Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 4 subscribers
  • Views 2009 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS issue on Sophos? Log message "host unreachable resolving"

jv-1994

Hello Community,

we have sporadic issues with DNS requests within our network.

Sometime out of the blue users are complaining that they are not able to access multiple websites anymore or it takes pretty long.

When checking our Sophos UTM logging I can see lots of log messages with the following:

named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
named[17516]: host unreachable resolving './A/IN': xxx.xxx.xxx.xxx#53
 
Or log messages like this:
named[8502]: REFUSED unexpected RCODE resolving 'xx.xx.xxxxxx.xxxx/A/IN': xxx.xxx.xxx.xxx#53
named[8502]: REFUSED unexpected RCODE resolving 'xx.xx.xxxxxx.xxxx/A/IN': xxx.xxx.xxx.xxx#53
named[8502]: REFUSED unexpected RCODE resolving 'xx.xx.xxxxxx.xxxx/A/IN': xxx.xxx.xxx.xxx#53
named[8502]: REFUSED unexpected RCODE resolving 'xx.xx.xxxxxx.xxxx/A/IN': xxx.xxx.xxx.xxx#53

We than have to flush the resolver cache on our Sophos, it takes a few minutes and afterwards everything is working properly again.

The DNS setup was done like the best practice manual (https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32566/solved-dns-best-practice/109152)

Does anyone might have an idea what else we could be facing here?

Thanks in advance & kind regards,

Judith



This thread was automatically locked due to age.
Unfiltered HTML