Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 11151 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Service fails every 30 minutes for ~60 seconds - SG105

SophieBerger

Hello,

we have a SG105 that runs the DNS service. It forwards all requests that it cannot handle to the Google DNS servers 8.8.8.8 and 8.8.4.4.

For some reason that I cannot figure out, the DNS service fails to forward requests every 30 minutes for roughly 60 seconds where it's simply dead.

I have no idea what's going on. From looking into the logs I assume that some config gets reloaded and the service restarted. If that has to be I'd like to figure out what config that is and want to find a way that it does so only like at 4am when nobody actually needs the DNS service.

Maybe some of you has an idea whats going on. I appreciate the help.

Thanks in advance!

Sophie

notifier.log
2017:01:06-11:39:28 sophos notifier[3653]: loading config version 1348
2017:01:06-11:40:24 sophos notifier[3653]: loading config version 1350

fallback.log
2017:01:06-11:39:14 sophos [user:notice] " 
2017:01:06-11:39:30 sophos [user:notice] " 
2017:01:06-11:39:32 sophos [user:notice] " 
2017:01:06-11:39:33 sophos [user:notice] " 
2017:01:06-11:39:36 sophos [user:notice] " 
2017:01:06-11:39:41 sophos [user:notice] " 
2017:01:06-11:39:44 sophos [user:notice] " 

service_monitor.log
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.8.8 changed state to OFFLINE"
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.4.4"
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.4.4 changed state to OFFLINE"
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.4.4"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.8.8 changed state to ONLINE"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.8.8"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.4.4 changed state to ONLINE"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.8.8"

up2date.log
2017:01:06-11:40:03 sophos audld[626]: no HA system or cluster node
2017:01:06-11:40:03 sophos audld[626]: Starting Up2Date Package Downloader
2017:01:06-11:40:05 sophos audld[626]: patch up2date possible
2017:01:06-11:40:05 sophos audld[626]: Using static update server list in HA mode
2017:01:06-11:40:26 sophos audld[626]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Internal Server Error).
2017:01:06-11:40:27 sophos audld[626]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2017:01:06-11:40:27 sophos audld[626]: Using static download server list in HA mode

mdw.log
2017:01:06-11:39:28 sophos middleware[3787]: T main::top-level:213() => starting cycle 1336, caught 1 signals
2017:01:06-11:39:29 sophos middleware[3787]: T core::Config::Changed:194() => configversion=1348
2017:01:06-11:39:29 sophos middleware[3787]: T core::Config::Changed:204() => nodes=0 objects=1 triggers=0
2017:01:06-11:39:29 sophos middleware[3787]: T core::Config::load:347() => modules=2,9
2017:01:06-11:39:29 sophos middleware[3787]: T modules::ipset::deleteUnused:320() => auto#=6/682 confd#=0/341
2017:01:06-11:39:29 sophos middleware[3787]: T main::top-level:264() => ending cycle 1336, caught 0 signals, 0 children still running
2017:01:06-11:39:47 sophos middleware[3787]: T main::top-level:213() => starting cycle 1337, caught 1 signals
2017:01:06-11:39:47 sophos middleware[3787]: T core::Config::Changed:194() => configversion=1349
2017:01:06-11:39:47 sophos middleware[3787]: T core::Config::Changed:204() => nodes=0 objects=1 triggers=0
2017:01:06-11:39:47 sophos middleware[3787]: T core::Config::load:347() => modules=2,3
2017:01:06-11:39:48 sophos middleware[3787]: T modules::ipset::deleteUnused:320() => auto#=6/682 confd#=0/341
2017:01:06-11:39:48 sophos middleware[3787]: T main::top-level:275() => cycle 1337 waiting for 1 children
2017:01:06-11:39:48 sophos middleware[3787]: T main::top-level:264() => ending cycle 1337, caught 0 signals, 0 children still running
2017:01:06-11:40:24 sophos middleware[3787]: T main::top-level:213() => starting cycle 1338, caught 1 signals
2017:01:06-11:40:24 sophos middleware[3787]: T core::Config::Changed:194() => configversion=1350
2017:01:06-11:40:24 sophos middleware[3787]: T core::Config::Changed:204() => nodes=0 objects=1 triggers=0
2017:01:06-11:40:24 sophos middleware[3787]: T core::Config::load:347() => modules=2,9
2017:01:06-11:40:25 sophos middleware[3787]: T modules::ipset::deleteUnused:320() => auto#=6/682 confd#=0/341
2017:01:06-11:40:25 sophos middleware[3787]: T main::top-level:264() => ending cycle 1338, caught 0 signals, 0 children still running

