Not resolve domains .su

Haggar · November 18, 2020, 1:45pm

Hello

Using version 7.8.2003 with all updates. Ocured by problem of resolving .su domains. Example:
nslookup gcrc.su 8.8.8.8
;; connection timed out; no servers could be reached

Searching of this them in internet has no results.

What configurations can solve this bug?

capote · November 18, 2020, 2:14pm

Hi Haggar,
welcome to this awsome community.

I belief you should provide more information:

What about with local DNS resolver like nslookup gcrc.su?
What about with different DNS servers like nslookup gcrc.su 1.1.1.1
Do you have checked the log files, esp. firewall for blocking port 53?
What st the current service status: systemctl status dnsmasq

Best regards, Marko

Haggar · November 18, 2020, 2:30pm

Found source of my problem. Suricata bloking requests.

11/18/2020-16:54:49.673664 [Drop] [] [1:2014169:2] ET DNS Query for .su TLD (Soviet Union) Often Malware Related [] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.21.14:33887 -> 8.8.8.8:53

Is there any solution to add this type of requests to exeprion?

capote · November 18, 2020, 2:36pm

Perhaps the “Dns (ET-emerging-dns)”-Catacory is overzealous. Try to change the mode from blocking to alert or deactivate.

Check the signature in Evebox wich category initiates the blocking

Haggar · November 18, 2020, 3:21pm

Thanks for help. Potentially Bad Traffic category. But i could not found it in interface, setting off this category in dns config helped.