Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 11150 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Service fails every 30 minutes for ~60 seconds - SG105

SophieBerger

Hello,

we have a SG105 that runs the DNS service. It forwards all requests that it cannot handle to the Google DNS servers 8.8.8.8 and 8.8.4.4.

For some reason that I cannot figure out, the DNS service fails to forward requests every 30 minutes for roughly 60 seconds where it's simply dead.

I have no idea what's going on. From looking into the logs I assume that some config gets reloaded and the service restarted. If that has to be I'd like to figure out what config that is and want to find a way that it does so only like at 4am when nobody actually needs the DNS service.

Maybe some of you has an idea whats going on. I appreciate the help.

Thanks in advance!

Sophie

notifier.log
2017:01:06-11:39:28 sophos notifier[3653]: loading config version 1348
2017:01:06-11:40:24 sophos notifier[3653]: loading config version 1350

fallback.log
2017:01:06-11:39:14 sophos [user:notice] " 
2017:01:06-11:39:30 sophos [user:notice] " 
2017:01:06-11:39:32 sophos [user:notice] " 
2017:01:06-11:39:33 sophos [user:notice] " 
2017:01:06-11:39:36 sophos [user:notice] " 
2017:01:06-11:39:41 sophos [user:notice] " 
2017:01:06-11:39:44 sophos [user:notice] " 

service_monitor.log
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.8.8 changed state to OFFLINE"
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.4.4"
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.4.4 changed state to OFFLINE"
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.4.4"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.8.8 changed state to ONLINE"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.8.8"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.4.4 changed state to ONLINE"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.8.8"

up2date.log
2017:01:06-11:40:03 sophos audld[626]: no HA system or cluster node
2017:01:06-11:40:03 sophos audld[626]: Starting Up2Date Package Downloader
2017:01:06-11:40:05 sophos audld[626]: patch up2date possible
2017:01:06-11:40:05 sophos audld[626]: Using static update server list in HA mode
2017:01:06-11:40:26 sophos audld[626]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Internal Server Error).
2017:01:06-11:40:27 sophos audld[626]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2017:01:06-11:40:27 sophos audld[626]: Using static download server list in HA mode

mdw.log
2017:01:06-11:39:28 sophos middleware[3787]: T main::top-level:213() => starting cycle 1336, caught 1 signals
2017:01:06-11:39:29 sophos middleware[3787]: T core::Config::Changed:194() => configversion=1348
2017:01:06-11:39:29 sophos middleware[3787]: T core::Config::Changed:204() => nodes=0 objects=1 triggers=0
2017:01:06-11:39:29 sophos middleware[3787]: T core::Config::load:347() => modules=2,9
2017:01:06-11:39:29 sophos middleware[3787]: T modules::ipset::deleteUnused:320() => auto#=6/682 confd#=0/341
2017:01:06-11:39:29 sophos middleware[3787]: T main::top-level:264() => ending cycle 1336, caught 0 signals, 0 children still running
2017:01:06-11:39:47 sophos middleware[3787]: T main::top-level:213() => starting cycle 1337, caught 1 signals
2017:01:06-11:39:47 sophos middleware[3787]: T core::Config::Changed:194() => configversion=1349
2017:01:06-11:39:47 sophos middleware[3787]: T core::Config::Changed:204() => nodes=0 objects=1 triggers=0
2017:01:06-11:39:47 sophos middleware[3787]: T core::Config::load:347() => modules=2,3
2017:01:06-11:39:48 sophos middleware[3787]: T modules::ipset::deleteUnused:320() => auto#=6/682 confd#=0/341
2017:01:06-11:39:48 sophos middleware[3787]: T main::top-level:275() => cycle 1337 waiting for 1 children
2017:01:06-11:39:48 sophos middleware[3787]: T main::top-level:264() => ending cycle 1337, caught 0 signals, 0 children still running
2017:01:06-11:40:24 sophos middleware[3787]: T main::top-level:213() => starting cycle 1338, caught 1 signals
2017:01:06-11:40:24 sophos middleware[3787]: T core::Config::Changed:194() => configversion=1350
2017:01:06-11:40:24 sophos middleware[3787]: T core::Config::Changed:204() => nodes=0 objects=1 triggers=0
2017:01:06-11:40:24 sophos middleware[3787]: T core::Config::load:347() => modules=2,9
2017:01:06-11:40:25 sophos middleware[3787]: T modules::ipset::deleteUnused:320() => auto#=6/682 confd#=0/341
2017:01:06-11:40:25 sophos middleware[3787]: T main::top-level:264() => ending cycle 1338, caught 0 signals, 0 children still running