system.log
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_DefaultSophosUTMSupportHost
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep1t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep5t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver2a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep4t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep2t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver4a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep3t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver3a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver1a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver5a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsSophoLivec
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NtpPool
2017:01:06-11:39:39 sophos dns-resolver[4246]: DNS server failed to contact!
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver1a :: resolver1.ast.ctmail.mw-com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver2a :: resolver2.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_DefaultSophosUTMSupportHost :: dispatch.apu.sophos.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver5a :: resolver5.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep1t :: iprep1.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep5t :: iprep5.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep4t :: iprep4.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep3t :: iprep3.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver3a :: resolver3.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: Updating REF_NtpPool :: pool.ntp.org
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver4a :: resolver4.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep2t :: iprep2.t.ctmail.com
2017:01:06-11:39:48 sophos ntpd[31558]: ntpd exiting on signal 15 (Terminated)
2017:01:06-11:39:48 sophos ntpd[31558]: 127.127.1.0 local addr 127.0.0.1 -> <null>
2017:01:06-11:39:48 sophos ntpd[31558]: 136.243.177.133 local addr 172.17.16.5 -> <null>
2017:01:06-11:39:48 sophos ntpd[31558]: 78.46.188.101 local addr 172.17.16.5 -> <null>
2017:01:06-11:39:48 sophos ntpd[31558]: 5.100.133.221 local addr 172.17.16.5 -> <null>
2017:01:06-11:39:48 sophos ntpd[598]: ntpd 4.2.8p8@1.3265-o Thu Sep 15 09:37:01 UTC 2016 (1): Starting
2017:01:06-11:39:48 sophos ntpd[598]: Command line: /sbin/ntpd
2017:01:06-11:39:48 sophos ntpd[600]: proto: precision = 0.840 usec (-20)
2017:01:06-11:39:48 sophos ntpd[600]: restrict 0.0.0.0: KOD does nothing without LIMITED.
2017:01:06-11:39:48 sophos ntpd[600]: restrict ::: KOD does nothing without LIMITED.
2017:01:06-11:39:48 sophos ntpd[600]: Listen and drop on 0 v6wildcard [::]:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen and drop on 1 v4wildcard 0.0.0.0:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 2 lo 127.0.0.1:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 3 eth0 172.17.16.10:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 4 br0 172.17.16.5:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 5 lo [::1]:123
2017:01:06-11:39:48 sophos ntpd[600]: Listening on routing socket on fd #22 for interface updates
2017:01:06-11:40:01 sophos /usr/sbin/cron[621]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
2017:01:06-11:40:01 sophos /usr/sbin/cron[626]: (root) CMD (/sbin/audld.plx --trigger)
2017:01:06-11:40:02 sophos /usr/sbin/cron[632]: (root) CMD (/var/mdw/scripts/pmx-blocklist-update)
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_DefaultSophosUTMSupportHost
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep1t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep5t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver2a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep4t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep2t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver4a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep3t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver3a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver1a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver5a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsSophoLivec
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NtpPoolm
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver1a :: resolver1.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver2a :: resolver2.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_DefaultSophosUTMSupportHost :: dispatch.apu.sophos.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver5a :: resolver5.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep1t :: iprep1.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep5t :: iprep5.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep4t :: iprep4.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep3t :: iprep3.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver3a :: resolver3.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NtpPool :: pool.ntp.org
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver4a :: resolver4.ast.ctmail.com
2017:01:06-11:40:26 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep2t :: iprep2.t.ctmail.com

