I've had this happen now twice and I'm scratching my head.
Sophos UTM SG210 9.700-5
6 VLANs use the Sophos for DNS. The forwarders on the Sophos point back to domain controllers. Usually everything 'just works' but twice now I've had an issue where when you look at the packet filter logs you see devices on one subnet having their traffic dropped/blocked when trying to hit the Sophos VLAN IP on port 53. When looking at DNS Proxy live log you see BIND trying to restart itself over and over, and failing:
2020:02:17-10:59:16 cyph-bhm01 named[14430]: loading configuration from '//etc/named.conf'
2020:02:17-10:59:16 cyph-bhm01 named[14430]: //etc/named.conf:343: zone 'cunknown-1': already exists previous definition: //etc/named.conf:203
2020:02:17-10:59:16 cyph-bhm01 named[14430]: loading configuration: failure
2020:02:17-10:59:16 cyph-bhm01 named[14430]: exiting (due to fatal error)
When this happens I have to ssh in and delete the duplicate 'cunknown-1' entry in:
/var/sec/chroot-bind/etc/named.conf
and then restart BIND with:
/var/mdw/scripts/named restart
After that BIND loads properly and all VLANs can use the Sophos as their DNS resolver
The firewall has been rebooted but the problem persists. In both cases I've left the first entry on like 203 alone and deleted the duplicated entry on like 343. There is also another 'unknown' on line 287 that doesn't appear to break anything:
line 203:
zone "cunknown-1." IN {
type master;
file "static/cunknown-1..zone";
check-names ignore;
allow-update { none; };
};
line 287:
zone "cunknown-1.unknown" IN {
type master;
file "static/cunknown-1.unknown.zone";
check-names ignore;
allow-update { none; };
};
line 343:
zone "cunknown-1" IN {
type master;
file "static/cunknown-1.zone";
check-names ignore;
allow-update { none; };
};
I've done some google-fu but my skills are weak. I was unable to find any explicit matches with this error on Sophos UTM
This thread was automatically locked due to age.
