This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The Sophos XG135 is not returning any DNS name resolution if we don’t “reconnect” the RJ45 cable.

Hello ! Can someone support me in a “weird” issue please ?

 

Problem : The Sophos XG135 is not returning any DNS name resolution if we don’t “reconnect” the RJ45 cable.

When any PC on Windows 10 boots, they cannot access the DNS server which is our Sophos, but they can ping IP any ip address.

However, when we disconnect/reconnect the RJ45 cable, they can ping the server by the DNS name. It means that Sophos “wakes-up” and provide the DNS answer so the computer can ping the requested server.

We did an ipconfig/all before and after the reconnect and there are no difference !

 

Regarding our setup, we are in a workgroup without a full domain setup. We added a “suffix” to each computer so it directly add the domain name which it does a DNS request.

Any idea where the issue could be coming from ?

 

Thanks in advance !

Sam

 

***************************************************************************************

 

Configuration :

 

Sophos XG135 buy on end of 2020.

Firmware version : SFOS 18.0.5 MR-5-Build586

Internal subnetwork : 192.168.1.0/24

Remote subnetwork : 10.0.81.0/24

 

DNS configuration :

 

Firewall rules :

 

NAT rules :

 

 

 Manipulation :

 

 After disconnect and re-connect RJ45 cable

 

 

 ***************************************************************************************

 

It very weird. It only works when we disconnect and re-connect the RJ45 cable to connect on the DNS name but it works with the IP address.

 

It is the same problem for all computer of the company.

 

Is anybody have already encountered this error ?

 

Thanks in advance for your help.

 

Anthony



This thread was automatically locked due to age.
  • Hello Samuel,

    Thank you for contacting the Sophos Community.

    So every time a computer goes online you need to disconnect the cable so it can start resolving DNS?

    SSH to the Advanced Shell (5>3) of the XG and try doing a tcpdump the IP of one computer that is unable to resolve DNS.

    # tcpdump -eni any host x.x.x.x and port 53 (where x.x.x.x is the IP of one of the computers)

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello Emmanuel, 

    Thank your for your quick reply ! 

    We have try the ssh command and when we try to ping our server (srvhp3).

    The first time (without disconnect the rj45 cable) the computer use the dns server 8.8.8.8 (our second dns server) and the ping doesn't find the server. see below the command :

    09:29:58.647548 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.64266 > 8.8.8.8.53: 22563+ A? srvhp3.helvetic.local. (39)

    But after disconnect and re-connect the rj45 cable the request use the right dns server 192.168.1.1 and the ping find the server. 

    09:36:29.162600 Port5, IN: P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.52727 > 192.168.1.1.53: 55583+ A? srvhp3.helvetic.local. (39)

    I put in attachement the 2 files with the full response of #tcpdump

    How to force to use the first dns ?

    Thank your in advance.

    Samuel

    Before   

    
    XG135_XN03_SFOS 18.0.5 MR-5-Build586# tcpdump -eni any host 192.168.1.163 and po
    rt 53
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 byt                                                                                                                                                   es
    09:29:48.804785 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length                                                                                                                                                    92: 192.168.1.163.60013 > 8.8.8.8.53: 23786+ A? self.events.data.microsoft.com.                                                                                                                                                    (48)
    09:29:48.804827 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 9                                                                                                                                                   2: 192.168.1.163.60013 > 8.8.8.8.53: 23786+ A? self.events.data.microsoft.com. (                                                                                                                                                   48)
    09:29:48.810506 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length                                                                                                                                                    201: 8.8.8.8.53 > 192.168.1.163.60013: 23786 3/0/0 CNAME self-events-data.traffi                                                                                                                                                   cmanager.net., CNAME skypedataprdcolwus11.cloudapp.net., A 52.114.159.35 (157)
    09:29:48.810511 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), lengt                                                                                                                                                   h 201: 8.8.8.8.53 > 192.168.1.163.60013: 23786 3/0/0 CNAME self-events-data.traf                                                                                                                                                   ficmanager.net., CNAME skypedataprdcolwus11.cloudapp.net., A 52.114.159.35 (157)
    09:29:49.041967 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length                                                                                                                                                    81: 192.168.1.163.62631 > 8.8.8.8.53: 38892+ A? wpad.helvetic.local. (37)
    09:29:49.042018 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 8                                                                                                                                                   1: 192.168.1.163.62631 > 8.8.8.8.53: 38892+ A? wpad.helvetic.local. (37)
    09:29:49.048862 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length                                                                                                                                                    156: 8.8.8.8.53 > 192.168.1.163.62631: 38892 NXDomain 0/1/0 (112)
    09:29:49.048869 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), lengt                                                                                                                                                   h 156: 8.8.8.8.53 > 192.168.1.163.62631: 38892 NXDomain 0/1/0 (112)
    09:29:50.517920 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length                                                                                                                                                    83: 192.168.1.163.51036 > 8.8.8.8.53: 62981+ A? srvhp3.helvetic.local. (39)
    09:29:50.517976 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 8                                                                                                                                                   3: 192.168.1.163.51036 > 8.8.8.8.53: 62981+ A? srvhp3.helvetic.local. (39)
    09:29:50.524887 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length                                                                                                                                                    158: 8.8.8.8.53 > 192.168.1.163.51036: 62981 NXDomain 0/1/0 (114)
    09:29:50.524895 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), lengt                                                                                                                                                   h 158: 8.8.8.8.53 > 192.168.1.163.51036: 62981 NXDomain 0/1/0 (114)
    09:29:56.455988 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length                                                                                                                                                    81: 192.168.1.163.51222 > 8.8.8.8.53: 62771+ A? wpad.helvetic.local. (37)
    09:29:56.456042 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 8                                                                                                                                                   1: 192.168.1.163.51222 > 8.8.8.8.53: 62771+ A? wpad.helvetic.local. (37)
    09:29:56.463482 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length                                                                                                                                                    156: 8.8.8.8.53 > 192.168.1.163.51222: 62771 NXDomain 0/1/0 (112)
    09:29:56.463489 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), lengt                                                                                                                                                   h 156: 8.8.8.8.53 > 192.168.1.163.51222: 62771 NXDomain 0/1/0 (112)
    09:29:58.647548 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.64266 > 8.8.8.8.53: 22563+ A? srvhp3.helvetic.local. (39)
    09:29:58.647587 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.64266 > 8.8.8.8.53: 22563+ A? srvhp3.helvetic.local. (39)
    09:29:58.653453 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 158: 8.8.8.8.53 > 192.168.1.163.64266: 22563 NXDomain 0/1/0 (114)
    09:29:58.653464 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 158: 8.8.8.8.53 > 192.168.1.163.64266: 22563 NXDomain 0/1/0 (114)
    09:30:13.242015 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 89: 192.168.1.163.57960 > 8.8.8.8.53: 15521+ A? fp-as-nocache.azureedge.net. (45)
    09:30:13.242053 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 89: 192.168.1.163.57960 > 8.8.8.8.53: 15521+ A? fp-as-nocache.azureedge.net. (45)
    09:30:13.254358 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 227: 8.8.8.8.53 > 192.168.1.163.57960: 15521 5/0/0 CNAME fp-as-nocache.akstd.azureedge.net., CNAME azureedge.mdc.akamaized.net., CNAME a1879.dscw14.akamai.net., A 194.230.61.27, A 194.230.61.8 (183)
    09:30:13.254364 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 227: 8.8.8.8.53 > 192.168.1.163.57960: 15521 5/0/0 CNAME fp-as-nocache.akstd.azureedge.net., CNAME azureedge.mdc.akamaized.net., CNAME a1879.dscw14.akamai.net., A 194.230.61.27, A 194.230.61.8 (183)
    09:30:13.292636 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 79: 192.168.1.163.52584 > 8.8.8.8.53: 37033+ A? s-ring.msedge.net. (35)
    09:30:13.292670 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 79: 192.168.1.163.52584 > 8.8.8.8.53: 37033+ A? s-ring.msedge.net. (35)
    09:30:13.297989 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 146: 8.8.8.8.53 > 192.168.1.163.52584: 37033 3/0/0 CNAME s-ring.s-9999.s-msedge.net., CNAME s-9999.s-msedge.net., A 13.107.3.254 (102)
    09:30:13.297996 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 146: 8.8.8.8.53 > 192.168.1.163.52584: 37033 3/0/0 CNAME s-ring.s-9999.s-msedge.net., CNAME s-9999.s-msedge.net., A 13.107.3.254 (102)
    09:30:14.464756 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.60006 > 8.8.8.8.53: 49018+ A? srvhp3.helvetic.local. (39)
    09:30:14.464798 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.60006 > 8.8.8.8.53: 49018+ A? srvhp3.helvetic.local. (39)
    09:30:14.471271 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 158: 8.8.8.8.53 > 192.168.1.163.60006: 49018 NXDomain 0/1/0 (114)
    09:30:14.471280 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 158: 8.8.8.8.53 > 192.168.1.163.60006: 49018 NXDomain 0/1/0 (114)
    09:30:27.730262 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.54748 > 192.168.1.1.53: 60446+ A? wpad.helvetic.local. (37)
    09:30:27.730359 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.54748 > 192.168.1.1.53: 60446+ A? wpad.helvetic.local. (37)
    09:30:27.730510 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.54748: 60446 NXDomain* 0/0/0 (37)
    09:30:27.730527 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.54748: 60446 NXDomain* 0/0/0 (37)
    09:30:36.506420 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.56172 > 192.168.1.1.53: 42765+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:30:36.506491 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.56172 > 192.168.1.1.53: 42765+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:30:36.765286 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56167 > 192.168.1.1.53: 22213+ A? wpad.helvetic.local. (37)
    09:30:36.765319 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56167 > 192.168.1.1.53: 22213+ A? wpad.helvetic.local. (37)
    09:30:36.765412 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.56167: 22213 NXDomain* 0/0/0 (37)
    09:30:36.765417 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.56167: 22213 NXDomain* 0/0/0 (37)
    09:30:37.497465 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.56172 > 8.8.8.8.53: 42765+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:30:37.497550 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.56172 > 8.8.8.8.53: 42765+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:30:37.504990 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 252: 8.8.8.8.53 > 192.168.1.163.56172: 42765 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-25.francecentral.cloudapp.azure.com., A 52.114.104.69 (208)
    09:30:37.505001 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 252: 8.8.8.8.53 > 192.168.1.163.56172: 42765 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-25.francecentral.cloudapp.azure.com., A 52.114.104.69 (208)
    09:30:39.533544 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 252: 192.168.1.1.53 > 192.168.1.163.56172: 42765 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-16.francecentral.cloudapp.azure.com., A 52.114.104.16 (208)
    09:30:39.533551 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 252: 192.168.1.1.53 > 192.168.1.163.56172: 42765 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-16.francecentral.cloudapp.azure.com., A 52.114.104.16 (208)
    09:30:51.979925 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.60210 > 8.8.8.8.53: 35412+ A? srvhp3.helvetic.local. (39)
    09:30:51.980009 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.60210 > 8.8.8.8.53: 35412+ A? srvhp3.helvetic.local. (39)
    09:30:51.986423 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 158: 8.8.8.8.53 > 192.168.1.163.60210: 35412 NXDomain 0/1/0 (114)
    09:30:51.986431 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 158: 8.8.8.8.53 > 192.168.1.163.60210: 35412 NXDomain 0/1/0 (114)
    ^C
    52 packets captured
    52 packets received by filter
    0 packets dropped by kernel
    XG135_XN03_SFOS 18.0.5 MR-5-Build586#
    

