Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding FQDN host object causes restart of DNS and failure in name resolution.

Every time FQDN hosts object is being added to firewall it causes dnscache to restart. During restart name resolution using firewall fails.

New FQDN host object being added to firewall, notice how PID changes for dnscache process. Instead of reloading service it gets restarted.

When checking related logs it stays in "Loading ATP database" for long time, during this name resolution fails.

This means no FQDN object can be added during working hours if firewall is being used as DNS server.

During XML import of FQDN host objects. DNS will be down during whole import process (for us it took around 40 minutes for around 100 objects)

Same behavior has been tested in v18.5 and 19.0.1 of SFOS so this bug has been around for quite a while.

Tested on:

18.5.4

19.0.1

19.5.0

All seems to have same bug.



This thread was automatically locked due to age.
Parents
  • Essentially ATP takes a long time to reload on smaller appliances, but a reload of the ATP should not be the case. 

    In ATP, do you inspect all or only untrusted services? 

    __________________________________________________________________________________________________________________

Reply
  • Essentially ATP takes a long time to reload on smaller appliances, but a reload of the ATP should not be the case. 

    In ATP, do you inspect all or only untrusted services? 

    __________________________________________________________________________________________________________________

Children
  • Only untrusted content. Does not matter if I test it on a XG 210 or 135. DNS is still down for several seconds after adding FQDN host. Removing host does not cause DNS to restart. Also tested this on a clean reset device with only one FW rule for WAN and same thing happens.