mDNSResponder automatically denied incoming connections
mDNSResponder automatically denied incoming connections
With Little Snitch 4, I have received a number of popups informing me that Little Snitch has denied an incoming connection to mDNSResponder. The connections are from various IP addresses, usually coming from the local network. My question is, should I continue to deny these connections? As far as I know, mDNSResponder responds to DNS requests - thus if the connection is denied the request won't be able to be translated? As such, should mDNSResponder be allowed to accept all both incoming and outgoing connections?
thanks for you help all!
thanks for you help all!
Re: mDNSResponder automatically denied incoming connections
This is likely part of dynamic service discovery (Aka Bonjour) and perhaps neighbor discovery for IPv6. Services can announce themselves on the network with a broadcast packet, this may be detected by LS as an incoming connection to mDNSResponder as that is the service that registers and stores the info. This could be printers, other OS X computers, etc...many things announce their existence via this process.
-
- Posts: 1
- Joined: Wed Aug 09, 2017 6:30 pm
Re: mDNSResponder automatically denied incoming connections
Any idea if there's a way to disable the annoying notification for mDNSResponder being blocked every minute without disabling all notifications?
-
- Posts: 4
- Joined: Thu Sep 07, 2017 5:01 pm
Re: mDNSResponder automatically denied incoming connections
I'm seeing this as well. Currently getting a notification every 60-90 seconds. Even if I allow incoming connections to mDNSResponder it still seems to happen.
-
- Posts: 1
- Joined: Wed Sep 13, 2017 4:20 pm
Re: mDNSResponder automatically denied incoming connections
+1. A real annoyance, especially when in shared environments (Cafe/shared office etc).
Actually +10. Please provide a method for silencing alerts.
Actually +10. Please provide a method for silencing alerts.
Re: mDNSResponder automatically denied incoming connections
it seems little snitch does not detect the IPv6 link-local addresses as local network.
also it should detect a IPv6 global temporary dynamic address (that contains mac-address but not used for public connections) out of the ISP assigned prefix as local address or as a new group that can be select to block such.
maybe I haven't found, but it would be great to have more IPv6 protocol related options for creating rules.
I assume as obdev is located in Vienna they might be able to test and verify by using an IPv6 product from one of the local ISP's there,...
also it should detect a IPv6 global temporary dynamic address (that contains mac-address but not used for public connections) out of the ISP assigned prefix as local address or as a new group that can be select to block such.
maybe I haven't found, but it would be great to have more IPv6 protocol related options for creating rules.
I assume as obdev is located in Vienna they might be able to test and verify by using an IPv6 product from one of the local ISP's there,...
Re: mDNSResponder automatically denied incoming connections
Any progress/solutions for this?
Re: mDNSResponder automatically denied incoming connections
I have this issue too. mDNSResponder drives me crazy...makes me do what I usually refrain from doing, whitelist entire processes for everything
Re: mDNSResponder automatically denied incoming connections
+1 for best practice solution
Re: mDNSResponder automatically denied incoming connections
You should be able to silence the notification by deciding (with a rule) how to handle them.
When you allow any incoming connection for mDNSResponder permanently, you should never see this message again. If you do, please report the details to our support, reporting this as a bug.
If you want to allow local connections only, the "local network" factory rule of Little Snitch should already do that, unless you have disabled it. You can deny any incoming connection for mDNSResponder because the (more specific) factory rule for localnet has precedence. Again, if you still get notifications with an "any connection" rule, please report this as a bug.
And, finally, if you think that other IPv6 addresses should be included in the localnet-rule, please provide details. As far as I can tell, we DO interpret link local IPv6 addresses as localnet. But I'll forward the message from bugmenot to the responsible developer.
When you allow any incoming connection for mDNSResponder permanently, you should never see this message again. If you do, please report the details to our support, reporting this as a bug.
If you want to allow local connections only, the "local network" factory rule of Little Snitch should already do that, unless you have disabled it. You can deny any incoming connection for mDNSResponder because the (more specific) factory rule for localnet has precedence. Again, if you still get notifications with an "any connection" rule, please report this as a bug.
And, finally, if you think that other IPv6 addresses should be included in the localnet-rule, please provide details. As far as I can tell, we DO interpret link local IPv6 addresses as localnet. But I'll forward the message from bugmenot to the responsible developer.
Re: mDNSResponder automatically denied incoming connections
christian wrote:If you want to allow local connections only, the "local network" factory rule of Little Snitch should already do that, unless you have disabled it
What is that rule please @christian? I can't find it so I'd like to recreate it.
Re: mDNSResponder automatically denied incoming connections
Copy the following lines and paste them into the Rules window of Little Snitch Configuration:
action: allow
direction: incoming
priority: regular
process: /usr/sbin/mDNSResponder
owner: me
destination: any
port: any
protocol: any
This rule allows mDNSResponder to accept any incoming connections.
action: allow
direction: incoming
priority: regular
process: /usr/sbin/mDNSResponder
owner: me
destination: any
port: any
protocol: any
This rule allows mDNSResponder to accept any incoming connections.
Re: mDNSResponder automatically denied incoming connections
I added the above rule, but still get some notifications of an incoming connection being denied:
In log in the LS configuration for the connection says:
On 29 Nov 2017, 137.73.254.10 tried to establish an incoming connection to mDNSResponder. The request was denied automatically because this kind of incoming connection cannot be delayed.
This was a UDP connection on 53530.
I'm surprised that this is denied having added a rule that allows all incoming connections.
Any suggestions?
Best wishes, Tim
In log in the LS configuration for the connection says:
On 29 Nov 2017, 137.73.254.10 tried to establish an incoming connection to mDNSResponder. The request was denied automatically because this kind of incoming connection cannot be delayed.
This was a UDP connection on 53530.
I'm surprised that this is denied having added a rule that allows all incoming connections.
Any suggestions?
Best wishes, Tim
Re: mDNSResponder automatically denied incoming connections
Ah, sorry, a mistake. The rule should be
action: allow
direction: incoming
priority: regular
process: /usr/sbin/mDNSResponder
owner: system
destination: any
port: any
protocol: any
The owner must be "system" because mDNSResponder runs as system user. Sorry for the error!
action: allow
direction: incoming
priority: regular
process: /usr/sbin/mDNSResponder
owner: system
destination: any
port: any
protocol: any
The owner must be "system" because mDNSResponder runs as system user. Sorry for the error!