search

Security-Onion-Solutions / securityonion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
https://securityonion.net
3.1k stars 482 forks source link

Kratos container is requesting DNS lookups on localhost.<domain> over the network on 30 second intervals #2982

Closed jertel closed 3 years ago

jertel commented 3 years ago

Hello,

ISO install standalone 2.3.10 upgraded to 2.3.21

I have seen in my internal DNS server and my pyhole server that security onion sends daily ± 2700 localhost dns requests . I have read the topic https://github.com/Security-Onion-Solutions/securityonion/discussions/2493

I added the ip of my security onion and the local docker address to the hosts file.

The hosts file already contains a number of references, like hostname.localdomain and localhost.localdomain.

Is it necessary to convert the entry localdomain to your effective domain name in the existing references or do we need to ad new references other than those in topic 2493 to stop the DNS requests?

I have not found anything about this in the documentation and I have mentioned the only similar topic above.

Regards

Bart

Originally posted by @sleepingbel in https://github.com/Security-Onion-Solutions/securityonion/discussions/2586

jertel commented 3 years ago

Kratos container's DNS priority has been updated to check local files before network.