This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is Sophos UTM 9 Firewall or IDS blocking EDNS0 queries (UDP packets that are larger than 512 byte)?

Hello,

our clients are using the integrated DNS server from Windows Server 2012.
Both the clients and the Windows servers are behind the Sophos UTM 9 firewall.

A few days ago we have enabled DNSSec validation for remote queries on the Windows servers. Since then some websites (like gmx.net, web.de) stopped working because of failed DNS resolution. It is toggeling between working and not working.

I've found the following support article from Microsoft:
https://support.microsoft.com/en-us/help/832223/some-dns-name-queries-are-unsuccessful-after-you-deploy-a-windows-base

Would it be possible that Sophos UTM firewall or IDS is blocking EDNS0 queries somehow?

Thank you,
Christoph



This thread was automatically locked due to age.
Parents Reply Children
  • Hello,

    thanks for your hints.

    We ended up to disabling DNSSEC validation again on Windows Server 2012.

    I've installed another Windows Server 2016 for testing purposes only.
    It worked with that behind the same firewall.

    So I guess there is problem with Windows Server 2012 and not the firewall.

    Thank you,
    Christoph