Hello guys ,
I will described below the scenario and please advice if anyone else faced this issue.
involved: DNS server - 2 Clusters with 4 members (R80.20) - Nexus switch
DNS send the packet to 1st layer firewall with correct MAC address.
14:28:31.177248 XX:XX:XX:XX:e6:86 > XX:XX:XX:XX:96:b8, ethertype IPv4 (0x0800), length 156: XX.XX.XX.70.domain > XX.XX.XX.65.10253: 1178 NXDomain 0/1/0 (114)
Then the 1st layer firewall received the packet correctly.
14:28:31.191342 XX:XX:XX:XX:e6:86 > XX:XX:XX:XX:96:b8, ethertype IPv4 (0x0800), length 156:XX.XX.XX.70.domain > XX.XX.XX.65.10253: 1178 NXDomain 0/1/0 (114)
Afterwards the next packet translated to the below by the 4th member of the cluster.
14:28:31.191358 02:00:00:00:00:00 > XX:XX:XX:XX:90:64, ethertype IPv4 (0x0800), length 156: XX.XX.XX.70.domain > XX.XX.XX.65.10253: 1178 NXDomain 0/1/0 (114)
Notes:
1.Captures on DNS and switch shows that DNS never send those MAC address 02:00:00:00:00:00
2.All Packets that includes mac address 02:00:00:00:00:00 are outbound traffic from FW
3. CCP mode broadcast
4.Confirm from switch that this MAC is generated on FW
4. we cannot find and relate any errors on FW
Any advises are welcome!
Thank you