DNS Forwarding Error When Testing Connection to IDS

bshmurta22 · February 5, 2020, 1:43am

I’m trying to connect my VyOS box, and the other boxes that run through it, to Wazuh, a cloud based IDS.

I’m having a DNS error when I run their provided netcat command to test connectivity.

I’m not sure what’s causing this, as running the command on a machine not on the VyOS managed network works. This also occurs when running the command on any machine in the VyOS network.

What needs to change? Is is a DNS config

~$ nc -zv 02ffd6edd887.cloud.wazuh.com 1514-1515
DNS fwd/rev mismatch: 02ffd6![wazuh|690x450](upload://iim88ISu0TsluV89ciG3NJRpjlN.png) edd887.cloud.wazuh.com != ec2-3-136-32-96.us-east-2.compute.amazonaws.com
02ffd6edd887.cloud.wazuh.com [3.136.32.96] 1515 (?) : Connection timed out
02ffd6edd887.cloud.wazuh.com [3.136.32.96] 1514 (?) : Connection timed out!

Viacheslav · February 5, 2020, 8:36am

Hi @bshmurta22
Can you ping from VyOS external ip addresses?
Example
ping 1.1.1.1
If yes, try to ping some ns name.
Example
ping google.com

What is this ip address?

3.136.32.96

Can you try check connect with this ip addrees by ip?
nc -zv 3.136.32.96 1514-1515

bshmurta22 · February 11, 2020, 9:42pm

Hey @Viacheslav

I can ping google both by IP and DNS name.

I’m not sure what the IP you provided is. As I cannot ping or connect with nc on any machine on or off the VyOS network.

Dmitry · February 12, 2020, 7:00pm

Hi @bshmurta22, check please DNS A record 02ffd6edd887.cloud.wazuh.com . I guess you need to use you cloud IDS DNS servers.