    After : 

    09:33:11.331546 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 98: 192.168.1.163.59499 > 192.168.1.1.53: 41056+ A? disc501.prod.do.dsp.mp.microsoft.com. (54)
    09:33:11.331595 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 98: 192.168.1.163.59499 > 192.168.1.1.53: 41056+ A? disc501.prod.do.dsp.mp.microsoft.com. (54)
    09:33:11.331855 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 266: 192.168.1.1.53 > 192.168.1.163.59499: 41056 4/0/0 CNAME disc501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME disc501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 23.37.239.177 (222)
    09:33:11.331863 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 266: 192.168.1.1.53 > 192.168.1.163.59499: 41056 4/0/0 CNAME disc501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME disc501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 23.37.239.177 (222)
    09:33:11.568043 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.54906 > 192.168.1.1.53: 42518+ AAAA? ic3.events.data.microsoft.com. (47)
    09:33:11.568073 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.54906 > 192.168.1.1.53: 42518+ AAAA? ic3.events.data.microsoft.com. (47)
    09:33:11.568097 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.52725 > 192.168.1.1.53: 36914+ A? ic3.events.data.microsoft.com. (47)
    09:33:11.568116 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.52725 > 192.168.1.1.53: 36914+ A? ic3.events.data.microsoft.com. (47)
    09:33:11.568446 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 201: 192.168.1.1.53 > 192.168.1.163.52725: 36914 3/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolwus04.cloudapp.net., A 52.114.158.91 (157)
    09:33:11.568455 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 201: 192.168.1.1.53 > 192.168.1.163.52725: 36914 3/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolwus04.cloudapp.net., A 52.114.158.91 (157)
    09:33:11.716437 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.57838 > 192.168.1.1.53: 33629+ A? wpad.helvetic.local. (37)
    09:33:11.716473 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.57838 > 192.168.1.1.53: 33629+ A? wpad.helvetic.local. (37)
    09:33:11.716623 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.57838: 33629 NXDomain* 0/0/0 (37)
    09:33:11.716633 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.57838: 33629 NXDomain* 0/0/0 (37)
    09:33:12.569635 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.54906 > 8.8.8.8.53: 42518+ AAAA? ic3.events.data.microsoft.com. (47)
    09:33:12.569706 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.54906 > 8.8.8.8.53: 42518+ AAAA? ic3.events.data.microsoft.com. (47)
    09:33:12.575317 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 248: 8.8.8.8.53 > 192.168.1.163.54906: 42518 2/1/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolcus04.cloudapp.net. (204)
    09:33:12.575324 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 248: 8.8.8.8.53 > 192.168.1.163.54906: 42518 2/1/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolcus04.cloudapp.net. (204)
    09:33:12.849013 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 90: 192.168.1.163.60492 > 192.168.1.1.53: 52634+ A? presence.teams.microsoft.com. (46)
    09:33:12.849065 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 90: 192.168.1.163.60492 > 192.168.1.1.53: 52634+ A? presence.teams.microsoft.com. (46)
    09:33:12.849211 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 227: 192.168.1.1.53 > 192.168.1.163.60492: 52634 3/0/0 CNAME presence.services.sfb.trafficmanager.net., CNAME a-ups-presence2-prod-azsc.northeurope.cloudapp.azure.com., A 52.113.205.4 (183)
    09:33:12.849221 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 227: 192.168.1.1.53 > 192.168.1.163.60492: 52634 3/0/0 CNAME presence.services.sfb.trafficmanager.net., CNAME a-ups-presence2-prod-azsc.northeurope.cloudapp.azure.com., A 52.113.205.4 (183)
    09:33:13.724572 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 302: 192.168.1.1.53 > 192.168.1.163.50813: 24302 6/0/0 CNAME consumer-licensing-aks2eap.md.mp.microsoft.com.akadns.net., CNAME consumer-licensing-aks2eap-europe.md.mp.microsoft.com.akadns.net., CNAME licensing.md.mp.microsoft.com.akadns.net., CNAME licensing-europeeap.md.mp.microsoft.com.akadns.net., CNAME db5eap.licensing.md.mp.microsoft.com.akadns.net., A 52.158.24.209 (258)
    09:33:13.724579 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 302: 192.168.1.1.53 > 192.168.1.163.50813: 24302 6/0/0 CNAME consumer-licensing-aks2eap.md.mp.microsoft.com.akadns.net., CNAME consumer-licensing-aks2eap-europe.md.mp.microsoft.com.akadns.net., CNAME licensing.md.mp.microsoft.com.akadns.net., CNAME licensing-europeeap.md.mp.microsoft.com.akadns.net., CNAME db5eap.licensing.md.mp.microsoft.com.akadns.net., A 52.158.24.209 (258)
    09:33:13.742676 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 84: 192.168.1.163.51096 > 192.168.1.1.53: 35923+ A? client.wns.windows.com. (40)
    09:33:13.742736 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 84: 192.168.1.163.51096 > 192.168.1.1.53: 35923+ A? client.wns.windows.com. (40)
    09:33:13.742827 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 143: 192.168.1.1.53 > 192.168.1.163.51096: 35923 2/0/0 CNAME wns.notify.trafficmanager.net., A 51.103.5.186 (99)
    09:33:13.742831 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 143: 192.168.1.1.53 > 192.168.1.163.51096: 35923 2/0/0 CNAME wns.notify.trafficmanager.net., A 51.103.5.186 (99)
    09:33:14.594652 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 185: 192.168.1.1.53 > 192.168.1.163.54906: 42518 2/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolwus04.cloudapp.net. (141)
    09:33:14.594661 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 185: 192.168.1.1.53 > 192.168.1.163.54906: 42518 2/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolwus04.cloudapp.net. (141)
    09:33:19.766558 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.53539 > 192.168.1.1.53: 21019+ A? wpad.helvetic.local. (37)
    09:33:19.766641 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.53539 > 192.168.1.1.53: 21019+ A? wpad.helvetic.local. (37)
    09:33:19.766756 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.53539: 21019 NXDomain* 0/0/0 (37)
    09:33:19.766763 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.53539: 21019 NXDomain* 0/0/0 (37)
    09:33:26.720867 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56884 > 192.168.1.1.53: 28613+ A? wpad.helvetic.local. (37)
    09:33:26.720937 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56884 > 192.168.1.1.53: 28613+ A? wpad.helvetic.local. (37)
    09:33:26.721043 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.56884: 28613 NXDomain* 0/0/0 (37)
    09:33:26.721049 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.56884: 28613 NXDomain* 0/0/0 (37)
    09:33:31.739937 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.54290 > 192.168.1.1.53: 44667+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:33:31.739977 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.54290 > 192.168.1.1.53: 44667+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:33:31.766702 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.54290 > 8.8.8.8.53: 44667+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:33:31.766745 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.54290 > 8.8.8.8.53: 44667+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:33:31.773146 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 251: 8.8.8.8.53 > 192.168.1.163.54290: 44667 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-6.francecentral.cloudapp.azure.com., A 52.114.104.63 (207)
