This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

host not found errors

Recently one of my appliance boxes has started producing numerous "host not found" errors to web clients. This started a few weeks ago about the time it upgraded to 9.006-5. I have several appliances on the same software revision that do not have this problem.

I have tried changing DNS forwarders and tried deleting all of the forwarders. I tried a Google forwarder as well. I tried disabling virus scanning also. There is nothing in the IPS logs. The DNS log shows the errors.

I opened a support case last week, but I was hoping for some troubleshooting hints while I wait for Sophos to respond.

Thanks,
Alan

This thread was automatically locked due to age.

Parents

0 sdengscherz over 11 years ago

Hello,

I have exactly the same issue "random host not found errors in the web filter". I assume this is related to the Sophos UTM DNS resolver, because the following constellations occur at my side:

1) UTM Web filter as explicit proxy
UTM resolver: DNS PDC/BDC
  > UTM > ISP DNS
=> host not found errors

2) Squid Proxy as explicit proxy
Squid resolver:
   > DNS PDC/BDC > UTM > ISP DNS
=> host not found errors

3) Squid Proxy as explicit proxy
Squid resolver:
   > DNS PDC/BDC > ISP DNS
=> no errors!

my log entries also show a dns.c error:

2013:10:07-08:49:00 gw-rat01-1 httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="dns_expire" file="dns.c" line="186" message="dns query 9b1d (OpenBSD Journal: A resource for the OpenBSD community) timed out, retransmitting (retry 1)"
2013:10:07-08:49:04 gw-rat01-1 httpproxy[5874]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.50.13.127" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3281" request="0x194ebd80" url="http://www.undeadly.org/cgi?action=article&sid=20130319091144" exceptions="" error="Host not found" category="165" reputation="neutral" categoryname="Technical/Business Forums"

IPS is disabled. I have an open support case with Sophos with this but no resolution yet.

Kind regards, -sd
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 sdengscherz over 11 years ago

Hello,

I have exactly the same issue "random host not found errors in the web filter". I assume this is related to the Sophos UTM DNS resolver, because the following constellations occur at my side:

1) UTM Web filter as explicit proxy
UTM resolver: DNS PDC/BDC
  > UTM > ISP DNS
=> host not found errors

2) Squid Proxy as explicit proxy
Squid resolver:
   > DNS PDC/BDC > UTM > ISP DNS
=> host not found errors

3) Squid Proxy as explicit proxy
Squid resolver:
   > DNS PDC/BDC > ISP DNS
=> no errors!

my log entries also show a dns.c error:

2013:10:07-08:49:00 gw-rat01-1 httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="dns_expire" file="dns.c" line="186" message="dns query 9b1d (OpenBSD Journal: A resource for the OpenBSD community) timed out, retransmitting (retry 1)"
2013:10:07-08:49:04 gw-rat01-1 httpproxy[5874]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.50.13.127" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3281" request="0x194ebd80" url="http://www.undeadly.org/cgi?action=article&sid=20130319091144" exceptions="" error="Host not found" category="165" reputation="neutral" categoryname="Technical/Business Forums"

IPS is disabled. I have an open support case with Sophos with this but no resolution yet.

Kind regards, -sd
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data