system.log
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_DefaultSophosUTMSupportHost
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep1t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep5t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver2a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep4t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep2t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver4a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep3t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver3a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver1a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver5a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsSophoLivec
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NtpPool
2017:01:06-11:39:39 sophos dns-resolver[4246]: DNS server failed to contact!
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver1a :: resolver1.ast.ctmail.mw-com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver2a :: resolver2.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_DefaultSophosUTMSupportHost :: dispatch.apu.sophos.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver5a :: resolver5.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep1t :: iprep1.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep5t :: iprep5.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep4t :: iprep4.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep3t :: iprep3.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver3a :: resolver3.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: Updating REF_NtpPool :: pool.ntp.org
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver4a :: resolver4.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep2t :: iprep2.t.ctmail.com
2017:01:06-11:39:48 sophos ntpd[31558]: ntpd exiting on signal 15 (Terminated)
2017:01:06-11:39:48 sophos ntpd[31558]: 127.127.1.0 local addr 127.0.0.1 -> <null>
2017:01:06-11:39:48 sophos ntpd[31558]: 136.243.177.133 local addr 172.17.16.5 -> <null>
2017:01:06-11:39:48 sophos ntpd[31558]: 78.46.188.101 local addr 172.17.16.5 -> <null>
2017:01:06-11:39:48 sophos ntpd[31558]: 5.100.133.221 local addr 172.17.16.5 -> <null>
2017:01:06-11:39:48 sophos ntpd[598]: ntpd 4.2.8p8@1.3265-o Thu Sep 15 09:37:01 UTC 2016 (1): Starting
2017:01:06-11:39:48 sophos ntpd[598]: Command line: /sbin/ntpd
2017:01:06-11:39:48 sophos ntpd[600]: proto: precision = 0.840 usec (-20)
2017:01:06-11:39:48 sophos ntpd[600]: restrict 0.0.0.0: KOD does nothing without LIMITED.
2017:01:06-11:39:48 sophos ntpd[600]: restrict ::: KOD does nothing without LIMITED.
2017:01:06-11:39:48 sophos ntpd[600]: Listen and drop on 0 v6wildcard [::]:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen and drop on 1 v4wildcard 0.0.0.0:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 2 lo 127.0.0.1:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 3 eth0 172.17.16.10:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 4 br0 172.17.16.5:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 5 lo [::1]:123
2017:01:06-11:39:48 sophos ntpd[600]: Listening on routing socket on fd #22 for interface updates
2017:01:06-11:40:01 sophos /usr/sbin/cron[621]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
2017:01:06-11:40:01 sophos /usr/sbin/cron[626]: (root) CMD (/sbin/audld.plx --trigger)
2017:01:06-11:40:02 sophos /usr/sbin/cron[632]: (root) CMD (/var/mdw/scripts/pmx-blocklist-update)
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_DefaultSophosUTMSupportHost
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep1t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep5t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver2a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep4t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep2t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver4a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep3t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver3a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver1a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver5a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsSophoLivec
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NtpPoolm
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver1a :: resolver1.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver2a :: resolver2.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_DefaultSophosUTMSupportHost :: dispatch.apu.sophos.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver5a :: resolver5.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep1t :: iprep1.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep5t :: iprep5.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep4t :: iprep4.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep3t :: iprep3.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver3a :: resolver3.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NtpPool :: pool.ntp.org
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver4a :: resolver4.ast.ctmail.com
2017:01:06-11:40:26 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep2t :: iprep2.t.ctmail.com