    09:33:31.773153 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 251: 8.8.8.8.53 > 192.168.1.163.54290: 44667 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-6.francecentral.cloudapp.azure.com., A 52.114.104.63 (207)
    09:33:34.765440 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 252: 192.168.1.1.53 > 192.168.1.163.54290: 44667 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-24.francecentral.cloudapp.azure.com., A 52.114.104.60 (208)
    09:33:34.765448 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 252: 192.168.1.1.53 > 192.168.1.163.54290: 44667 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-24.francecentral.cloudapp.azure.com., A 52.114.104.60 (208)
    ^C
    100 packets captured
    102 packets received by filter
    0 packets dropped by kernel
    XG135_XN03_SFOS 18.0.5 MR-5-Build586#
    XG135_XN03_SFOS 18.0.5 MR-5-Build586# tcpdump -eni any host 192.168.1.163 and port 53
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    09:36:25.360526 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 97: 192.168.1.163.62609 > 192.168.1.1.53: 62318+ SRV? _ldap._tcp.dc._msdcs.helvetic.local. (53)
    09:36:25.360550 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 97: 192.168.1.163.62609 > 192.168.1.1.53: 62318+ SRV? _ldap._tcp.dc._msdcs.helvetic.local. (53)
    09:36:25.360662 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 97: 192.168.1.1.53 > 192.168.1.163.62609: 62318 NXDomain* 0/0/0 (53)
    09:36:25.360665 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 97: 192.168.1.1.53 > 192.168.1.163.62609: 62318 NXDomain* 0/0/0 (53)
    09:36:25.362629 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 97: 192.168.1.163.49186 > 192.168.1.1.53: 36185+ SRV? _ldap._tcp.dc._msdcs.helvetic.local. (53)
    09:36:25.362655 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 97: 192.168.1.163.49186 > 192.168.1.1.53: 36185+ SRV? _ldap._tcp.dc._msdcs.helvetic.local. (53)
    09:36:25.362913 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 97: 192.168.1.1.53 > 192.168.1.163.49186: 36185 NXDomain* 0/0/0 (53)
    09:36:25.362919 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 97: 192.168.1.1.53 > 192.168.1.163.49186: 36185 NXDomain* 0/0/0 (53)
    09:36:25.886236 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 78: 192.168.1.163.61194 > 192.168.1.1.53: 19935+ A? dns.msftncsi.com. (34)
    09:36:25.886281 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 78: 192.168.1.163.61194 > 192.168.1.1.53: 19935+ A? dns.msftncsi.com. (34)
    09:36:25.949978 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.60206 > 192.168.1.1.53: 11511+ A? wpad.helvetic.local. (37)
    09:36:25.950013 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.60206 > 192.168.1.1.53: 11511+ A? wpad.helvetic.local. (37)
    09:36:25.950238 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.60206: 11511 NXDomain* 0/0/0 (37)
    09:36:25.950243 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.60206: 11511 NXDomain* 0/0/0 (37)
    09:36:26.381553 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 86: 192.168.1.163.55209 > 192.168.1.1.53: 17465+ A? sihlbfdao.helvetic.local. (42)
    09:36:26.381599 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 86: 192.168.1.163.55209 > 192.168.1.1.53: 17465+ A? sihlbfdao.helvetic.local. (42)
    09:36:26.381624 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 89: 192.168.1.163.59961 > 192.168.1.1.53: 39941+ A? ocxomukmdqah.helvetic.local. (45)
    09:36:26.381644 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 89: 192.168.1.163.59961 > 192.168.1.1.53: 39941+ A? ocxomukmdqah.helvetic.local. (45)
    09:36:26.381665 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 92: 192.168.1.163.62743 > 192.168.1.1.53: 45554+ A? kmnwgultmcecgqx.helvetic.local. (48)
    09:36:26.381685 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 92: 192.168.1.163.62743 > 192.168.1.1.53: 45554+ A? kmnwgultmcecgqx.helvetic.local. (48)
    09:36:26.741668 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.59653 > 192.168.1.1.53: 52302+ AAAA? ic3.events.data.microsoft.com. (47)
    09:36:26.741696 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.59653 > 192.168.1.1.53: 52302+ AAAA? ic3.events.data.microsoft.com. (47)
    09:36:26.741714 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.50558 > 192.168.1.1.53: 45603+ A? ic3.events.data.microsoft.com. (47)
    09:36:26.741734 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.50558 > 192.168.1.1.53: 45603+ A? ic3.events.data.microsoft.com. (47)
    09:36:26.807857 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 112: 192.168.1.163.54178 > 192.168.1.1.53: 61517+ A? trouter2-azsc-ukwe-1-b.trouter.teams.microsoft.com. (68)
    09:36:26.807887 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 112: 192.168.1.163.54178 > 192.168.1.1.53: 61517+ A? trouter2-azsc-ukwe-1-b.trouter.teams.microsoft.com. (68)
    09:36:26.807915 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 112: 192.168.1.163.50992 > 192.168.1.1.53: 43535+ AAAA? trouter2-azsc-ukwe-1-b.trouter.teams.microsoft.com. (68)
    09:36:26.807936 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 112: 192.168.1.163.50992 > 192.168.1.1.53: 43535+ AAAA? trouter2-azsc-ukwe-1-b.trouter.teams.microsoft.com. (68)
    09:36:26.883000 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 78: 192.168.1.163.61194 > 8.8.8.8.53: 19935+ A? dns.msftncsi.com. (34)
    09:36:26.883053 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 78: 192.168.1.163.61194 > 8.8.8.8.53: 19935+ A? dns.msftncsi.com. (34)
    09:36:26.889211 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 94: 8.8.8.8.53 > 192.168.1.163.61194: 19935 1/0/0 A 131.107.255.255 (50)
    09:36:26.889218 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 94: 8.8.8.8.53 > 192.168.1.163.61194: 19935 1/0/0 A 131.107.255.255 (50)
    09:36:27.208674 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 94: 192.168.1.163.62028 > 192.168.1.1.53: 10586+ A? geo.prod.do.dsp.mp.microsoft.com. (50)
    09:36:27.208699 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 94: 192.168.1.163.62028 > 192.168.1.1.53: 10586+ A? geo.prod.do.dsp.mp.microsoft.com. (50)
    09:36:27.209088 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 211: 192.168.1.1.53 > 192.168.1.163.62028: 10586 4/0/0 CNAME geo-prod.do.dsp.mp.microsoft.com., CNAME geo-prod.dodsp.mp.microsoft.com.nsatc.net., CNAME array603.prod.do.dsp.mp.microsoft.com., A 51.104.162.50 (167)
    09:36:27.209093 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 211: 192.168.1.1.53 > 192.168.1.163.62028: 10586 4/0/0 CNAME geo-prod.do.dsp.mp.microsoft.com., CNAME geo-prod.dodsp.mp.microsoft.com.nsatc.net., CNAME array603.prod.do.dsp.mp.microsoft.com., A 51.104.162.50 (167)
    09:36:27.222719 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 88: 192.168.1.163.61802 > 192.168.1.1.53: 1616+ A? licensing.mp.microsoft.com. (44)
