mDNSResponder automatically denied incoming connections

General discussions about Little Snitch
noraa
Posts: 3
Joined: Tue Jul 11, 2017 1:50 am

mDNSResponder automatically denied incoming connections

Postby noraa » Fri Jul 21, 2017 6:11 pm

With Little Snitch 4, I have received a number of popups informing me that Little Snitch has denied an incoming connection to mDNSResponder. The connections are from various IP addresses, usually coming from the local network. My question is, should I continue to deny these connections? As far as I know, mDNSResponder responds to DNS requests - thus if the connection is denied the request won't be able to be translated? As such, should mDNSResponder be allowed to accept all both incoming and outgoing connections?

thanks for you help all!

Xipper
Posts: 5
Joined: Sun Mar 15, 2015 1:30 am

Re: mDNSResponder automatically denied incoming connections

Postby Xipper » Thu Jul 27, 2017 8:04 pm

This is likely part of dynamic service discovery (Aka Bonjour) and perhaps neighbor discovery for IPv6. Services can announce themselves on the network with a broadcast packet, this may be detected by LS as an incoming connection to mDNSResponder as that is the service that registers and stores the info. This could be printers, other OS X computers, etc...many things announce their existence via this process.

ramblingpolak
Posts: 1
Joined: Wed Aug 09, 2017 6:30 pm

Re: mDNSResponder automatically denied incoming connections

Postby ramblingpolak » Wed Aug 09, 2017 6:31 pm

Any idea if there's a way to disable the annoying notification for mDNSResponder being blocked every minute without disabling all notifications?

user425890uhh
Posts: 1
Joined: Thu Sep 07, 2017 5:01 pm

Re: mDNSResponder automatically denied incoming connections

Postby user425890uhh » Thu Sep 07, 2017 5:03 pm

I'm seeing this as well. Currently getting a notification every 60-90 seconds. Even if I allow incoming connections to mDNSResponder it still seems to happen.

sammysmalls
Posts: 1
Joined: Wed Sep 13, 2017 4:20 pm

Re: mDNSResponder automatically denied incoming connections

Postby sammysmalls » Wed Sep 13, 2017 5:09 pm

+1. A real annoyance, especially when in shared environments (Cafe/shared office etc).

Actually +10. Please provide a method for silencing alerts.

bugmenot
Posts: 12
Joined: Tue Mar 05, 2013 12:44 pm

Re: mDNSResponder automatically denied incoming connections

Postby bugmenot » Fri Sep 15, 2017 10:54 am

it seems little snitch does not detect the IPv6 link-local addresses as local network.
also it should detect a IPv6 global temporary dynamic address (that contains mac-address but not used for public connections) out of the ISP assigned prefix as local address or as a new group that can be select to block such.
maybe I haven't found, but it would be great to have more IPv6 protocol related options for creating rules.
I assume as obdev is located in Vienna they might be able to test and verify by using an IPv6 product from one of the local ISP's there,...

jriskin
Posts: 1
Joined: Wed Oct 11, 2017 1:19 am

Re: mDNSResponder automatically denied incoming connections

Postby jriskin » Wed Oct 11, 2017 1:19 am

Any progress/solutions for this?

AndreiD
Posts: 1
Joined: Wed Oct 11, 2017 2:36 pm

Re: mDNSResponder automatically denied incoming connections

Postby AndreiD » Wed Oct 11, 2017 2:38 pm

I have this issue too. mDNSResponder drives me crazy...makes me do what I usually refrain from doing, whitelist entire processes for everything

hahn
Posts: 1
Joined: Thu Oct 12, 2017 9:27 am

Re: mDNSResponder automatically denied incoming connections

Postby hahn » Thu Oct 12, 2017 9:29 am

+1 for best practice solution

christian
Objective Development
Objective Development
Posts: 1361
Joined: Thu Nov 09, 2006 11:46 am

Re: mDNSResponder automatically denied incoming connections

Postby christian » Fri Oct 13, 2017 12:06 pm

You should be able to silence the notification by deciding (with a rule) how to handle them.

When you allow any incoming connection for mDNSResponder permanently, you should never see this message again. If you do, please report the details to our support, reporting this as a bug.

If you want to allow local connections only, the "local network" factory rule of Little Snitch should already do that, unless you have disabled it. You can deny any incoming connection for mDNSResponder because the (more specific) factory rule for localnet has precedence. Again, if you still get notifications with an "any connection" rule, please report this as a bug.

And, finally, if you think that other IPv6 addresses should be included in the localnet-rule, please provide details. As far as I can tell, we DO interpret link local IPv6 addresses as localnet. But I'll forward the message from bugmenot to the responsible developer.

serenitea
Posts: 1
Joined: Mon Nov 20, 2017 10:20 am

Re: mDNSResponder automatically denied incoming connections

Postby serenitea » Mon Nov 20, 2017 10:23 am

christian wrote:If you want to allow local connections only, the "local network" factory rule of Little Snitch should already do that, unless you have disabled it


What is that rule please @christian? I can't find it so I'd like to recreate it.

christian
Objective Development
Objective Development
Posts: 1361
Joined: Thu Nov 09, 2006 11:46 am

Re: mDNSResponder automatically denied incoming connections

Postby christian » Mon Nov 20, 2017 12:35 pm

Copy the following lines and paste them into the Rules window of Little Snitch Configuration:

action: allow
direction: incoming
priority: regular
process: /usr/sbin/mDNSResponder
owner: me
destination: any
port: any
protocol: any

This rule allows mDNSResponder to accept any incoming connections.


Return to “Little Snitch General”

Who is online

Users browsing this forum: Google [Bot] and 3 guests