Dom Nik I am seeing the issue with DNS cache as well. I haven't opened a case because I just don't have the time right now, but there is definitely something not right. I have firewall rules that only allow certain WAN destinations based on FQDN. Throughout the day users are saying they can't get to a page. When I look into it, the firewall dropped the cache for the sites and has to re-create it.
thanks for your reply. As I'm a Home User, I can provide you more information/log files etc.
Please let me know, how I can help.
My use case are iOS/macOS Apps which do Certificate Pinning for https connections. I created FW rules with FQDN hosts to allow the access without https scanning for them.
For example, a very common banking app in Germany is "Outbank" (available on iOS and macOS) which tries to phone home to "*.stoegerit.com" and tries to contact all configured banking services with https as well afterwards. The current behavior is as follows:
- Do a FW reboot, FQDN cache is empty
- Open the app - https requests are triggered but will fail
- FW creates the needed FQDN cache entries during first call of the app
- App works 1-2 times afterwards, while the FW chooses the right FW rules with the FQDNs
- After some time the App fails again, while the FW has forgotten the FQDNs for these domains
Same issue here with fqdn.hosts. If someone wants to recreate the issue check the subdomain list of *.amazon.com and you can notice that list keeps on changing. We also noticed that few wildcard fqdn hosts were not showing subdomains and few listing subdomains of a different fqdn host.Ticket has been escalated
I also installed this update for all of our clients … several XGs of different sizes.
MR-2 is ANOTHER broken update! I'm on the phone with support as I'm typing. "Known bug" with the Garner service. Why is this update still available and not pulled back if there's known issues with it that affect major parts of the SFOS system?
Symptoms are:
- UI acts extremely slow during login and loading various screens
- Log viewer doesn't show any new logs. My last log entry is from 9/17 shortly after the update was done.
On another box, I'm trying to change settings for a VPN and get nothing but timeout warnings when trying to save any changes. Probably related or maybe just another bug.
Apparently MR-3 is set for release end of next week. We'll see what it fixes, and breaks.
It'd be really nice if the QA for these releases would be improved, and if there's known issues, they should be posted here or the updates should be stopped so not more and more people are facing the same problems.
