XG Blocking DNS Lookup - DNS Request Timeout Error

Question

Hi all, 
 I recently tried to point our DNS servers to our XG230 but when I run an nslookup I'm receiving the error "dns request timed out. timeout was 2 seconds". 
 Our setup is pretty simple. We have 2 x Windows 2012 DNS servers. Each server points to the other as the primary and then itself as the secondary. The servers are also configure to use forwarders to the local ISP. This has worked well for a long time. As soon as we point the servers to the old firewall it's fine so the problem has to be with the XG somewhere. 
 I have set up a network rule for the DNS servers and the logs show that traffic on UDP port 53 is being allowed to the ISP so it looks ok to me. I just can't figure out why NSLOOKUPS are timing out. The DNS settings on the XG are set to point to the internal DNS servers which is working fine. 
 I have read an article for the UTM which suggests that DNS should be pointed to the UTM with DNS request routing configured but we would prefer to keep our settings as they are for now. 
 Any suggestions? 
 Thanks 
 Lee

Ronak Sheth · Accepted Answer

Hi Leebtish 
 I recommend you to use 8.8.8.8 as a forwarder. If you look at the tcp output request going out on 8.8.8.8 is getting resolved. 
 
 01:13:32.637852 Port2, OUT: IP 21*.***.***.***.18273 > 8.8.8.8.53: 20899+ A? iprep3.t.ctmail.com. (37) 
 01:13:32.647698 Port2, IN: IP 8.8.8.8.53 > 21*.***.***.***.18273: 20899 2/0/0[|domain] 
 
 I believe you are using wrong DNS server or the DNS server used by you doesnot support your ISP IP's 
 
 Regards, Ronak.