Problem
Primary Issue: XG device is consistently having intermittent DNS resolution issues.
Secondary Issue: XG device as DNS server is unreliable.
Backgound & Symptoms
SFOS 16.05.5 MR-5
- This DNS issue as come out of this other issue where I am unable to use web policy or malware scanning.
- Attempts to update patterns fail until I change DNS back and forth from the PPPoE provided DNS servers to statically configures ones. These static ones are a combination of PPPoE, Local or Google DNS.
- Changing DNS back and forth will allow the pattern updates to work once or twice, then they will fail again until I change it again.
- Synchronising the license on the device also does not work, but it can be made to temporarily work by using the "DNS back and forth" method above.
- I noticed with a "tail -f /log/licencing.log" that the following logs were being generated
INFO Jun 12 21:38:27 [0]: URL : eu-prod-utm.soa.sophos.com/.../licenseERROR Jun 12 21:38:27 [0]: curl_easy_perform(6) failed: Couldn't resolve host name
- Using nslookup and ping to check name resolution on the XG's console, I am unable to resolve eu-prod-utm.soa.sophos.com or google.com or any other hostname. DNS is set to use what's provided by PPPoE.
- Doing the "DNS back and forth" allows DNS queries to be resolved.
- I'm always able to ping internet based IP addresses(those that respond to pings)
- I can't see any firewall notifications about DNS queries being blocked, any internet-bound rules on the device allow DNS queries anyway.
- At the start when I was setting up the XG, I found local clients were having issues querying the DNS server on the device, which is one of the reasons I set up a local DNS server separate from the XG in the first place. Local clients now have a consistent DNS resolution experience. This separate DNS server only relies on the XG for routing DNS queries out to internet based DNS servers, nothing on the network is relying on the XG for anything DNS related.
- The technical exception to the above rule is that the device needs to rely on itself to act as a DNS client, which is were the intermittent is being seen.
- When I click check for new firmware, the GUI says no upgrades available, but "tail -f /log/u2d.log" shows this:
ERROR Jun 13 13:34:57 [15434]: FATAL : Error in parsing response, exiting.DEBUG Jun 13 13:42:52 [15846]: --serial = xxxxDEBUG Jun 13 13:42:52 [15846]: --deviceid = yyyyDEBUG Jun 13 13:42:52 [15846]: --fwversion = 16.05.5.233DEBUG Jun 13 13:42:52 [15846]: --productcode = CNDEBUG Jun 13 13:42:52 [15846]: --model = SF01VDEBUG Jun 13 13:42:52 [15846]: --vendor = SO01DEBUG Jun 13 13:42:52 [15846]: Added new server : Host - b, Port - 0DEBUG Jun 13 13:42:52 [15846]: Final query string is :?&serialkey=xxxx&deviceid=yyyy&fwversion=16.05.5.233&productcode=CN&appmodel=SF01V&appvendor=SO01&useragent=SF&oem=DEBUG Jun 13 13:42:52 [15846]: Response code : 0DEBUG Jun 13 13:42:52 [15846]: Response body :
DEBUG Jun 13 13:42:52 [15846]: Response length : 0ERROR Jun 13 13:42:52 [15846]: Response not parsed successfully. ERROR Jun 13 13:42:52 [15846]: FATAL : Error in parsing response, exiting.
- It seems that everything in the lots is pointing to XG based intermittent DNS resolution problems.
Anything else I should be checking?
This thread was automatically locked due to age.
