Hi,

Shouldn’t HOME_NET still be in DNS_SERVERS for users who are running a DNS server behind their firewall?

> On 5 Nov 2019, at 09:32, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
> 
> These settings now will be read from
> /var/ipfire/suricata/suricata-dns-servers.yaml, which will be
> generated by the generate_dns_servers_file() function, located in
> ids-functions.pl and called by various scripts.
> 
> Fixes #12166.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/suricata/suricata.yaml | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
> index e921781cf..af9cb75a9 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -11,12 +11,14 @@ vars:
>     # Include HOME_NET declaration from external file.
>     include: /var/ipfire/suricata/suricata-homenet.yaml
> 
> +    # Include DNS_SERVERS declaration from external file.
> +    include: /var/ipfire/suricata/suricata-dns-servers.yaml
> +
>     EXTERNAL_NET: "any"
> 
>     HTTP_SERVERS: "$HOME_NET"
>     SMTP_SERVERS: "$HOME_NET"
>     SQL_SERVERS: "$HOME_NET"
> -    DNS_SERVERS: "$HOME_NET"
>     TELNET_SERVERS: "$HOME_NET"
>     AIM_SERVERS: "$EXTERNAL_NET"
>     DC_SERVERS: "$HOME_NET"
> -- 
> 2.20.1
>