confd.log
2017:01:06-11:39:28 sophos confd[3272]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="availability_group" ref="REF_NetAvaGooglDnsServe" objname="Google DNS Servers" user="system" srcip="127.0.0.1" sid="PehrxfTgRcwIAJtshBbN" facility="system" client="service_monitor" pid="538" attr_address="8.8.4.4" oldattr_address="8.8.8.8"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1341 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1342 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1343 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1344 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1345 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1346 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::top-level:774() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="PehrxfTgRcwIAJtshBbN" facility="system" client="service_monitor" pid="538" version="1348" storage="/cfg"
2017:01:06-11:39:47 sophos confd[3272]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="dns_group" ref="REF_NtpPool" objname="NTP Server Pool" user="system" srcip="127.0.0.1" sid="qWGWVRaofSzKrVvDVxEl" facility="system" client="dns-resolver.plx" pid="554" attr_addresses="['146.0.32.144','131.188.3.222','37.120.191.245']" oldattr_addresses="['136.243.177.133','78.46.188.101','5.100.133.221']"
2017:01:06-11:39:47 sophos confd[3272]: I main::top-level:774() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="qWGWVRaofSzKrVvDVxEl" facility="system" client="dns-resolver.plx" pid="554" version="1349" storage="/cfg"
2017:01:06-11:40:23 sophos confd[3272]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="availability_group" ref="REF_NetAvaGooglDnsServe" objname="Google DNS Servers" user="system" srcip="127.0.0.1" sid="JjLnrOBnIoHxrArYqEvW" facility="system" client="service_monitor" pid="713" attr_address="8.8.8.8" oldattr_address="8.8.4.4"
2017:01:06-11:40:24 sophos confd[3272]: I main::top-level:774() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="JjLnrOBnIoHxrArYqEvW" facility="system" client="service_monitor" pid="713" version="1350" storage="/cfg"

named.log
2017:01:06-11:39:29 sophos named[4253]: received control channel command 'reload'
2017:01:06-11:39:29 sophos named[4253]: loading configuration from '//etc/named.conf'
2017:01:06-11:39:29 sophos named[4253]: sizing zone task pool based on 24 zones
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 10.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 16.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 17.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 18.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 19.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 20.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 21.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 22.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 23.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 24.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 25.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 26.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 27.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 28.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 29.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 30.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 31.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 168.192.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 64.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 65.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 66.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 67.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 68.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 69.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 70.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 71.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 72.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 73.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 74.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 75.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 76.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 77.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 78.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 79.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 80.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 81.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 82.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 83.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 84.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 85.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 86.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 87.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 88.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 89.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 90.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 91.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 92.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 93.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 94.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 95.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 96.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 97.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 98.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 99.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 100.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 101.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 102.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 103.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 104.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 105.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 106.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 107.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 108.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 109.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 110.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 111.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 112.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 113.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 114.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 115.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 116.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 117.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 118.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 119.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 120.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 121.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 122.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 123.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 124.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 125.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 126.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 127.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 0.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 127.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 254.169.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 2.0.192.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 100.51.198.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 113.0.203.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 255.255.255.255.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: D.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 8.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 9.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: A.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: B.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 8.B.D.0.1.0.0.2.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: EMPTY.AS112.ARPA
2017:01:06-11:39:29 sophos named[4253]: configuring command channel from '//etc/rndc.key'
2017:01:06-11:39:29 sophos named[4253]: reloading configuration succeeded
2017:01:06-11:39:29 sophos named[4253]: reloading zones succeeded
2017:01:06-11:39:29 sophos named[4253]: received control channel command 'flush'
2017:01:06-11:39:29 sophos named[4253]: flushing caches in all views succeeded
2017:01:06-11:39:29 sophos named[4253]: all zones loaded
2017:01:06-11:39:29 sophos named[4253]: running
2017:01:06-11:40:24 sophos named[4253]: received control channel command 'reload'
2017:01:06-11:40:24 sophos named[4253]: loading configuration from '//etc/named.conf'
2017:01:06-11:40:24 sophos named[4253]: sizing zone task pool based on 24 zones
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 10.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 16.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 17.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 18.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 19.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 20.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 21.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 22.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 23.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 24.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 25.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 26.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 27.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 28.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 29.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 30.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 31.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 168.192.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 64.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 65.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 66.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 67.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 68.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 69.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 70.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 71.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 72.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 73.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 74.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 75.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 76.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 77.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 78.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 79.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 80.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 81.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 82.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 83.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 84.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 85.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 86.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 87.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 88.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 89.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 90.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 91.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 92.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 93.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 94.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 95.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 96.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 97.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 98.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 99.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 100.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 101.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 102.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 103.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 104.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 105.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 106.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 107.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 108.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 109.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 110.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 111.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 112.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 113.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 114.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 115.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 116.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 117.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 118.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 119.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 120.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 121.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 122.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 123.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 124.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 125.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 126.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 127.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 0.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 127.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 254.169.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 2.0.192.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 100.51.198.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 113.0.203.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 255.255.255.255.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: D.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 8.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 9.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: A.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: B.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 8.B.D.0.1.0.0.2.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: EMPTY.AS112.ARPA
2017:01:06-11:40:24 sophos named[4253]: configuring command channel from '//etc/rndc.key'
2017:01:06-11:40:24 sophos named[4253]: reloading configuration succeeded
2017:01:06-11:40:24 sophos named[4253]: reloading zones succeeded
2017:01:06-11:40:24 sophos named[4253]: received control channel command 'flush'
2017:01:06-11:40:24 sophos named[4253]: flushing caches in all views succeeded
2017:01:06-11:40:24 sophos named[4253]: all zones loaded
2017:01:06-11:40:24 sophos named[4253]: running

