Problems with DNS Configuration

Hi,

since short time a have great problems with DNS:
Background:
Ipfire = IPFire 2.25 (x86_64) - Core Update 156
Client-System = Linux Mint 20.x

With Firefox, my Client works ok ( I write this with that)
But, if i want to use APT-Service to update or upgrade it fails regular.
Only, if i go to
“Domain Name System” in the GUI of my Ipfire and delete & create new it works like a charm.

BUT ONLY SHORT TIME

Sorry, what i’m doing wrong ?

greatings, norbeev

Are you blocking all DNS traffic except the one directed to your IPFire firewall? If yes, did you open the firewall access to DNS for the green/blue network? See paragraph 2 " Block all DNS traffic except through IPFire’s DNS proxy" (ignore paragraph 1), in particular subsection 2 " Create permit incoming firewall rules for IPFire’s DNS server". Some time ago this rule became necessary as by default now the firewall policy blocks the DNS traffic, including in the green network.

1 Like

Dear cfusco, thank you f. your fast answer. I’ll check it as soon as possible.

But, by the way, why i can use Firefox at all time without problems.

Why only does 'nt work it for the apt update procedure.

Update Info: If i press the button: “Save (Speichern)” in the “Domain Name System - Menu” , then it also works at apt-get update. BUT, after maybe 2 minutes it crashes again.

I had an issue with apt update when IPS is enabled. Try disabling IPS temporarily (this is just a test).

For me there was single rule I had enabled that caused the problem. (Sorry I cannot remember the rule but I’ll keep looking for my notes!)


EDIT: Found it!

In an IPS rule named: emerging-policy.rules

Is a item called:
ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management

And it was blocking my apt-get update.

2 Likes

Thank you, very much, jon.
You are (an expert).
Your advice help’s perfect.
As l see in my logs:
ET USER_AGENTS PyCurl Suspicious User Agent Outbound
i disabled this at (IPS), too:

emerging-user_agents.rules

especially for Linux-Mint Updater.

And by the way, in the rule who you are described i found more:

ET POLICY GNU/Linux YUM User-Agent Outbound likely related to package management

= how i think it’s important for RedHats(Centos) etc.

or maybe (what to you think)
[especially for my wife, if i want to connect her lovely machine with my lovely firewall]:

ET POLICY OS X Software Update Request Outbound

Bye.

1 Like