Phillip Runner

R80.10 FQDN objects and CNAME/aliases

Discussion created by Phillip Runner on Jun 25, 2018
Latest reply on Jul 31, 2018 by ccse89f54c70-508c-400f-9477-dd8648799b1e

We have been using the new FQDN objects in R80.10 Mgmt/GW, and have been having some issues with them.  As we troubleshoot the rules that don't work, it seems that when the FQDN object resolves a CNAME/alias record, that the rule never gets hit.  It seems that when an A record is returned, it works fine.

 

An example: .crl.godaddy.com returns an alias for:

   crl.godaddy.com canonical name = gdcrl.godaddy.com.akadns.net.
   Name: gdcrl.godaddy.com.akadns.net
   Address: 50.63.243.228

 

However, the rule was never hit until I added a host object for 50.63.243.228. Unfortunately, that IP is very likely to change.

 

Is this expected behavior for dns-domain objects that resolve to a CNAME?  IF a CNAME, shouldn't the FW resolve the CNAME/alias to get the IP result to use in the FQDN object/ruleset?

 

In addition, are there any good command line tools I can use on the R80.10 GW to see what it is using for FQDN objects?  We have been finding these quite difficult to troubleshoot (although we LOVE the idea of these objects if they worked consistently!)

 

Thanks for any assistance you can provide!

Outcomes