packetfilter.log
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="54609" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="54609" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42877" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42877" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="46499" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="46499" dstport="53" 
2017:01:06-11:39:08 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:09 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:11 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:14 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:14 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.8.8" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="30615" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:24 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:24 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:25 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:25 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:27 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:27 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:28 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="65" tos="0x00" prec="0x00" ttl="255" srcport="52034" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="173.194.169.101" dstip="172.17.17.6" proto="17" length="95" tos="0x00" prec="0x00" ttl="45" srcport="63850" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.8.8" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="45275" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:32 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="58421" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:33 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:33 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:33 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="44460" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:35 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:35 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:36 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="61393" dstport="53" 
2017:01:06-11:39:36 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:36 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="21872" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="61393" dstport="53" 
2017:01:06-11:39:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="64" srcport="45987" dstport="53" 
2017:01:06-11:39:40 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:41 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="69" tos="0x00" prec="0x00" ttl="255" srcport="51902" dstport="53" 
2017:01:06-11:39:41 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="55820" dstport="53" 
2017:01:06-11:39:41 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="28220" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="61393" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49272" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="69" tos="0x00" prec="0x00" ttl="255" srcport="51902" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="55820" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49272" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49550" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="77" tos="0x00" prec="0x00" ttl="255" srcport="56716" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="50170" dstport="53" 
2017:01:06-11:39:44 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="69" tos="0x00" prec="0x00" ttl="255" srcport="51902" dstport="53" 
2017:01:06-11:39:44 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="55820" dstport="53" 
2017:01:06-11:39:44 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="59165" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49550" dstport="53" 
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="77" tos="0x00" prec="0x00" ttl="255" srcport="56716" dstport="53" 
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="50170" dstport="53" 
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="96" tos="0x00" prec="0x00" ttl="255" srcport="63833" dstport="53" 
2017:01:06-11:39:47 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="71" tos="0x00" prec="0x00" ttl="255" srcport="64454" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="41740" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="41740" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="37466" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="37466" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42869" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42869" dstport="53" 
2017:01:06-11:40:06 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="55388" dstport="53" 
2017:01:06-11:40:12 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="66" tos="0x00" prec="0x00" ttl="64" srcport="53308" dstport="53" 
2017:01:06-11:40:20 sophos ulogd[4515]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="104.244.42.1" dstip="172.17.20.21" proto="6" length="40" tos="0x00" prec="0x00" ttl="60" srcport="443" dstport="39116" tcpflags="RST" 
2017:01:06-11:40:22 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="56" tos="0x00" prec="0x00" ttl="64" srcport="52291" dstport="53" 
2017:01:06-11:40:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:09:4f:65:2d:53" dstmac="00:1a:8c:40:f3:38" srcip="172.17.16.3" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="62" srcport="39519" dstport="53" 
2017:01:06-11:40:47 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="55859" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="56837" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="65228" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="109" tos="0x00" prec="0x00" ttl="255" srcport="56837" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="109" tos="0x00" prec="0x00" ttl="255" srcport="65228" dstport="53" 
2017:01:06-11:40:50 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="255" srcport="59373" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="255" srcport="61860" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="255" srcport="60249" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="50057" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="176.34.233.8" dstip="172.17.20.43" proto="6" length="40" tos="0x00" prec="0x00" ttl="60" srcport="443" dstport="56045" tcpflags="RST" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="176.34.233.8" dstip="172.17.20.43" proto="6" length="40" tos="0x00" prec="0x00" ttl="60" srcport="443" dstport="56047" tcpflags="RST" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="61" tos="0x00" prec="0x00" ttl="255" srcport="49843" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="61" tos="0x00" prec="0x00" ttl="255" srcport="52760" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="99" tos="0x00" prec="0x00" ttl="255" srcport="61860" dstport="53" 
2017:01:06-11:40:56 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:09:4f:65:2d:53" dstmac="00:1a:8c:40:f3:38" srcip="172.17.16.3" dstip="172.17.16.10" proto="17" length="61" tos="0x00" prec="0x00" ttl="63" srcport="7162" dstport="53"


