Suricata Rules download error - pfsense 2.3.3

hilfi2000

Hi,

I use pfsense 2.3.3 on a fresh installation with suricata.

if i click on update or force update it takes quite  a while but no updates are downloaded.
At the system log i see that error:

Feb 23 11:13:14 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Rules download error: Resolving timed out after 10649 milliseconds
Feb 23 11:13:14 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Will retry in 15 seconds…
Feb 23 11:13:40 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Rules download error: Resolving timed out after 10593 milliseconds
Feb 23 11:13:40 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Will retry in 15 seconds…
Feb 23 11:14:06 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Rules download error: Resolving timed out after 10890 milliseconds
Feb 23 11:14:06 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Will retry in 15 seconds…
Feb 23 11:14:32 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Rules download error: Resolving timed out after 10681 milliseconds
Feb 23 11:14:32 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Will retry in 15 seconds…
Feb 23 11:14:47 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: File 'emerging.rules.tar.gz.md5' download attempts: 4 ...

At the Update log following:

Starting rules update...  Time: 2017-02-23 11:13:04
Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
Emerging Threats Open rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 10681 milliseconds
Emerging Threats Open rules will not be updated.
Downloading Snort VRT rules md5 file snortrules-snapshot-2990.tar.gz.md5...
Snort VRT rules md5 download failed.
Server returned error code 0.
Server error message was: Resolving timed out after 11018 milliseconds
Snort VRT rules will not be updated.
The Rules update has finished.  Time: 2017-02-23 11:16:29

i have read the following forum contribution, but the solution does not seem to fit my version.

can someone help me please.

Thanks.

HilFi

doktornotor

Your DNS is broken.

hilfi2000

but i can use the internet from local clients…
you mean really?

doktornotor

Yeah, I mean really. The DNS on pfSense itself is broken. It cannot resolve things. Perhaps configure some DNS servers in System - General. Or untick the "Disable DNS Forwarder" checkbox.

hilfi2000

Hi,

youre right. The DNS-Forwarder runs only on the LAN Interface. Im still off the opinion that is also right so.

At global settings i used the ins server 8.8.8.8 but is overwritten by pppoe.
It looks as it is only the first dos server entry is used for the update process.
This is 127.0.0.1. But the DNS Forwarder listens only on LAN.

If i changed the Forwarder to listen at all it works.

doktornotor

There's be exactly zero need to do any of that if you simply

• unticked the "Disable DNS Forwarder" checkbox
• let it listen on localhost

hilfi2000

if i deactivate the dns forwarder internet doesn't work…

doktornotor

Sigh. Go read the checkbox description a couple more times.

hilfi2000

Thank you ;)