From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 5/5] suricata: Use DNS_SERVERS declaration from external file. Date: Tue, 05 Nov 2019 15:47:49 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2026391596544281636==" List-Id: --===============2026391596544281636== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > On 5 Nov 2019, at 12:45, Stefan Schantl wrote: >=20 > Hello Michael, >> Hi, >>=20 >> Shouldn=E2=80=99t HOME_NET still be in DNS_SERVERS for users who are runni= ng >> a DNS server behind their firewall? >=20 > set HOME_NET here would result in DNS related intrusion rules which > will only match if DNS requests will be sent to a internal DNS server, > which was the default in the past. >=20 > The current approach is to set this value to the used DNS servers, or > if unbound is used in recursor mode to every external address > (!HOME_NET). Yes, I know what the patch does. I was just asking about that this patch removes that DNS traffic will be scan= ned when it is coming from the Internet to a local DNS server in a local subn= et. That worked before and I think it should continue to work. HOME_NET should be in DNS_SERVERS, *as well as* the resolvers that unbound is= using. -Michael >=20 > Best regards, >=20 > -Stefan >>=20 >>> On 5 Nov 2019, at 09:32, Stefan Schantl >>> wrote: >>>=20 >>> These settings now will be read from >>> /var/ipfire/suricata/suricata-dns-servers.yaml, which will be >>> generated by the generate_dns_servers_file() function, located in >>> ids-functions.pl and called by various scripts. >>>=20 >>> Fixes #12166. >>>=20 >>> Signed-off-by: Stefan Schantl >>> --- >>> config/suricata/suricata.yaml | 4 +++- >>> 1 file changed, 3 insertions(+), 1 deletion(-) >>>=20 >>> diff --git a/config/suricata/suricata.yaml >>> b/config/suricata/suricata.yaml >>> index e921781cf..af9cb75a9 100644 >>> --- a/config/suricata/suricata.yaml >>> +++ b/config/suricata/suricata.yaml >>> @@ -11,12 +11,14 @@ vars: >>> # Include HOME_NET declaration from external file. >>> include: /var/ipfire/suricata/suricata-homenet.yaml >>>=20 >>> + # Include DNS_SERVERS declaration from external file. >>> + include: /var/ipfire/suricata/suricata-dns-servers.yaml >>> + >>> EXTERNAL_NET: "any" >>>=20 >>> HTTP_SERVERS: "$HOME_NET" >>> SMTP_SERVERS: "$HOME_NET" >>> SQL_SERVERS: "$HOME_NET" >>> - DNS_SERVERS: "$HOME_NET" >>> TELNET_SERVERS: "$HOME_NET" >>> AIM_SERVERS: "$EXTERNAL_NET" >>> DC_SERVERS: "$HOME_NET" >>> --=20 >>> 2.20.1 >>>=20 >=20 --===============2026391596544281636==--