Hi Everyone,
Having issues with DNS being dropped within the firewall.
Topology:
4 DNS Servers
DC1
DC2 (Primary DNS for all clients - Has 3 DNS forwarders configured)
DC3
Jefferson (legacy DC/CA)
The 4 DCs are defined within a group as well, DC Group
Under Network Services/DNS I have the following:
Global (left default and empty)
Forwarders: all 4 DCs
The other 3 tabs have nothing, I do not have split DNS with my Domain
Network Protection
Firewall
Internal Network (Address) -> DNS -> DC Group
I noticed a lot of DNS drops, more specifically the IP of the DNS Server at port 53, hitting the default internal IP of the gateway and various ports like 40087 and being dropped by the firewall. I also saw the external DNS servers being blocked. If the firewall rule says that the 4 DCs can do DNS anywhere, why are they being dropped? Does the firewall not recognize the DNS traffic? So I started to add more rules based on activity I saw in the live firewall log:
4 DC's -> DNS -> Any
Still drops, watched the log, and added more:
Defined the 4 external DNS servers my DCs could contact:
External DNS group ->DNS->Internal Network (Address)
Still DNS drops, added more
External DNS group ->DNS -> DC Group
Still... drops, example:
IP of DC2:53 -> IP of default gateway:62517 Default Drop
IP of DC2:53 -> IP of default gateway:40087 Default Drop
IP of DC2:53 -> IP of default gateway:46869 Default Drop
Any suggestions? Thank you in advance for trying to understand this and helping me out.
This thread was automatically locked due to age.