    09:36:27.222754 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 88: 192.168.1.163.61802 > 192.168.1.1.53: 1616+ A? licensing.mp.microsoft.com. (44)
    09:36:27.363503 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56746 > 192.168.1.1.53: 26583+ A? wpad.helvetic.local. (37)
    09:36:27.363531 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56746 > 192.168.1.1.53: 26583+ A? wpad.helvetic.local. (37)
    09:36:27.363795 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.56746: 26583 NXDomain* 0/0/0 (37)
    09:36:27.363800 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.56746: 26583 NXDomain* 0/0/0 (37)
    09:36:27.392446 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 92: 192.168.1.163.62743 > 8.8.8.8.53: 45554+ A? kmnwgultmcecgqx.helvetic.local. (48)
    09:36:27.392478 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 92: 192.168.1.163.62743 > 8.8.8.8.53: 45554+ A? kmnwgultmcecgqx.helvetic.local. (48)
    09:36:27.392498 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 89: 192.168.1.163.59961 > 8.8.8.8.53: 39941+ A? ocxomukmdqah.helvetic.local. (45)
    09:36:27.392523 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 89: 192.168.1.163.59961 > 8.8.8.8.53: 39941+ A? ocxomukmdqah.helvetic.local. (45)
    09:36:27.392585 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 86: 192.168.1.163.55209 > 8.8.8.8.53: 17465+ A? sihlbfdao.helvetic.local. (42)
    09:36:27.392611 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 86: 192.168.1.163.55209 > 8.8.8.8.53: 17465+ A? sihlbfdao.helvetic.local. (42)
    09:36:27.398756 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 164: 8.8.8.8.53 > 192.168.1.163.59961: 39941 NXDomain 0/1/0 (120)
    09:36:27.398766 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 164: 8.8.8.8.53 > 192.168.1.163.59961: 39941 NXDomain 0/1/0 (120)
    09:36:27.398911 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 161: 8.8.8.8.53 > 192.168.1.163.55209: 17465 NXDomain 0/1/0 (117)
    09:36:27.398922 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 161: 8.8.8.8.53 > 192.168.1.163.55209: 17465 NXDomain 0/1/0 (117)
    09:36:27.399088 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 167: 8.8.8.8.53 > 192.168.1.163.62743: 45554 NXDomain 0/1/0 (123)
    09:36:27.399093 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 167: 8.8.8.8.53 > 192.168.1.163.62743: 45554 NXDomain 0/1/0 (123)
    09:36:27.746790 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.59653 > 8.8.8.8.53: 52302+ AAAA? ic3.events.data.microsoft.com. (47)
    09:36:27.746839 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.59653 > 8.8.8.8.53: 52302+ AAAA? ic3.events.data.microsoft.com. (47)
    09:36:27.746863 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.50558 > 8.8.8.8.53: 45603+ A? ic3.events.data.microsoft.com. (47)
    09:36:27.746890 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 91: 192.168.1.163.50558 > 8.8.8.8.53: 45603+ A? ic3.events.data.microsoft.com. (47)
    09:36:27.752458 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 248: 8.8.8.8.53 > 192.168.1.163.59653: 52302 2/1/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolweu05.cloudapp.net. (204)
    09:36:27.752466 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 248: 8.8.8.8.53 > 192.168.1.163.59653: 52302 2/1/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolweu05.cloudapp.net. (204)
    09:36:27.752749 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 201: 8.8.8.8.53 > 192.168.1.163.50558: 45603 3/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcoluks01.cloudapp.net., A 52.114.88.20 (157)
    09:36:27.752756 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 201: 8.8.8.8.53 > 192.168.1.163.50558: 45603 3/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcoluks01.cloudapp.net., A 52.114.88.20 (157)
    09:36:27.809577 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 112: 192.168.1.163.50992 > 8.8.8.8.53: 43535+ AAAA? trouter2-azsc-ukwe-1-b.trouter.teams.microsoft.com. (68)
    09:36:27.809619 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 112: 192.168.1.163.50992 > 8.8.8.8.53: 43535+ AAAA? trouter2-azsc-ukwe-1-b.trouter.teams.microsoft.com. (68)
    09:36:27.809633 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 112: 192.168.1.163.54178 > 8.8.8.8.53: 61517+ A? trouter2-azsc-ukwe-1-b.trouter.teams.microsoft.com. (68)
    09:36:27.809658 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 112: 192.168.1.163.54178 > 8.8.8.8.53: 61517+ A? trouter2-azsc-ukwe-1-b.trouter.teams.microsoft.com. (68)
    09:36:27.815997 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 189: 8.8.8.8.53 > 192.168.1.163.50992: 43535 2/0/0 CNAME trouter2-azsc-ukwe-1-b.cloudapp.net., AAAA 2603:1020:600::1f3 (145)
    09:36:27.816005 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 189: 8.8.8.8.53 > 192.168.1.163.50992: 43535 2/0/0 CNAME trouter2-azsc-ukwe-1-b.cloudapp.net., AAAA 2603:1020:600::1f3 (145)
    09:36:27.816387 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 177: 8.8.8.8.53 > 192.168.1.163.54178: 61517 2/0/0 CNAME trouter2-azsc-ukwe-1-b.cloudapp.net., A 52.114.92.91 (133)
    09:36:27.816395 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 177: 8.8.8.8.53 > 192.168.1.163.54178: 61517 2/0/0 CNAME trouter2-azsc-ukwe-1-b.cloudapp.net., A 52.114.92.91 (133)
    09:36:27.848366 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 96: 192.168.1.163.57926 > 8.8.8.8.53: 33145+ A? kv501.prod.do.dsp.mp.microsoft.com. (52)
    09:36:27.848449 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 96: 192.168.1.163.57926 > 8.8.8.8.53: 33145+ A? kv501.prod.do.dsp.mp.microsoft.com. (52)
    09:36:27.869691 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 260: 8.8.8.8.53 > 192.168.1.163.57926: 33145 4/0/0 CNAME kv501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME kv501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 104.117.196.80 (216)
    09:36:27.869698 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 260: 8.8.8.8.53 > 192.168.1.163.57926: 33145 4/0/0 CNAME kv501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME kv501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 104.117.196.80 (216)
    09:36:28.232008 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 88: 192.168.1.163.61802 > 8.8.8.8.53: 1616+ A? licensing.mp.microsoft.com. (44)
    09:36:28.232063 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 88: 192.168.1.163.61802 > 8.8.8.8.53: 1616+ A? licensing.mp.microsoft.com. (44)
    09:36:28.358313 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 302: 8.8.8.8.53 > 192.168.1.163.61802: 1616 6/0/0 CNAME consumer-licensing-aks2eap.md.mp.microsoft.com.akadns.net., CNAME consumer-licensing-aks2eap-europe.md.mp.microsoft.com.akadns.net., CNAME licensing.md.mp.microsoft.com.akadns.net., CNAME licensing-europeeap.md.mp.microsoft.com.akadns.net., CNAME db5eap.licensing.md.mp.microsoft.com.akadns.net., A 52.158.24.209 (258)
    09:36:28.358320 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 302: 8.8.8.8.53 > 192.168.1.163.61802: 1616 6/0/0 CNAME consumer-licensing-aks2eap.md.mp.microsoft.com.akadns.net., CNAME consumer-licensing-aks2eap-europe.md.mp.microsoft.com.akadns.net., CNAME licensing.md.mp.microsoft.com.akadns.net., CNAME licensing-europeeap.md.mp.microsoft.com.akadns.net., CNAME db5eap.licensing.md.mp.microsoft.com.akadns.net., A 52.158.24.209 (258)
