hi guys

 

just to give you an update on the case:

 

1. please note that unless confirmed otherwise later on this week we have found the reasons and we're able to complete RCA 🙂

we found sort of intermitent solution for THESE issues on Alerts with Domain DNS errors.

 

[Expert@cp:0]# cpwd_admin list | grep wsdnsd
WSDNSD 12288 E 1 [14:01:13] 16/6/2020 Y wsdnsd

above process (when dns server changes occur on gaia (clish/webui) is not restarting itself but preserves old configuration before "save config". this process need to be kill -9 so it can re-start and start using new settings - then Alerts are gone untill you reboot the entire appliance / vm / gaia device.

I'm yet to confirm that when rebooting my core R80.40 lab device but if reboot brings "no Alerts" in logs then off we go we do know where is the issue.

 

the responsible blocke is called WSDNSD (Daemon) which hold configuration and only cpstop/cpstart/cprestart or reboot restarts its configuration (clish>show configuraiton dns).

I'm on investigation still but it all looks promising, hope you get my point and make your own testes in your labs confirming what we found yesteday

 

thanks to @iliyam and @mickey for their time and heads-up - R&D folks ROCKS! as alwasy - pleasure is all mine 🙂

 

Will do update you with any new development should reboot of the gaia change WSDNSD process stance, but so far so good and no new log Aleter entires are produced and issues on the latest R80.40 gaia (either StandAlone or SG distributed - just test tested today).

 

Cheers!

I had this with my 6600 ClusterXL running Check Point R80.40 and the cpstop/cpstart on each member cleared up the alerts. - Thanks Jerry!

 

as far as I can see I do not have "Protocol violation detected" error just Alerts about DNS Configuration problem on SG - which aparently isn't the case to some extent as if I do fwd-dns or rev-dns resolutions they work just fine, except that gaia 3.10 is unable to resolve ipv6 rev-dns once your DNS server is dual-stack, what it means is that your Win2019 DNS server being configured with zones and sub-domains on ipv4 and ipv6 separately so that Gaia is not accurately resolving names from that type of DNS setup. For example, when I ask gaia by dig:

dig google.com

I have a result of:

[Expert@cp13k:0]# dig google.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.11.cp994000013 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20307
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 273 IN A 216.58.213.110

;; Query time: 29 msec
;; SERVER: a.b.c.d#53(a.b.c.d)
;; WHEN: Tue Jun 9 15:03:59 2020
;; MSG SIZE rcvd: 44

*** where a.b.c.d is the IPv4 address of my Win2019 DC DNS server ***

but if I do ask by dig as following:[Expert@cp13k:0]# dig google.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.11.cp994000013 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35792
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 104 IN A 216.58.213.110

;; Query time: 1 msec
;; SERVER: a.b.c.d::5#53(a.b.c.d::5)
;; WHEN: Tue Jun 9 15:06:48 2020
;; MSG SIZE rcvd: 44

*** where a.b.c.d::5 is the IPv6 address of my Win2019 DC DNS server ***

--- summary ---

where your infra is dual-stack (v4/v6) also with DNS resolutions your problems mounts 🙂 especially when your IPv6 is only INTERNAL and does not resolve INTERNET based IPv6 Public IP addresses as your ISP is yet fully IPv4 only.

Cheers