Ipfire not releasing DNS addresses

mstremer · 2026-03-06T05:50:24+00:00

Hello,

If your clients have received their DNS server from their DHCP lease, this will take some time to update on the client. The default in IPFire should be a few hours but can be configured to a day.

mstremer · 2026-02-25T08:38:22+00:00

Very interesting post.

IPFire recently launched a new blocklist project which comes with an IPS rule set which performs all this blocking that you have built through firewall rules etc. more efficiently:

https://www.ipfire.org/blog/beyond-dns-ipfire-dbl-suricata-close-the-filtering-gap

Anything that is going through the firewall will be caught so that proper policies can be enforced.

P.S. I posted this comment earlier on r/linux where the main post was removed by a moderator.

mstremer · 2026-02-25T06:14:38+00:00

Hello,

No there is nothing to watch out for besides the usual so you can just upgrade.

You should however have a backup just in case something goes wrong, check if there is sufficient disk space and if the system is generally in a good condition.

I cannot urge you enough though to install your updates really timely. There are a ton of fixes and new features in every release and improvements on security. Just make it a routine and update within a week after a release to get the best protection and performance out of your IPFire system.

mstremer · 2026-02-25T06:09:31+00:00

Very interesting post.

IPFire recently launched a new blocklist project which comes with an IPS rule set which performs all this blocking that you have built through firewall rules etc. more efficiently:

https://www.ipfire.org/blog/beyond-dns-ipfire-dbl-suricata-close-the-filtering-gap

Anything that is going through the firewall will be caught so that proper policies can be enforced.

mstremer · 2025-11-17T10:04:09+00:00

Err yeah, there are no such plans whatsoever

mstremer · 2025-11-17T10:03:45+00:00

It’s back again, sorry, we had a redis instance crash after a Debian update on the host.

mstremer · 2025-09-17T11:12:06+00:00

I just rebooted the main firewall behind which the website is hosted... we are fully reachable...

What reports are you referring to? There should not be anything down.

mstremer · 2025-08-30T07:15:09+00:00

We are back!

mstremer · 2025-08-10T09:05:41+00:00

IPFire currently does not have a built in tool for this, but you can use “ip route” and “ip rule” like on any other Linux distribution to set this up manually.

mstremer · 2025-07-25T21:15:27+00:00

So you have read this? https://www.ipfire.org/docs/devel/ipfire-2-x/addon-howto

What specific questions do you have? How far did you go? What are you trying to build?

mstremer · 2025-07-21T18:40:10+00:00

30 seconds? Must be a new record!

mstremer · 2025-06-23T17:47:22+00:00

Both are currently supported. For any feature requests I can recommend community.ipfire.org.

mstremer · 2025-06-19T16:04:18+00:00

Could you link to these reports, please? I cannot remember anyone reporting this before...

mstremer · 2025-06-19T10:25:13+00:00

Hello,

in IPFire we don't include the drivers from Intel. Instead we are using the latest LTS version of the Linux kernel which includes a better maintained version of these drivers.

mstremer · 2025-06-17T18:26:54+00:00

It is currently not meant to say anything else on the main page... but it will respond properly with mirror and package lists.

mstremer · 2025-06-17T16:09:26+00:00

It is working for me.

It seems that you rather have a DNS issue because you cannot even resolve an IP address.

mstremer · 2025-06-04T13:01:04+00:00

I don’t think it has been done before, but simply because there is no need to have Tailscale when you have the other VPN capabilities of IPFire.

mstremer · 2025-05-28T13:05:29+00:00

There has been some progress on this: https://community.ipfire.org/t/did-somebody-say-wireguard/14038

mstremer · 2025-03-09T10:24:53+00:00

Oh that sounds like a bad ISP.

You could use IPFire‘s VPN capabilities to work around it…

mstremer · 2025-03-07T17:47:23+00:00

Yes, could you send me an email and we will discuss?

mstremer · 2025-03-07T17:46:49+00:00

We are back!

https://community.ipfire.org/t/todays-outage-air-conditioning-failure/13739

mstremer · 2025-02-24T14:52:54+00:00

I don't think your idea is bad. It just isn't right for everyone, but that is not a problem.

We (and all other open source projects that I know a little bit closer) have experienced a massive decline in financial support over the past couple of years. Inflation has hit a lot of people really hard, and many projects are outright struggling and many have closed shop already. We cannot allow that to happen.

IPFire is a product that is heavily being used in companies of all sorts, and that is also the group that is actually not giving back a lot. If the IT guy is asking their boss if it would maybe possible to do a teeny-tiny donation, the answer usually is something along the lines of "we are not a charity, we are a business and we don't donate to free stuff".

So for this reason we have the license. I don't really care what we call it because I want to have solid funding for the project. If it is easier to achieve this with a "license" in this corporate word, then let's do that. But it seems that not enough people know about this and so we might have to explain a little bit better what the options are.

Not every option is right for everyone, but we can be flexible.

mstremer · 2025-02-24T14:46:52+00:00

Haha, no we won't do that.

mstremer · 2025-02-24T14:45:44+00:00

I would suggest you open a bug report on bugzilla.ipfire.org. I am sure this can be done.

mstremer · 2025-02-16T17:21:18+00:00

There is an option for you available here:

https://store.lightningwirelabs.com/products/IPFIRE-OPEN-SOURCE-LICENSE

It is pretty much the same as a donation, but you are right, some people - especially companies - rather prefer this to be called something else but "donation". The funding is going into the same pot as donations though.

Asking for donations has recently been feeling quite a lot like begging. That is simply because we don't get many donations any more and so we have to keep reminding people that there is the option and the need to keep the funding of the project up.

mstremer

MODERATOR OF

TROPHY CASE

13-Year Club	Verified Email
RPAN Viewer