    09:36:28.911948 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 94: 192.168.1.1.53 > 192.168.1.163.61194: 19935 1/0/0 A 131.107.255.255 (50)
    09:36:28.911956 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 94: 192.168.1.1.53 > 192.168.1.163.61194: 19935 1/0/0 A 131.107.255.255 (50)
    09:36:29.162600 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.52727 > 192.168.1.1.53: 55583+ A? srvhp3.helvetic.local. (39)
    09:36:29.162667 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 83: 192.168.1.163.52727 > 192.168.1.1.53: 55583+ A? srvhp3.helvetic.local. (39)
    09:36:29.162842 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 99: 192.168.1.1.53 > 192.168.1.163.52727: 55583 1/0/0 A 10.0.81.6 (55)
    09:36:29.162848 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 99: 192.168.1.1.53 > 192.168.1.163.52727: 55583 1/0/0 A 10.0.81.6 (55)
    09:36:29.408230 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 92: 192.168.1.1.53 > 192.168.1.163.62743: 45554 NXDomain* 0/0/0 (48)
    09:36:29.408237 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 92: 192.168.1.1.53 > 192.168.1.163.62743: 45554 NXDomain* 0/0/0 (48)
    09:36:29.408338 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 89: 192.168.1.1.53 > 192.168.1.163.59961: 39941 NXDomain* 0/0/0 (45)
    09:36:29.408342 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 89: 192.168.1.1.53 > 192.168.1.163.59961: 39941 NXDomain* 0/0/0 (45)
    09:36:29.408593 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 86: 192.168.1.1.53 > 192.168.1.163.55209: 17465 NXDomain* 0/0/0 (42)
    09:36:29.408599 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 86: 192.168.1.1.53 > 192.168.1.163.55209: 17465 NXDomain* 0/0/0 (42)
    09:36:29.833920 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 189: 192.168.1.1.53 > 192.168.1.163.50992: 43535 2/0/0 CNAME trouter2-azsc-ukwe-1-b.cloudapp.net., AAAA 2603:1020:600::1f3 (145)
    09:36:29.833928 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 189: 192.168.1.1.53 > 192.168.1.163.50992: 43535 2/0/0 CNAME trouter2-azsc-ukwe-1-b.cloudapp.net., AAAA 2603:1020:600::1f3 (145)
    09:36:29.834260 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 177: 192.168.1.1.53 > 192.168.1.163.54178: 61517 2/0/0 CNAME trouter2-azsc-ukwe-1-b.cloudapp.net., A 52.114.92.91 (133)
    09:36:29.834266 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 177: 192.168.1.1.53 > 192.168.1.163.54178: 61517 2/0/0 CNAME trouter2-azsc-ukwe-1-b.cloudapp.net., A 52.114.92.91 (133)
    09:36:30.737288 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 87: 192.168.1.163.49391 > 192.168.1.1.53: 34583+ A? dgsfurxban.helvetic.local. (43)
    09:36:30.737335 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 87: 192.168.1.163.49391 > 192.168.1.1.53: 34583+ A? dgsfurxban.helvetic.local. (43)
    09:36:30.737368 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 92: 192.168.1.163.49719 > 192.168.1.1.53: 18360+ A? xykwzklhnsmfqpr.helvetic.local. (48)
    09:36:30.737389 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 92: 192.168.1.163.49719 > 192.168.1.1.53: 18360+ A? xykwzklhnsmfqpr.helvetic.local. (48)
    09:36:30.737719 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 88: 192.168.1.163.62021 > 192.168.1.1.53: 13733+ A? jqrvzjtlmra.helvetic.local. (44)
    09:36:30.737747 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 88: 192.168.1.163.62021 > 192.168.1.1.53: 13733+ A? jqrvzjtlmra.helvetic.local. (44)
    09:36:31.725533 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.53849 > 192.168.1.1.53: 63162+ A? wpad.helvetic.local. (37)
    09:36:31.725583 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.53849 > 192.168.1.1.53: 63162+ A? wpad.helvetic.local. (37)
    09:36:31.725747 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.53849: 63162 NXDomain* 0/0/0 (37)
    09:36:31.725753 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 81: 192.168.1.1.53 > 192.168.1.163.53849: 63162 NXDomain* 0/0/0 (37)
    09:36:31.740459 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 92: 192.168.1.163.49719 > 8.8.8.8.53: 18360+ A? xykwzklhnsmfqpr.helvetic.local. (48)
    09:36:31.740503 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 92: 192.168.1.163.49719 > 8.8.8.8.53: 18360+ A? xykwzklhnsmfqpr.helvetic.local. (48)
    09:36:31.740522 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 88: 192.168.1.163.62021 > 8.8.8.8.53: 13733+ A? jqrvzjtlmra.helvetic.local. (44)
    09:36:31.740547 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 88: 192.168.1.163.62021 > 8.8.8.8.53: 13733+ A? jqrvzjtlmra.helvetic.local. (44)
    09:36:31.740567 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 87: 192.168.1.163.49391 > 8.8.8.8.53: 34583+ A? dgsfurxban.helvetic.local. (43)
    09:36:31.740594 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 87: 192.168.1.163.49391 > 8.8.8.8.53: 34583+ A? dgsfurxban.helvetic.local. (43)
    09:36:31.740996 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56034 > 192.168.1.1.53: 35883+ A? teams.microsoft.com. (37)
    09:36:31.741023 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56034 > 192.168.1.1.53: 35883+ A? teams.microsoft.com. (37)
    09:36:31.746441 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 163: 8.8.8.8.53 > 192.168.1.163.62021: 13733 NXDomain 0/1/0 (119)
    09:36:31.746452 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 163: 8.8.8.8.53 > 192.168.1.163.62021: 13733 NXDomain 0/1/0 (119)
    09:36:31.747073 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 162: 8.8.8.8.53 > 192.168.1.163.49391: 34583 NXDomain 0/1/0 (118)
    09:36:31.747080 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 162: 8.8.8.8.53 > 192.168.1.163.49391: 34583 NXDomain 0/1/0 (118)
    09:36:31.747857 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 167: 8.8.8.8.53 > 192.168.1.163.49719: 18360 NXDomain 0/1/0 (123)
    09:36:31.747862 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 167: 8.8.8.8.53 > 192.168.1.163.49719: 18360 NXDomain 0/1/0 (123)
    09:36:32.162096 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 78: 192.168.1.163.63780 > 192.168.1.1.53: 26248+ A? dns.msftncsi.com. (34)
    09:36:32.162137 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 78: 192.168.1.163.63780 > 192.168.1.1.53: 26248+ A? dns.msftncsi.com. (34)
    09:36:32.162485 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 94: 192.168.1.1.53 > 192.168.1.163.63780: 26248 1/0/0 A 131.107.255.255 (50)
    09:36:32.162490 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 94: 192.168.1.1.53 > 192.168.1.163.63780: 26248 1/0/0 A 131.107.255.255 (50)
    09:36:32.274947 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 87: 192.168.1.163.55461 > 192.168.1.1.53: 33179+ A? ebvaysrfyz.helvetic.local. (43)
    09:36:32.274997 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 87: 192.168.1.163.55461 > 192.168.1.1.53: 33179+ A? ebvaysrfyz.helvetic.local. (43)
    09:36:32.275021 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 84: 192.168.1.163.61152 > 192.168.1.1.53: 63617+ A? goeuypm.helvetic.local. (40)
    09:36:32.275041 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 84: 192.168.1.163.61152 > 192.168.1.1.53: 63617+ A? goeuypm.helvetic.local. (40)
    09:36:32.275062 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 90: 192.168.1.163.53775 > 192.168.1.1.53: 46567+ A? nxehfijpxlqpf.helvetic.local. (46)
