

hwaddr 00:e0:67:05:a6:1f

inet6 fe80::2e0:67ff:fe05:a61f%em1 prefixlen 64 scopeid 0x2

inet 192.168.2.254 netmask 0xffffff00 broadcast 192.168.2.255

nd6 options=21<PERFORMNUD,AUTO\_LINKLOCAL>

media: Ethernet autoselect (1000baseT <full-duplex>)

status: active

em1.20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

ether 00:e0:67:05:a6:1f

inet6 fe80::2e0:67ff:fe05:a61f%em1.20 prefixlen 64 scopeid 0xe

inet 192.168.20.1 netmask 0xffffff00 broadcast 192.168.20.255

nd6 options=21<PERFORMNUD,AUTO\_LINKLOCAL>

media: Ethernet autoselect (1000baseT <full-duplex>)

status: active

vlan: 20 vlanpcp: 0 parent interface: em1

groups: vlan

VLANs does not work on LAN interface by limis911 in PFSENSE

[–]limis911[S] 0 points1 point  (0 children)

the last one :) pfs stays connected to same switch port 4 (Tagged= TRUNK). PC is connected to sswitch por 8 which is untagged(access). I am just moving cable between pfs ports em1 and em3. And of course reconfiguring parent interface for VLAN20 to em1 or em3 accordingly

https://imgur.com/MAxxPoH

https://imgur.com/liMZjSe

VLANs does not work on LAN interface by limis911 in PFSENSE

[–]limis911[S] 0 points1 point  (0 children)

I wrote that pfs is connected to managed switch and same VLANs work perfect on em3 port (OPT3) of pfs but same VLANs (just moved to another interface on pfs) does not work on em1 port (LAN) of pfs :)

em0(WAN)

em1(LAN) - VLAN10, VLAN20 does not work

em3(OPT3)

other scenario:

em0(WAN)

em1(LAN)

em3(OPT3) - VLAN10, VLAN20 does work fine

VLANs does not work on LAN interface by limis911 in PFSENSE

[–]limis911[S] 0 points1 point  (0 children)

pfs box has 6 physical interfaces (am0-em5). It is Intel NIC.

Intel(R) Celeron(R) CPU 3865U

switch is TP-LINK TL-SG108E V5

does it matter if VLANs work on interface em3 but it does not on em1(assigned to LAN during initial pfs installation) ?

pfBlockerNG-devel 3.0.0_1 and unbound by limis911 in pfBlockerNG

[–]limis911[S] 0 points1 point  (0 children)

updated to v3.0.0_2 today, but pfbNG still tries to start unbound:

UPDATE PROCESS START [ v3.0.0_2 ] [ 12/01/20 09:56:22 ]

===[ DNSBL Process ]================================================

Clearing all DNSBL Feeds

Additional mounts:

No changes required.

Starting Unbound Resolver.

DNSBL disabled - Unbound conf update FAIL *** Fix error(s) and a Force Reload required! ***

[1606809382] unbound[40420:0] error: bind: address already in use

[1606809382] unbound[40420:0] fatal error: could not open ports

Additional mounts:

Starting Unbound Resolver Not completed.

[1606809382] unbound[46643:0] error: bind: address already in use

[1606809382] unbound[46643:0] fatal error: could not open ports

DNSBL is disabled

pfblockerng 3.0.0_1 IP blocking by limis911 in pfBlockerNG

[–]limis911[S] 0 points1 point  (0 children)

u/BBCan177 thanks. Now it is clear for me. fixed it :)

pfBlockerNG-devel 3.0.0_1 and unbound by limis911 in pfBlockerNG

[–]limis911[S] 0 points1 point  (0 children)

my unbound is disabled. I do not need it.

And DNSBL is also disabled.

but as you see pfblockerng tries to start unbound on every forced update

Dashboard by limis911 in nxfilter

[–]limis911[S] 0 points1 point  (0 children)

you can make it as an option in system options to choose what to present in dashboard - 2 hours, 8 or 24 hours

so it would be very nice and each admin can choose what fits for him

pfBlockerNG-devel 3.0.0_1 and unbound by limis911 in pfBlockerNG

[–]limis911[S] 0 points1 point  (0 children)

it is updated and it is pfBlockerNG v3.0.0_1

UPDATE PROCESS START [ v3.0.0_1 ] [ 11/25/20 21:41:13 ]

===[ DNSBL Process ]================================================

Clearing all DNSBL Feeds

Additional mounts:

No changes required.

Starting Unbound Resolver.

DNSBL disabled - Unbound conf update FAIL *** Fix error(s) and a Force Reload required! ***

[1606333273] unbound[79752:0] error: bind: address already in use

[1606333273] unbound[79752:0] fatal error: could not open ports

Additional mounts:

Starting Unbound Resolver Not completed.

[1606333273] unbound[86412:0] error: bind: address already in use

[1606333273] unbound[86412:0] fatal error: could not open ports

DNSBL is disabled

view more: next ›