AnsweredAssumed Answered

Domain objects in R80.10 spamming DNS

Question asked by Kaspars Zibarts on Aug 16, 2018
Latest reply on Sep 5, 2018 by Kaspars Zibarts

Just wondering if anyone else has noticed if you are using domain objects (new type)

 

I noticed high amount of Block / Alert logs on the gateway complaining it was not able to resolve DNS even though DNS is responding OK. 

 

When I run tcpdump I noticed that firewall sends DNS requests for each domain object in big batches (multiple requests for the same name within 100ms). So there are hundreds of DNS requests spat out every 30 secs for 20 domain objects so I'm not surprised if some are not answered.

 

 

I have not raised SR yet - just wondering if it's "known" issue? We are on take 121.

 

There is one SK that matches symptoms but that should have been fixed in take 42

"Firewall - Domain resolving error. Check DNS configuration on the gateway." log for blocked HTTP traffic although relev… 

Outcomes