    09:36:32.275083 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 90: 192.168.1.163.53775 > 192.168.1.1.53: 46567+ A? nxehfijpxlqpf.helvetic.local. (46)
    09:36:32.756722 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56034 > 8.8.8.8.53: 35883+ A? teams.microsoft.com. (37)
    09:36:32.756756 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.56034 > 8.8.8.8.53: 35883+ A? teams.microsoft.com. (37)
    09:36:32.764118 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 188: 8.8.8.8.53 > 192.168.1.163.56034: 35883 4/0/0 CNAME teams.office.com., CNAME teams-office-com.s-0005.s-msedge.net., CNAME s-0005.s-msedge.net., A 52.113.194.132 (144)
    09:36:32.764125 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 188: 8.8.8.8.53 > 192.168.1.163.56034: 35883 4/0/0 CNAME teams.office.com., CNAME teams-office-com.s-0005.s-msedge.net., CNAME s-0005.s-msedge.net., A 52.113.194.132 (144)
    09:36:32.789029 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 201: 192.168.1.1.53 > 192.168.1.163.50558: 45603 3/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcoleus06.cloudapp.net., A 52.114.133.60 (157)
    09:36:32.789038 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 201: 192.168.1.1.53 > 192.168.1.163.50558: 45603 3/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcoleus06.cloudapp.net., A 52.114.133.60 (157)
    09:36:32.789344 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 185: 192.168.1.1.53 > 192.168.1.163.59653: 52302 2/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolwus08.cloudapp.net. (141)
    09:36:32.789349 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 185: 192.168.1.1.53 > 192.168.1.163.59653: 52302 2/0/0 CNAME teams-events-data.trafficmanager.net., CNAME skypedataprdcolwus08.cloudapp.net. (141)
    09:36:33.200159 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 85: 192.168.1.163.51276 > 192.168.1.1.53: 24461+ A? api.userstore.skype.com. (41)
    09:36:33.200217 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 85: 192.168.1.163.51276 > 192.168.1.1.53: 24461+ A? api.userstore.skype.com. (41)
    09:36:33.200739 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.60502 > 192.168.1.1.53: 8292+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:36:33.200766 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.60502 > 192.168.1.1.53: 8292+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:36:33.229530 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 84: 192.168.1.163.57371 > 192.168.1.1.53: 11952+ A? client.wns.windows.com. (40)
    09:36:33.229557 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 84: 192.168.1.163.57371 > 192.168.1.1.53: 11952+ A? client.wns.windows.com. (40)
    09:36:33.229663 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 143: 192.168.1.1.53 > 192.168.1.163.57371: 11952 2/0/0 CNAME wns.notify.trafficmanager.net., A 51.103.5.186 (99)
    09:36:33.229675 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 143: 192.168.1.1.53 > 192.168.1.163.57371: 11952 2/0/0 CNAME wns.notify.trafficmanager.net., A 51.103.5.186 (99)
    09:36:33.287201 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 90: 192.168.1.163.53775 > 8.8.8.8.53: 46567+ A? nxehfijpxlqpf.helvetic.local. (46)
    09:36:33.287252 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 90: 192.168.1.163.53775 > 8.8.8.8.53: 46567+ A? nxehfijpxlqpf.helvetic.local. (46)
    09:36:33.287269 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 87: 192.168.1.163.55461 > 8.8.8.8.53: 33179+ A? ebvaysrfyz.helvetic.local. (43)
    09:36:33.287293 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 87: 192.168.1.163.55461 > 8.8.8.8.53: 33179+ A? ebvaysrfyz.helvetic.local. (43)
    09:36:33.287314 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 84: 192.168.1.163.61152 > 8.8.8.8.53: 63617+ A? goeuypm.helvetic.local. (40)
    09:36:33.287341 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 84: 192.168.1.163.61152 > 8.8.8.8.53: 63617+ A? goeuypm.helvetic.local. (40)
    09:36:33.293312 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 165: 8.8.8.8.53 > 192.168.1.163.53775: 46567 NXDomain 0/1/0 (121)
    09:36:33.293321 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 165: 8.8.8.8.53 > 192.168.1.163.53775: 46567 NXDomain 0/1/0 (121)
    09:36:33.294240 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 162: 8.8.8.8.53 > 192.168.1.163.55461: 33179 NXDomain 0/1/0 (118)
    09:36:33.294249 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 162: 8.8.8.8.53 > 192.168.1.163.55461: 33179 NXDomain 0/1/0 (118)
    09:36:33.294259 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 159: 8.8.8.8.53 > 192.168.1.163.61152: 63617 NXDomain 0/1/0 (115)
    09:36:33.294264 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 159: 8.8.8.8.53 > 192.168.1.163.61152: 63617 NXDomain 0/1/0 (115)
    09:36:33.410184 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 302: 192.168.1.1.53 > 192.168.1.163.61802: 1616 6/0/0 CNAME consumer-licensing-aks2eap.md.mp.microsoft.com.akadns.net., CNAME consumer-licensing-aks2eap-europe.md.mp.microsoft.com.akadns.net., CNAME licensing.md.mp.microsoft.com.akadns.net., CNAME licensing-europeeap.md.mp.microsoft.com.akadns.net., CNAME db5eap.licensing.md.mp.microsoft.com.akadns.net., A 52.158.24.209 (258)
    09:36:33.410191 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 302: 192.168.1.1.53 > 192.168.1.163.61802: 1616 6/0/0 CNAME consumer-licensing-aks2eap.md.mp.microsoft.com.akadns.net., CNAME consumer-licensing-aks2eap-europe.md.mp.microsoft.com.akadns.net., CNAME licensing.md.mp.microsoft.com.akadns.net., CNAME licensing-europeeap.md.mp.microsoft.com.akadns.net., CNAME db5eap.licensing.md.mp.microsoft.com.akadns.net., A 52.158.24.209 (258)
    09:36:33.748521 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 87: 192.168.1.1.53 > 192.168.1.163.49391: 34583 NXDomain* 0/0/0 (43)
    09:36:33.748530 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 87: 192.168.1.1.53 > 192.168.1.163.49391: 34583 NXDomain* 0/0/0 (43)
    09:36:33.748641 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 88: 192.168.1.1.53 > 192.168.1.163.62021: 13733 NXDomain* 0/0/0 (44)
    09:36:33.748647 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 88: 192.168.1.1.53 > 192.168.1.163.62021: 13733 NXDomain* 0/0/0 (44)
    09:36:33.749009 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 92: 192.168.1.1.53 > 192.168.1.163.49719: 18360 NXDomain* 0/0/0 (48)
    09:36:33.749015 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 92: 192.168.1.1.53 > 192.168.1.163.49719: 18360 NXDomain* 0/0/0 (48)
    09:36:33.860696 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 90: 192.168.1.163.50121 > 192.168.1.1.53: 25810+ A? presence.teams.microsoft.com. (46)
    09:36:33.860743 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 90: 192.168.1.163.50121 > 192.168.1.1.53: 25810+ A? presence.teams.microsoft.com. (46)
    09:36:33.925647 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 229: 192.168.1.1.53 > 192.168.1.163.50121: 25810 3/0/0 CNAME presence.services.sfb.trafficmanager.net., CNAME a-ups-presence9-prod-azsc.francecentral.cloudapp.azure.com., A 52.114.104.174 (185)
    09:36:33.925660 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 229: 192.168.1.1.53 > 192.168.1.163.50121: 25810 3/0/0 CNAME presence.services.sfb.trafficmanager.net., CNAME a-ups-presence9-prod-azsc.francecentral.cloudapp.azure.com., A 52.114.104.174 (185)
