Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 28 subscribers
  • Views 20411 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Server stops working for LAN Zones after Cisco VPN is established

DomNik

Hi all,

I've noticed the following issue while giving the Cisco VPN another try with Apple iOS on MR5:

After an IPsec connection is established from the internet which is configured to use the DNS server of the XG, it will work very fast and without any problems.

BUT all clients from the intranet which are configured to use the XG as a DNS server too, won't get any answers from the DNS server anymore. (and no FW logs)

The problem is solved after I a restart of the DNS server of the XG, while the first DNS request from the Cisco VPN client will break it again.

 

I'm using the XG's gateway IP of my first LAN Zone (separate network and vlan) as DNS server for my VPN setup. Exactly the same IPs and networks/ranges are working flawlessly (but slow) with L2TP on my iPhone.

Could this be a serious bug or am I missing something?

 

Thanks and best regards

DomNik



This thread was automatically locked due to age.
Parents
  • 0

    Tested the scenario and there was no issue with the DNS server. 

    Version: SF-OS v15.05 MR 5

    SFVH_VM01_SFOS 16.05.5 MR-5# tail -f dnsd.log 

    Jul 07 15:39:34.693442 [local tlv clients] set_log_level():Log level set to ERR

    INFO  : Reading /cfs/dns.conf

    LOGINFO: DNS ATP Policy Set

    starting

    Jul 07 15:39:34.980077 [local tlv clients] before RLIMIT_NOFILE, rlim_cur = 1024, rlim_max 4096

    Jul 07 15:39:34.980093 [local tlv clients] RLIMIT_NOFILE, rlim_cur = 1590, rlim_max 4096

    Bind: Address already in use

    Bind: Address already in use

    Bind: Address already in use

    Bind: Address already in use

    SFVH_VM01_SFOS 16.05.5 MR-5# tail -f *.log | grep dns

    ==> dnsd.log <==

    INFO  : Reading /cfs/dns.conf

    SFVH_VM01_SFOS 16.05.5 MR-5# service -S | grep dn

    dnsd                 RUNNING

    Thanks

  • 0 in reply to sachingurung

    Dear Sachin

    I have logged a service support  request with support team and they have Analyzed , this problem on live system and simulated  as well  on there system.Hope we get fix in upcoming release.

    the Bug ID is  NC-19073           

    Best Regards,

    Vishvas

Reply Children