confd.log
2017:01:06-11:39:28 sophos confd[3272]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="availability_group" ref="REF_NetAvaGooglDnsServe" objname="Google DNS Servers" user="system" srcip="127.0.0.1" sid="PehrxfTgRcwIAJtshBbN" facility="system" client="service_monitor" pid="538" attr_address="8.8.4.4" oldattr_address="8.8.8.8"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1341 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1342 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1343 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1344 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1345 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1346 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::top-level:774() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="PehrxfTgRcwIAJtshBbN" facility="system" client="service_monitor" pid="538" version="1348" storage="/cfg"
2017:01:06-11:39:47 sophos confd[3272]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="dns_group" ref="REF_NtpPool" objname="NTP Server Pool" user="system" srcip="127.0.0.1" sid="qWGWVRaofSzKrVvDVxEl" facility="system" client="dns-resolver.plx" pid="554" attr_addresses="['146.0.32.144','131.188.3.222','37.120.191.245']" oldattr_addresses="['136.243.177.133','78.46.188.101','5.100.133.221']"
2017:01:06-11:39:47 sophos confd[3272]: I main::top-level:774() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="qWGWVRaofSzKrVvDVxEl" facility="system" client="dns-resolver.plx" pid="554" version="1349" storage="/cfg"
2017:01:06-11:40:23 sophos confd[3272]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="availability_group" ref="REF_NetAvaGooglDnsServe" objname="Google DNS Servers" user="system" srcip="127.0.0.1" sid="JjLnrOBnIoHxrArYqEvW" facility="system" client="service_monitor" pid="713" attr_address="8.8.8.8" oldattr_address="8.8.4.4"
2017:01:06-11:40:24 sophos confd[3272]: I main::top-level:774() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="JjLnrOBnIoHxrArYqEvW" facility="system" client="service_monitor" pid="713" version="1350" storage="/cfg"

named.log
2017:01:06-11:39:29 sophos named[4253]: received control channel command 'reload'
2017:01:06-11:39:29 sophos named[4253]: loading configuration from '//etc/named.conf'
2017:01:06-11:39:29 sophos named[4253]: sizing zone task pool based on 24 zones
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 10.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 16.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 17.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 18.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 19.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 20.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 21.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 22.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 23.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 24.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 25.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 26.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 27.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 28.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 29.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 30.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 31.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 168.192.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 64.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 65.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 66.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 67.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 68.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 69.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 70.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 71.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 72.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 73.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 74.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 75.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 76.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 77.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 78.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 79.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 80.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 81.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 82.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 83.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 84.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 85.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 86.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 87.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 88.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 89.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 90.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 91.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 92.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 93.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 94.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 95.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 96.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 97.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 98.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 99.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 100.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 101.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 102.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 103.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 104.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 105.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 106.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 107.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 108.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 109.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 110.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 111.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 112.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 113.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 114.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 115.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 116.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 117.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 118.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 119.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 120.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 121.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 122.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 123.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 124.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 125.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 126.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 127.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 0.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 127.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 254.169.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 2.0.192.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 100.51.198.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 113.0.203.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 255.255.255.255.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: D.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 8.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 9.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: A.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: B.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 8.B.D.0.1.0.0.2.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: EMPTY.AS112.ARPA
2017:01:06-11:39:29 sophos named[4253]: configuring command channel from '//etc/rndc.key'
2017:01:06-11:39:29 sophos named[4253]: reloading configuration succeeded
2017:01:06-11:39:29 sophos named[4253]: reloading zones succeeded
2017:01:06-11:39:29 sophos named[4253]: received control channel command 'flush'
2017:01:06-11:39:29 sophos named[4253]: flushing caches in all views succeeded
2017:01:06-11:39:29 sophos named[4253]: all zones loaded
2017:01:06-11:39:29 sophos named[4253]: running
2017:01:06-11:40:24 sophos named[4253]: received control channel command 'reload'
2017:01:06-11:40:24 sophos named[4253]: loading configuration from '//etc/named.conf'
2017:01:06-11:40:24 sophos named[4253]: sizing zone task pool based on 24 zones
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 10.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 16.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 17.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 18.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 19.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 20.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 21.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 22.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 23.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 24.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 25.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 26.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 27.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 28.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 29.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 30.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 31.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 168.192.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 64.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 65.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 66.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 67.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 68.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 69.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 70.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 71.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 72.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 73.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 74.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 75.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 76.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 77.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 78.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 79.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 80.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 81.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 82.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 83.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 84.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 85.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 86.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 87.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 88.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 89.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 90.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 91.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 92.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 93.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 94.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 95.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 96.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 97.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 98.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 99.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 100.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 101.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 102.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 103.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 104.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 105.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 106.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 107.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 108.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 109.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 110.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 111.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 112.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 113.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 114.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 115.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 116.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 117.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 118.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 119.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 120.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 121.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 122.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 123.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 124.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 125.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 126.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 127.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 0.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 127.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 254.169.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 2.0.192.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 100.51.198.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 113.0.203.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 255.255.255.255.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: D.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 8.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 9.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: A.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: B.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 8.B.D.0.1.0.0.2.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: EMPTY.AS112.ARPA
2017:01:06-11:40:24 sophos named[4253]: configuring command channel from '//etc/rndc.key'
2017:01:06-11:40:24 sophos named[4253]: reloading configuration succeeded
2017:01:06-11:40:24 sophos named[4253]: reloading zones succeeded
2017:01:06-11:40:24 sophos named[4253]: received control channel command 'flush'
2017:01:06-11:40:24 sophos named[4253]: flushing caches in all views succeeded
2017:01:06-11:40:24 sophos named[4253]: all zones loaded
2017:01:06-11:40:24 sophos named[4253]: running

