Hey Everyone,
Just writing up this post to ask for some assistance with an issue I'm having on my network.
DNS Setup:
Local Clients -> Internal Microsoft DNS Servers -> SOPHOS UTM (this has been temporarily removed for testing) -> DNS Forwarders (Mixed, Google and Local AU DNS Servers, that all work)
What happens is:
- Internet and all services will be operating fine. Then, at random, for anywhere between 3 and 5 minutes, we are unable to perform any DNS lookups through our Local AD DNS Servers (we have two).
- While we are having this issue, I can't see any irregulars in the Firewall or IPS logs, but when i enter 8.8.8.8 or 8.8.4.4 into my local machine config, i can browse the web no worries.
- We have confirmed with ISP that there are definitely no issues on their end as far as packet blocking or anything goes.
- We have confirmed that Micrsoft DNS on each server is working and configured correctly. Forwarders all resolvable, same with Root Hints. Nothing showing in Logs to suggest poisoning or anything of the like.
- Restarting MS DNS didn't help either.
- This can happen at any random stage during the day, noticed that when the campus is quieter, it can still happen but not as frequent.
- My thoughts are that our internal DNS servers are being mistaken for an attack and being blocked by UTM from processing dns requests.
OR
EDNS Packets are 512 bytes in size and UDP, IPS is blocking them immediately.
I'm out of ideas, logged a call with SOPHOS Tech Support, but thought I'd ask here as well.
Can anyone help?
Cheers
This thread was automatically locked due to age.
