The pfSense Store

Author Topic: Periodic since 2.2 pages load blank, certs invalid  (Read 14818 times)

0 Members and 1 Guest are viewing this topic.

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #15 on: January 28, 2015, 04:30:03 pm »
God, and I thought I was the only one having this problem since I came up reading this thread.

Any news about that? Same invalid cert, same google dns.
Spent the last night trying to figure out what the he** could have happened.

Other than us three, I haven't found anyone who reported it anywhere but here.

But it's way too coincidental that three people got the same symptoms and had the same dns.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4927
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #16 on: January 28, 2015, 04:41:51 pm »
Me also - Thats main reason I turned off forwarder and turned on unbound on one of my systems.
The kids were reporting same exact issues as you...

Unbound with DNSSEC is technically slower than a forwarder but it seems faster in actual use and the kids report its solid.
I'm also using it over the VPN for my private use.


Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8553
  • Karma: +958/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #17 on: January 28, 2015, 04:43:57 pm »
NSA testing some new (broken) toys? :D
Do NOT PM for help!

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4927
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #18 on: January 28, 2015, 04:46:02 pm »
I will just say I like unbound and leave it at that...    (-;

Unbound + VPN = my tinfoil hat

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #19 on: January 28, 2015, 05:56:47 pm »
I just had this happen with level3 DNS (4.2.2.1 and 4.2.2.2) as the DNS servers.  I removed them leaving ONLY OpenDNS and it immediately started resolving correctly again.


Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4927
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #20 on: January 28, 2015, 06:04:31 pm »
A lack of resolution could simply be a network error.  I was really only seeing issue with HTTPS sites.
Cert errors just smell like MITM to me. 

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #21 on: January 28, 2015, 06:06:38 pm »
A lack of resolution could simply be a network error.  I was really only seeing issue with HTTPS sites.
Cert errors just smell like MITM to me.

It's not a lack of resolution.  It IS resolving to a different IP.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4927
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #22 on: January 28, 2015, 06:17:14 pm »
I'm certain no one would use DNS resolution to effect a MITM attack.   (You are just paranoid)

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #23 on: January 28, 2015, 06:33:19 pm »
I'm certain no one would use DNS resolution to effect a MITM attack. 

That's actually pretty common, there's a variety of malware that will do just that to individual PCs, and sometimes to exploit routers and change their DNS servers so it impacts all LAN hosts. A variety of consumer-grade routers have been susceptible to such attacks.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #24 on: January 28, 2015, 06:35:21 pm »
I should mention though, that when I release/renew the WAN interface, I'm not getting a new IP.  I'm getting the same one.  Breaking the connection seems to be what fixes it.

After the further details later in the thread, I think why that has an impact is because it's triggering a DNS cache flush in the DNS forwarder, so the poisoned replies are no longer there.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4927
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #25 on: January 28, 2015, 06:48:57 pm »
haha - Yeah.  I know.  My sarcasm wasn't obvious enough?  I'll try harder.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #26 on: January 28, 2015, 07:00:57 pm »
haha - Yeah.  I know.  My sarcasm wasn't obvious enough?  I'll try harder.

Oh, the sarcasm font on here must be broken, sorry. :)

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #27 on: January 28, 2015, 07:08:19 pm »
I should mention though, that when I release/renew the WAN interface, I'm not getting a new IP.  I'm getting the same one.  Breaking the connection seems to be what fixes it.

After the further details later in the thread, I think why that has an impact is because it's triggering a DNS cache flush in the DNS forwarder, so the poisoned replies are no longer there.

I actually just asked about this here: https://forum.pfsense.org/index.php?topic=87743.0

Is that a possible scenario, because if so I have a good idea of what might be doing it then.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4927
  • Karma: +196/-40
  • Debugging...
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #28 on: January 28, 2015, 07:15:57 pm »
My problem was originating outside the house between the ONT and the FIOS and or google DNS servers...
Its nothing inside the network that was causing it, but hopefully its mitigated now.

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: Periodic since 2.2 pages load blank, certs invalid
« Reply #29 on: January 28, 2015, 07:18:02 pm »
This problem is originating outside the house between the ONT and the FIOS and or google DNS servers...
Its nothing inside the network that was causing it, but hopefully its mitigated now.

If I can verify that pfsense itself is seeing the incorrect IPs for DNS lookups, there's definitely nothing internal that could be causing that at all?