    09:36:34.001553 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 96: 192.168.1.163.57599 > 192.168.1.1.53: 61939+ A? cp501.prod.do.dsp.mp.microsoft.com. (52)
    09:36:34.001604 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 96: 192.168.1.163.57599 > 192.168.1.1.53: 61939+ A? cp501.prod.do.dsp.mp.microsoft.com. (52)
    09:36:34.214665 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 85: 192.168.1.163.51276 > 8.8.8.8.53: 24461+ A? api.userstore.skype.com. (41)
    09:36:34.214718 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 85: 192.168.1.163.51276 > 8.8.8.8.53: 24461+ A? api.userstore.skype.com. (41)
    09:36:34.214733 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.60502 > 8.8.8.8.53: 8292+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:36:34.214757 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 114: 192.168.1.163.60502 > 8.8.8.8.53: 8292+ A? francecentral-prod.notifications.teams.microsoft.com. (70)
    09:36:34.221574 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 251: 8.8.8.8.53 > 192.168.1.163.60502: 8292 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-7.francecentral.cloudapp.azure.com., A 52.114.104.73 (207)
    09:36:34.221582 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 251: 8.8.8.8.53 > 192.168.1.163.60502: 8292 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-7.francecentral.cloudapp.azure.com., A 52.114.104.73 (207)
    09:36:34.241538 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 200: 8.8.8.8.53 > 192.168.1.163.51276: 24461 3/0/0 CNAME api-userstore-skype.trafficmanager.net., CNAME userstore-euwe-06-skype.cloudapp.net., A 52.113.199.177 (156)
    09:36:34.241547 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 200: 8.8.8.8.53 > 192.168.1.163.51276: 24461 3/0/0 CNAME api-userstore-skype.trafficmanager.net., CNAME userstore-euwe-06-skype.cloudapp.net., A 52.113.199.177 (156)
    09:36:35.008351 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 96: 192.168.1.163.57599 > 8.8.8.8.53: 61939+ A? cp501.prod.do.dsp.mp.microsoft.com. (52)
    09:36:35.008421 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 96: 192.168.1.163.57599 > 8.8.8.8.53: 61939+ A? cp501.prod.do.dsp.mp.microsoft.com. (52)
    09:36:35.035234 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 260: 8.8.8.8.53 > 192.168.1.163.57599: 61939 4/0/0 CNAME cp501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME cp501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 104.117.196.80 (216)
    09:36:35.035241 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 260: 8.8.8.8.53 > 192.168.1.163.57599: 61939 4/0/0 CNAME cp501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME cp501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 104.117.196.80 (216)
    09:36:35.301349 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 90: 192.168.1.1.53 > 192.168.1.163.53775: 46567 NXDomain* 0/0/0 (46)
    09:36:35.301360 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 90: 192.168.1.1.53 > 192.168.1.163.53775: 46567 NXDomain* 0/0/0 (46)
    09:36:35.301661 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 84: 192.168.1.1.53 > 192.168.1.163.61152: 63617 NXDomain* 0/0/0 (40)
    09:36:35.301666 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 84: 192.168.1.1.53 > 192.168.1.163.61152: 63617 NXDomain* 0/0/0 (40)
    09:36:35.302093 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 87: 192.168.1.1.53 > 192.168.1.163.55461: 33179 NXDomain* 0/0/0 (43)
    09:36:35.302099 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 87: 192.168.1.1.53 > 192.168.1.163.55461: 33179 NXDomain* 0/0/0 (43)
    09:36:37.057014 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 260: 192.168.1.1.53 > 192.168.1.163.57599: 61939 4/0/0 CNAME cp501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME cp501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 23.37.239.177 (216)
    09:36:37.057023 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 260: 192.168.1.1.53 > 192.168.1.163.57599: 61939 4/0/0 CNAME cp501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME cp501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 23.37.239.177 (216)
    09:36:37.148746 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 98: 192.168.1.163.58904 > 8.8.8.8.53: 23269+ A? disc501.prod.do.dsp.mp.microsoft.com. (54)
    09:36:37.148803 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 98: 192.168.1.163.58904 > 8.8.8.8.53: 23269+ A? disc501.prod.do.dsp.mp.microsoft.com. (54)
    09:36:37.174020 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 266: 8.8.8.8.53 > 192.168.1.163.58904: 23269 4/0/0 CNAME disc501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME disc501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 104.117.196.80 (222)
    09:36:37.174026 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 266: 8.8.8.8.53 > 192.168.1.163.58904: 23269 4/0/0 CNAME disc501.prod.dodsp.mp.microsoft.com.nsatc.net., CNAME disc501.prod.do.dsp.mp.microsoft.com.edgekey.net., CNAME e10370.g.akamaiedge.net., A 104.117.196.80 (222)
    09:36:37.783017 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 188: 192.168.1.1.53 > 192.168.1.163.56034: 35883 4/0/0 CNAME teams.office.com., CNAME teams-office-com.s-0005.s-msedge.net., CNAME s-0005.s-msedge.net., A 52.113.194.132 (144)
    09:36:37.783024 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 188: 192.168.1.1.53 > 192.168.1.163.56034: 35883 4/0/0 CNAME teams.office.com., CNAME teams-office-com.s-0005.s-msedge.net., CNAME s-0005.s-msedge.net., A 52.113.194.132 (144)
    09:36:38.738631 Port5, IN:   P 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.51674 > 8.8.8.8.53: 46677+ A? wpad.helvetic.local. (37)
    09:36:38.738692 br0, IN:  In 00:e0:4c:68:01:4d ethertype IPv4 (0x0800), length 81: 192.168.1.163.51674 > 8.8.8.8.53: 46677+ A? wpad.helvetic.local. (37)
    09:36:38.744250 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 156: 8.8.8.8.53 > 192.168.1.163.51674: 46677 NXDomain 0/1/0 (112)
    09:36:38.744258 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 156: 8.8.8.8.53 > 192.168.1.163.51674: 46677 NXDomain 0/1/0 (112)
    09:36:39.243469 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 251: 192.168.1.1.53 > 192.168.1.163.60502: 8292 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-7.francecentral.cloudapp.azure.com., A 52.114.104.73 (207)
    09:36:39.243480 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 251: 192.168.1.1.53 > 192.168.1.163.60502: 8292 3/0/0 CNAME francecentralcns-prod.trafficmanager.net., CNAME francecentralcns-prod-7.francecentral.cloudapp.azure.com., A 52.114.104.73 (207)
    09:36:39.243919 br0, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 200: 192.168.1.1.53 > 192.168.1.163.51276: 24461 3/0/0 CNAME api-userstore-skype.trafficmanager.net., CNAME userstore-euwe-05-skype.cloudapp.net., A 52.113.199.176 (156)
    09:36:39.243925 Port5, OUT: Out 7c:5a:1c:7e:d0:da ethertype IPv4 (0x0800), length 200: 192.168.1.1.53 > 192.168.1.163.51276: 24461 3/0/0 CNAME api-userstore-skype.trafficmanager.net., CNAME userstore-euwe-05-skype.cloudapp.net., A 52.113.199.176 (156)
    ^C
    204 packets captured
    204 packets received by filter
    0 packets dropped by kernel
    XG135_XN03_SFOS 18.0.5 MR-5-Build586#
    

