12166 – DNS resolvers should be placed in DNS_SERVERS in suricata.yaml

Bug 12166 - DNS resolvers should be placed in DNS_SERVERS in suricata.yaml

Summary: DNS resolvers should be placed in DNS_SERVERS in suricata.yaml

Status:	CLOSED FIXED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	all All

Importance:	Will affect most users Security
Assignee:	Stefan Schantl
QA Contact:	Peter Müller

URL:
Keywords:	Security

Depends on:
Blocks:	SURICATA2.0
	Show dependency tree / graph

Reported:	2019-09-05 17:33 UTC by Peter Müller
Modified:	2020-01-22 21:09 UTC (History)
CC List:	2 users (show)

See Also:	12260

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Müller 2019-09-05 17:33:05 UTC

DNS_SERVERS contains a list of all DNS servers we have in place, so the DNS resolvers of a IPFire installations should be added there, too.

Comment 1 Peter Müller 2019-10-28 15:28:58 UTC

Since observing DNS traffic from or to the resolvers as such might have security implications, I am changing the priority of this.

Comment 2 Michael Tremer 2019-10-28 15:52:52 UTC

Yes I agree. Stefan, please make this a priority.

Comment 3 Stefan Schantl 2019-11-05 09:33:34 UTC

Patchset has been sent to the development mailing list:

https://patchwork.ipfire.org/patch/2573/
https://patchwork.ipfire.org/patch/2574/
https://patchwork.ipfire.org/patch/2575/
https://patchwork.ipfire.org/patch/2576/
https://patchwork.ipfire.org/patch/2577/

Comment 4 Stefan Schantl 2019-11-05 09:34:55 UTC

In order to ship this changes by a core update the changed files needs to be shipped and the red.up suricata script needs to be launched .

Comment 5 Peter Müller 2019-12-11 20:18:41 UTC

https://blog.ipfire.org/post/ipfire-2-23-core-update-139-is-available-for-testing

Comment 6 Peter Müller 2020-01-22 21:09:12 UTC

https://blog.ipfire.org/post/ipfire-2-23-core-update-139-released