cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

External DNS Stops working

We are having an issue where External DNS stops working intermittently until we do a cluster fail over.

 fw ctl zdebug drop  shows lots of the following drop messages:

@;129816940;[cpu_3];[fw4_0];[X.X.X.X:36028 -> 203.94.129.130:53] [ERROR]: appi_clobs_observer_remove_context_dependent: application id (60341234) has unknown context id and won't be free;

@;134917386;[cpu_3];[fw4_0];[X.X.X.X:49252 -> 1.1.1.1:53] [ERROR]: appi_clobs_observer_remove_context_dependent: application id (60341234) has unknown context id and won't be free;

The strange thing is that i am still seeing these same messages even in a working state, so i am not convinced that this is the cause of the issue.

0 Kudos
3 Replies
Highlighted
Employee++
Employee++

Re: External DNS Stops working

Hi 

Could you please share some version and hotfix details, are they later than those outlined in sk163793 for example?

 

Thanks,

Chris

 

0 Kudos

Re: External DNS Stops working

We are running R80.30 with Take 107 - We had to downgrade to 107 (as per CP Support recommendations to resolve an OSPF issue).

 

[Expert@ExternalFW01:0]# cpinfo -y all

This is Check Point CPinfo Build 914000202 for GAIA
[IDA]
No hotfixes..

[MGMT]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 107

[CPFC]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 107

[FW1]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 107

FW1 build number:
This is Check Point's software version R80.30 - Build 075
kernel: R80.30 - Build 076

[SecurePlatform]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 107

[CPinfo]
No hotfixes..

[DIAG]
No hotfixes..

[PPACK]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 107

[CVPN]
No hotfixes..

[CPUpdates]
BUNDLE_R80_30_JUMBO_HF_MAIN Take: 107
BUNDLE_INFRA_AUTOUPDATE Take: 19
BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 13
BUNDLE_CPINFO Take: 50

[AutoUpdater]
No hotfixes..

[CPDepInst]
No hotfixes..

0 Kudos
Employee++
Employee++

Re: External DNS Stops working

 

In that case I would definitely review this further with TAC so all the dependencies are properly understood.

 

(Side note if per-chance you have "domain" objects used within your policy please ensure they're set for FQDN mode where ever possible.)

0 Kudos