This thread was automatically locked due to age.
Parents
  • 0

    Hi Sophie,

    2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.8.8 changed state to OFFLINE"

    You should eliminate the possibility that there's a problem with your ISP or your/their modem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

    thanks for your reply. I was wondering about that as well but since we can access the internet just fine and browse the web as long as DNS is cached on the client, I didn't follow through with that thought.

    I don't really know what to tell them since basically everything works all the time. Just the DNS server on the Sophos doesn't respond/is not working for whatever reason.

    Thanks

  • 0 in reply to SophieBerger

    I see that phenomenon at home sometimes.  Sometimes, rebooting the UTM seems to resolve the issue, sometimes it just resolves itself.  I bet we would see the same phenomenon without a UTM in the picture.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to SophieBerger

    I see that phenomenon at home sometimes.  Sometimes, rebooting the UTM seems to resolve the issue, sometimes it just resolves itself.  I bet we would see the same phenomenon without a UTM in the picture.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    We did reboot the UTM several times without any change to the behaviour.

    Since we spent weeks with this issue, we decided to go the extra mile and put our old Lancom Router in charge instead of the Sophos.

    "Unfortunately" it worked perfectly without any issues for days. We had it running for a few days now without any issues. Early this morning we replaced it with the Sophos UTM again and we are back to the old issue. Every 30 minutes no DNS for about 60 seconds.

    Has anybody seen sachingurung lately? He offered assistance but I never heard back from him.

    Thanks again for all your assistance so far.

  • 0 in reply to SophieBerger

    Sophie, if this isn't a home-use license, please get Sophos Support involved.

    My final guess is to try #7.7 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to SophieBerger

    Hi Sophie,

    I tested the issue long back, I saw the same behavior but, there was nothing reported internally. As it was not a critical issue I was not able to find any information. I guess the issue is caused when you have an intermediate modem or device connecting you to ISP or a DHCP line.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    I wrote to Sophos Support and they replied that they are not able to help us since we aren't a silver partner. I asked for a way to buy some kind of support ticket or something alike to get help with this case and didn't receive a reply any more.

    It's kind of ridiculous that we are left alone with this issue.

    Anyhow, thanks for your kind help here on the forums. Management decided to quit the relationship with Sophos since we don't feel comfortable to offer this product to our customers.

Unfiltered HTML