Hi,

This is checkpoint clusterXL in load sharing mode and its still on R77.30. We have our NS servers configured behind firewall, however recently we started observing lot of SERVFAIL messages on DNS server and hence started troubleshooting. Eventually when we done fw ctl zdebug drop we found that server when sending Recusrsive queries to Root Hint server the response is getting dropped on Stealth rule.

Surprisingly why it would drop response from Root Hint servers. Now there are not blades running on firewall but only fw. No IPS/AMW nothing.

Here are the logs - and a.b.c.d is my Natted Public IP of my DNS server. Rule #47 is a stealth rule

4Jun2020 15:07:44.407985;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=17 103.204.163.83:48073 -> a.b.c.d:53 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 47;
4Jun2020 15:07:44.423727;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=17 103.204.163.80:47955 -> a.b.c.d:53 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 47;
4Jun2020 15:07:44.426534;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=17 103.204.163.66:45982 -> a.b.c.d:53 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 47;
4Jun2020 15:07:44.450732;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=17 103.204.163.65:42568 -> a.b.c.d:53 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 47;