packetfilter.log
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="54609" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="54609" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42877" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42877" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="46499" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="46499" dstport="53" 
2017:01:06-11:39:08 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:09 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:11 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:14 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:14 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.8.8" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="30615" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:24 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:24 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:25 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:25 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:27 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:27 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:28 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="65" tos="0x00" prec="0x00" ttl="255" srcport="52034" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="173.194.169.101" dstip="172.17.17.6" proto="17" length="95" tos="0x00" prec="0x00" ttl="45" srcport="63850" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.8.8" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="45275" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:32 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="58421" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:33 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:33 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:33 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="44460" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:35 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:35 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:36 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="61393" dstport="53" 
2017:01:06-11:39:36 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:36 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="21872" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="61393" dstport="53" 
2017:01:06-11:39:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="64" srcport="45987" dstport="53" 
2017:01:06-11:39:40 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:41 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="69" tos="0x00" prec="0x00" ttl="255" srcport="51902" dstport="53" 
2017:01:06-11:39:41 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="55820" dstport="53" 
2017:01:06-11:39:41 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="28220" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="61393" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49272" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="69" tos="0x00" prec="0x00" ttl="255" srcport="51902" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="55820" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49272" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49550" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="77" tos="0x00" prec="0x00" ttl="255" srcport="56716" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="50170" dstport="53" 
2017:01:06-11:39:44 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="69" tos="0x00" prec="0x00" ttl="255" srcport="51902" dstport="53" 
2017:01:06-11:39:44 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="55820" dstport="53" 
2017:01:06-11:39:44 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="59165" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49550" dstport="53" 
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="77" tos="0x00" prec="0x00" ttl="255" srcport="56716" dstport="53" 
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="50170" dstport="53" 
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="96" tos="0x00" prec="0x00" ttl="255" srcport="63833" dstport="53" 
2017:01:06-11:39:47 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="71" tos="0x00" prec="0x00" ttl="255" srcport="64454" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="41740" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="41740" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="37466" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="37466" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42869" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42869" dstport="53" 
2017:01:06-11:40:06 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="55388" dstport="53" 
2017:01:06-11:40:12 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="66" tos="0x00" prec="0x00" ttl="64" srcport="53308" dstport="53" 
2017:01:06-11:40:20 sophos ulogd[4515]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="104.244.42.1" dstip="172.17.20.21" proto="6" length="40" tos="0x00" prec="0x00" ttl="60" srcport="443" dstport="39116" tcpflags="RST" 
2017:01:06-11:40:22 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="56" tos="0x00" prec="0x00" ttl="64" srcport="52291" dstport="53" 
2017:01:06-11:40:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:09:4f:65:2d:53" dstmac="00:1a:8c:40:f3:38" srcip="172.17.16.3" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="62" srcport="39519" dstport="53" 
2017:01:06-11:40:47 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="55859" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="56837" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="65228" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="109" tos="0x00" prec="0x00" ttl="255" srcport="56837" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="109" tos="0x00" prec="0x00" ttl="255" srcport="65228" dstport="53" 
2017:01:06-11:40:50 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="255" srcport="59373" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="255" srcport="61860" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="255" srcport="60249" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="50057" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="176.34.233.8" dstip="172.17.20.43" proto="6" length="40" tos="0x00" prec="0x00" ttl="60" srcport="443" dstport="56045" tcpflags="RST" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="176.34.233.8" dstip="172.17.20.43" proto="6" length="40" tos="0x00" prec="0x00" ttl="60" srcport="443" dstport="56047" tcpflags="RST" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="61" tos="0x00" prec="0x00" ttl="255" srcport="49843" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="61" tos="0x00" prec="0x00" ttl="255" srcport="52760" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="99" tos="0x00" prec="0x00" ttl="255" srcport="61860" dstport="53" 
2017:01:06-11:40:56 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:09:4f:65:2d:53" dstmac="00:1a:8c:40:f3:38" srcip="172.17.16.3" dstip="172.17.16.10" proto="17" length="61" tos="0x00" prec="0x00" ttl="63" srcport="7162" dstport="53"