    For your info, there are no difference on the ipconfig /all of the computer.

    Carte Ethernet Ethernet 3 :

       Suffixe DNS propre à la connexion. . . : helvetic.local
       Description. . . . . . . . . . . . . . : Realtek USB GbE Family Controller
       Adresse physique . . . . . . . . . . . : 98-FC-84-E2-24-11
       DHCP activé. . . . . . . . . . . . . . : Oui
       Configuration automatique activée. . . : Oui
       Adresse IPv4. . . . . . . . . . . . . .: 192.168.1.163(préféré)
       Masque de sous-réseau. . . . . . . . . : 255.255.255.0
       Bail obtenu. . . . . . . . . . . . . . : lundi, 17 mai 2021 08:41:50
       Bail expirant. . . . . . . . . . . . . : mardi, 18 mai 2021 08:41:49
       Passerelle par défaut. . . . . . . . . : 192.168.1.1
       Serveur DHCP . . . . . . . . . . . . . : 192.168.1.1
       Serveurs DNS. . .  . . . . . . . . . . : 192.168.1.1
                                                                     8.8.8.8
       NetBIOS sur TCPIP. . . . . . . . . . . : Désactivé

  • This is our setting in DNS of Sophos. Is this correct ?

  • Those both should be external DNS servers in that section. They are in mine. Use your providers DNS server or something like 1.1.1.1 (or second google dns server ip 8.8.4.4).

    Also if you are pointing your DHCP assigned users to use the Sophos as the primary DNS like you show under the DHCP options in the screenshot a few posts above and you need to resolve local addresses from an internal DNS server - make sure to setup a DNS request route for your internal domain to go against your internal DNS server.

  • Hello Scott, 

    Thank you for the repy. 

    We added a new DNS request route with helvetic.local as domain name and choose the DNS server as target servers.

    But it doesn't change anything... 

    We have to reconnect the rj45 cable to find the right DNS server.

    We tried to remove the internal DNS server on DNS configuration. But it doesn't work. 

    When we put only the internal DNS server on the DNS configuration, it works. 

    Do you think we should put only the internal server DNS as the DNS 1 and no DNS 2 and 3 ?

    Do you have any others idea?

    Samuel

  • Hi Samuel,

    What do you mean it didnt work when you tried to remove the DNS (192.168.1.1)?  Are you saying it wouldn't let you remove it or you have the same issue?

    I would make sure your 1st  and 2nd DNS servers are external DNS servers.

    Here's my current config.  The third DNS server is an internal address in this case. The first two are external DNS servers(Google etc).  Not pictured but below  this is the  DNS request route for my local domain DNS servers for internal resolution. 

  • Hi, 

    When i removed the dns server 192.168.1.1, i have the same issue than before. 

    I always need to reconnect the rj45 cable... 

    If I do like your configuration, I have the same issue.

    But if I only put my internal DNS server (192.168.1.1) as DNS 1 and nothing in 2 and 3. It works... 

    It's weird !

    Samuel

  • Hello Samuel,

    Thank you for the logs and packet capture, so it seems your Windows computer prefers to use the Public DNS rather than the XG, when you disconnect the cable, your computer decides to start using the other DNS, and it is when it works, you could set the XG DNS as the primary manually in the computers, I take 192.168.1.1 is the XG and not another computer in your network doing the DNS.

    Or you can simply remove the 8.8.8.8 from the XG, and let your computers use the XG for DNS resolution for local and external FQDN.

    IF the XG  isn’t 192.168.1.1 and is another computer,  as Scott suggested, remove this from the DNS of the XG, and add a DNS request route on the XG to point to 192.168.1.1 for your helvetik.local

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello Emmanuel, 

    It's Works when i remove the 8.8.8.8 from the XG. 

    Thank you for your reply.

    Samuel