Suricata Rules download error - pfsense 2.3.3



  • Hi,

    I use pfsense 2.3.3 on a fresh installation with suricata.

    if i click on update or force update it takes quite  a while but no updates are downloaded.
    At the system log i see that error:

    Feb 23 11:13:14 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Rules download error: Resolving timed out after 10649 milliseconds
    Feb 23 11:13:14 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Will retry in 15 seconds…
    Feb 23 11:13:40 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Rules download error: Resolving timed out after 10593 milliseconds
    Feb 23 11:13:40 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Will retry in 15 seconds…
    Feb 23 11:14:06 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Rules download error: Resolving timed out after 10890 milliseconds
    Feb 23 11:14:06 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Will retry in 15 seconds…
    Feb 23 11:14:32 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Rules download error: Resolving timed out after 10681 milliseconds
    Feb 23 11:14:32 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: [Suricata] Will retry in 15 seconds…
    Feb 23 11:14:47 php /usr/local/pkg/suricata/suricata_check_for_rule_updates.php: File 'emerging.rules.tar.gz.md5' download attempts: 4 ...

    At the Update log following:

    Starting rules update...  Time: 2017-02-23 11:13:04
    Downloading Emerging Threats Open rules md5 file emerging.rules.tar.gz.md5...
    Emerging Threats Open rules md5 download failed.
    Server returned error code 0.
    Server error message was: Resolving timed out after 10681 milliseconds
    Emerging Threats Open rules will not be updated.
    Downloading Snort VRT rules md5 file snortrules-snapshot-2990.tar.gz.md5...
    Snort VRT rules md5 download failed.
    Server returned error code 0.
    Server error message was: Resolving timed out after 11018 milliseconds
    Snort VRT rules will not be updated.
    The Rules update has finished.  Time: 2017-02-23 11:16:29

    i have read the following forum contribution, but the solution does not seem to fit my version.

    can someone help me please.

    Thanks.

    HilFi


  • Banned

    Your DNS is broken.



  • but i can use the internet from local clients…
    you mean really?


  • Banned

    Yeah, I mean really. The DNS on pfSense itself is broken. It cannot resolve things. Perhaps configure some DNS servers in System - General. Or untick the "Disable DNS Forwarder" checkbox.



  • Hi,

    youre right. The DNS-Forwarder runs only on the LAN Interface. Im still off the opinion that is also right so.

    At global settings i used the ins server 8.8.8.8 but is overwritten by pppoe.
    It looks as it is only the first dos server entry is used for the update process.
    This is 127.0.0.1. But the DNS Forwarder listens only on LAN.

    If i changed the Forwarder to listen at all it works.


  • Banned

    There's be exactly zero need to do any of that if you simply

    • unticked the "Disable DNS Forwarder" checkbox
    • let it listen on localhost


  • if i deactivate the dns forwarder internet doesn't work…


  • Banned

    Sigh. Go read the checkbox description a couple more times.



  • Thank you ;)


Log in to reply