This thread was automatically locked due to age.
  • 0

    Looking through the logs, I can see its marking the DNS servers as down, and then failing to the other DNS server and reloading,

    As a test, could you try a different DNS server? OpenDNS are free, 208.67.222.222 and 208.67.220.220

    Edit:

    No one is working on the UTM?

    2017:01:06-11:39:28 sophos notifier[3653]: loading config version 1348
2017:01:06-11:40:24 sophos notifier[3653]: loading config version 1350

    Regards,
    Bohdan

  • 0 in reply to Bohdan.S

    Thanks Bohdan. I created a new availibility group with the Open DNS servers. et's see if that helps. I'll know in about 30 minutes...

    Nobody should be working with the UTM. Since the problem always appears when a new config version is loaded I thought that this might be connected.

    Do you have any idea what config it is that is loaded there? And maybe why it reloads? Is there  cronjob somewhere? How can I find out?

    Thanks

  • 0 in reply to SophieBerger

    Unfortunately I see the same problem with the Open DNS servers. Also it looks to me like the Google DNS servers are still being used although I removed them from the DNS forwarding tab.

     

    2017:01:10-15:28:49 sophos service_monitor[9893]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaOpenDnsServe ICMP 208.67.220.220 changed state to OFFLINE"
    2017:01:10-15:28:49 sophos service_monitor[9893]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaOpenDnsServe to 208.67.222.222"
    2017:01:10-15:28:49 sophos service_monitor[9893]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.4.4 changed state to OFFLINE"
    2017:01:10-15:28:49 sophos service_monitor[9893]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.8.8"
    2017:01:10-15:28:49 sophos service_monitor[9893]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.8.8 changed state to OFFLINE"
    2017:01:10-15:28:49 sophos service_monitor[9893]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaOpenDnsServe ICMP 208.67.222.222 changed state to OFFLINE"
    2017:01:10-15:28:49 sophos service_monitor[9893]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaOpenDnsServe to 208.67.222.222"
    2017:01:10-15:28:49 sophos service_monitor[9893]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.8.8"

  • 0 in reply to SophieBerger

    Do you have any load balancing set up on the UTM?

    It seems to be pinging google 8.8.8.8 and when a ping fails its failing over to the next, causing the delay.

    Regards,
    Bohdan

  • 0

    Hi Sophie,

    As mentioned by Bohdan, it is when the ICMP ping fails over 8.8.4.4 it switches over to 8.8.8.8 for minimal impact on the network. Instead of using an availability group verify what happens when you simply add Hosts in the forwarders.

    In the packet filter log entries for DNS, those are normally logged entries with ID=60011. For more information on them check https://community.sophos.com/kb/en-us/115029 .

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    We removed the availbility group and added the Google Hosts instead.

    The problem ist still there but not as frequently as before. We saw it every 30 minutes, now it seems to appear randomly but still at a multiple of 30 minutes. Like at 06:17am, 09:47am, 1:47pm...

    This confuses me more and more.

    2017:01:12-06:17:17 sophos service_monitor[5501]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGoogleDns ICMP 8.8.8.8 changed state to OFFLINE"
    2017:01:12-06:17:17 sophos service_monitor[5501]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGoogleDns to 8.8.4.4"
    2017:01:12-06:17:17 sophos service_monitor[5501]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGoogleDns ICMP 8.8.4.4 changed state to OFFLINE"
    2017:01:12-06:17:18 sophos service_monitor[5501]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGoogleDns to 8.8.4.4"
    2017:01:12-06:18:13 sophos service_monitor[5501]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGoogleDns ICMP 8.8.8.8 changed state to ONLINE"
    2017:01:12-06:18:13 sophos service_monitor[5501]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGoogleDns to 8.8.8.8"
    2017:01:12-06:18:13 sophos service_monitor[5501]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGoogleDns ICMP 8.8.4.4 changed state to ONLINE"
    2017:01:12-06:18:13 sophos service_monitor[5501]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGoogleDns to 8.8.8.8"

