iām in the same situation of @roberto
i donāt think this is the culprit, until two weeks ago never haver had a problem with dns system
and the rules were the same from the beginning of IPS in ipfire.
I noticed that the problem has not appeared again when our IPS gave us form 10 down - 4 up,
20 down - 15 up last week. Maybe when the upload speed is slow IPS is too aggressive?
Letās hear a comment from the dev.
PS: there is always the problem that i canāt see or login to people.ipfire.org, community.ipfire.org and blog.ipfire.org unless i use brave browser tor inprivate session in the PC, tried with my ISP with two different machine, same thing via VPN. Via cell phone no problem so far.
@arne_f.
ok thanks for the answer, i was just guessing. Again, if there is some log or whatever we can do to make you and ipfire dev team to understand better the situation, just ask. in my little knoledge of linux and ipfire i will try to give info you may need.
The only way to have Suricata and Unbound working has been to configure it in TLS mode. Putting the DNS of Google and in TLS Hostname, putting ādns.googleā.
I also have little knowledge of Linux and I have been looking at forums and all that without getting anything. The only thing, configure it as TLS.
Iām still on 141 and unsure, wether itās safe to update or not. Can somebody provide a summary of this topic, under which circumstances 142 should not be used?
(BTW, because of such things, I wait some days and search the forum before updating ā¦ unfortunately it seems, that even problematic updates are never drawn back ā¦)
@roberto you might be masking another factor. Changing any parameter on the Domain Name System page causes unbound to restart. It is the latter that gets DNS working for me, whether by changing the parameters or via CLI stop/start.
FWIW my opinionā¦ thatās the third time in a row (140, 141, 142) that a lot of problems are appearing into IPFire Community.
So this minus, added to:
Lacking of MultiWAN
Lacking of IPv6
Lacking of configuration management (i can only backup and restore)
Makes me sayā¦ Not time for IPFire, today (2020). And i am sorry for that
Donāt get me wrong, no anger or disrespect on what the developers are doing.
But facts and experiences areā¦ visible and countable. Therefore for the current year all projects wonāt rely on IPFire, but on other products.
I do not want that an update (which is monolithic and i have no chance to cherry pick every single change) can break a starting project/site, which seems to be happening too often in recent months. On the parallel lane, if the infrastructure allows me, i will realize side machines for not-so-cold spare in case of update breakup by IPFire.
For me it looks more like a suricata bugs that drops dns queries without logging it and ignore configuration reloads at reconnect and such things.
With core139 some suricata dns features was simply not working at all. Now it works but not in some configurations like slow red connections.
FYI: I didnāt notice such problems. My system is a āstandardā installation on a small system without suricata. Thus Arneās opinion may be right.