     

    I looked through the packetfilter for the ID that you mentioned. this is what i found:

    2017:01:12-06:17:03 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:01" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="41017" dstport="53"
    2017:01:12-06:17:24 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:02" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.7" dstip="172.17.16.10" proto="17" length="77" tos="0x00" prec="0x00" ttl="128" srcport="65357" dstport="53"
    2017:01:12-06:17:31 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="66" tos="0x00" prec="0x00" ttl="64" srcport="59140" dstport="53"
    2017:01:12-06:17:35 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="64" srcport="57067" dstport="53"
    2017:01:12-06:17:40 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="64" srcport="62481" dstport="53"
    2017:01:12-06:17:40 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="64" srcport="57067" dstport="53"
    2017:01:12-06:17:43 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="64" srcport="59423" dstport="53"
    2017:01:12-06:17:45 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="64" srcport="61659" dstport="53"
    2017:01:12-06:17:45 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="64" srcport="42757" dstport="53"
    2017:01:12-06:17:49 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="64" srcport="55039" dstport="53"
    2017:01:12-06:17:49 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="64" srcport="62481" dstport="53"
    2017:01:12-06:17:50 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="64" srcport="60974" dstport="53"
    2017:01:12-06:17:50 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="64" srcport="51762" dstport="53"
    2017:01:12-06:17:53 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:09:4f:65:2d:53" dstmac="00:1a:8c:40:f3:38" srcip="172.17.16.3" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="62" srcport="6676" dstport="53"
    2017:01:12-06:17:53 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="64" srcport="44314" dstport="53"
    2017:01:12-06:17:53 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="64" srcport="61659" dstport="53"
    2017:01:12-06:17:55 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="64" srcport="58185" dstport="53"
    2017:01:12-06:18:02 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:01" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="52519" dstport="53"
    2017:01:12-06:18:02 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:01" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="52519" dstport="53"
    2017:01:12-06:18:02 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:01" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="34301" dstport="53"
    2017:01:12-06:18:02 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:01" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="34301" dstport="53"
    2017:01:12-06:18:02 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:01" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42517" dstport="53"
    2017:01:12-06:18:02 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:01" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42517" dstport="53"
    2017:01:12-06:18:03 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:01" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="106" tos="0x00" prec="0x00" ttl="64" srcport="43949" dstport="53"
    2017:01:12-06:18:03 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:01" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="89" tos="0x00" prec="0x00" ttl="64" srcport="35865" dstport="53"
    2017:01:12-06:18:05 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:02" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.7" dstip="172.17.16.10" proto="17" length="76" tos="0x00" prec="0x00" ttl="128" srcport="57544" dstport="53"
    2017:01:12-06:18:05 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:15:5d:11:01:02" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.7" dstip="172.17.16.10" proto="17" length="76" tos="0x00" prec="0x00" ttl="128" srcport="57544" dstport="53"
    2017:01:12-06:18:35 sophos ulogd[4598]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="5c:2e:59:53:6f:10" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.21" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="64" srcport="19007" dstport="53"

     

    Maybe I'm misinterpreting it but it doesn't look to me like anything gets blocked around that time. To be specific, it doesn't even look like anything happens at all at the exact time when the DNS service fails.

    Please keep in mind that the internet connection is still alive during the time the DNS doesn't work. When I ping 8.8.8.8 from one of the clients while the problem appears, 8.8.8.8 responds and the ICMP works.

    Anything else you can think of? Is there a paid Sophos support for this kind of thing? We need this resolved.

  • 0 in reply to SophieBerger

    Hi Sophie,

    Now that makes me curious. Provide me sometime to test it and check with our internal team. Could you please remind me on the coming week so that I don't miss this out.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Sounds fabulous. Let me know what time zone you are in and we can work around that.

    Between now and the next 3 hours would work fine for us.

    Tomorrow would be good as well between 1pm and 4pm CET.

  • 0

    Hi Sophie,

    2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.8.8 changed state to OFFLINE"

    You should eliminate the possibility that there's a problem with your ISP or your/their modem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

    thanks for your reply. I was wondering about that as well but since we can access the internet just fine and browse the web as long as DNS is cached on the client, I didn't follow through with that thought.

    I don't really know what to tell them since basically everything works all the time. Just the DNS server on the Sophos doesn't respond/is not working for whatever reason.

    Thanks

Unfiltered HTML