Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 11172 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Service fails every 30 minutes for ~60 seconds - SG105

SophieBerger

Hello,

we have a SG105 that runs the DNS service. It forwards all requests that it cannot handle to the Google DNS servers 8.8.8.8 and 8.8.4.4.

For some reason that I cannot figure out, the DNS service fails to forward requests every 30 minutes for roughly 60 seconds where it's simply dead.

I have no idea what's going on. From looking into the logs I assume that some config gets reloaded and the service restarted. If that has to be I'd like to figure out what config that is and want to find a way that it does so only like at 4am when nobody actually needs the DNS service.

Maybe some of you has an idea whats going on. I appreciate the help.

Thanks in advance!

Sophie

notifier.log
2017:01:06-11:39:28 sophos notifier[3653]: loading config version 1348
2017:01:06-11:40:24 sophos notifier[3653]: loading config version 1350

fallback.log
2017:01:06-11:39:14 sophos [user:notice] " 
2017:01:06-11:39:30 sophos [user:notice] " 
2017:01:06-11:39:32 sophos [user:notice] " 
2017:01:06-11:39:33 sophos [user:notice] " 
2017:01:06-11:39:36 sophos [user:notice] " 
2017:01:06-11:39:41 sophos [user:notice] " 
2017:01:06-11:39:44 sophos [user:notice] " 

service_monitor.log
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.8.8 changed state to OFFLINE"
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.4.4"
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.4.4 changed state to OFFLINE"
2017:01:06-11:39:28 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.4.4"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.8.8 changed state to ONLINE"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.8.8"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="REF_NetAvaGooglDnsServe ICMP 8.8.4.4 changed state to ONLINE"
2017:01:06-11:40:23 sophos service_monitor[5294]: id="4000" severity="info" sys="System" sub="loadbalancing" name="Set Availability Group REF_NetAvaGooglDnsServe to 8.8.8.8"

up2date.log
2017:01:06-11:40:03 sophos audld[626]: no HA system or cluster node
2017:01:06-11:40:03 sophos audld[626]: Starting Up2Date Package Downloader
2017:01:06-11:40:05 sophos audld[626]: patch up2date possible
2017:01:06-11:40:05 sophos audld[626]: Using static update server list in HA mode
2017:01:06-11:40:26 sophos audld[626]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Internal Server Error).
2017:01:06-11:40:27 sophos audld[626]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2017:01:06-11:40:27 sophos audld[626]: Using static download server list in HA mode

mdw.log
2017:01:06-11:39:28 sophos middleware[3787]: T main::top-level:213() => starting cycle 1336, caught 1 signals
2017:01:06-11:39:29 sophos middleware[3787]: T core::Config::Changed:194() => configversion=1348
2017:01:06-11:39:29 sophos middleware[3787]: T core::Config::Changed:204() => nodes=0 objects=1 triggers=0
2017:01:06-11:39:29 sophos middleware[3787]: T core::Config::load:347() => modules=2,9
2017:01:06-11:39:29 sophos middleware[3787]: T modules::ipset::deleteUnused:320() => auto#=6/682 confd#=0/341
2017:01:06-11:39:29 sophos middleware[3787]: T main::top-level:264() => ending cycle 1336, caught 0 signals, 0 children still running
2017:01:06-11:39:47 sophos middleware[3787]: T main::top-level:213() => starting cycle 1337, caught 1 signals
2017:01:06-11:39:47 sophos middleware[3787]: T core::Config::Changed:194() => configversion=1349
2017:01:06-11:39:47 sophos middleware[3787]: T core::Config::Changed:204() => nodes=0 objects=1 triggers=0
2017:01:06-11:39:47 sophos middleware[3787]: T core::Config::load:347() => modules=2,3
2017:01:06-11:39:48 sophos middleware[3787]: T modules::ipset::deleteUnused:320() => auto#=6/682 confd#=0/341
2017:01:06-11:39:48 sophos middleware[3787]: T main::top-level:275() => cycle 1337 waiting for 1 children
2017:01:06-11:39:48 sophos middleware[3787]: T main::top-level:264() => ending cycle 1337, caught 0 signals, 0 children still running
2017:01:06-11:40:24 sophos middleware[3787]: T main::top-level:213() => starting cycle 1338, caught 1 signals
2017:01:06-11:40:24 sophos middleware[3787]: T core::Config::Changed:194() => configversion=1350
2017:01:06-11:40:24 sophos middleware[3787]: T core::Config::Changed:204() => nodes=0 objects=1 triggers=0
2017:01:06-11:40:24 sophos middleware[3787]: T core::Config::load:347() => modules=2,9
2017:01:06-11:40:25 sophos middleware[3787]: T modules::ipset::deleteUnused:320() => auto#=6/682 confd#=0/341
2017:01:06-11:40:25 sophos middleware[3787]: T main::top-level:264() => ending cycle 1338, caught 0 signals, 0 children still running

system.log
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_DefaultSophosUTMSupportHost
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep1t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep5t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver2a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep4t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep2t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver4a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep3t
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver3a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver1a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsResolver5a
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NetDnsSophoLivec
2017:01:06-11:39:29 sophos dns-resolver[4246]: Adding REF_NtpPool
2017:01:06-11:39:39 sophos dns-resolver[4246]: DNS server failed to contact!
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver1a :: resolver1.ast.ctmail.mw-com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver2a :: resolver2.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_DefaultSophosUTMSupportHost :: dispatch.apu.sophos.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver5a :: resolver5.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep1t :: iprep1.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep5t :: iprep5.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep4t :: iprep4.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep3t :: iprep3.t.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver3a :: resolver3.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: Updating REF_NtpPool :: pool.ntp.org
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsResolver4a :: resolver4.ast.ctmail.com
2017:01:06-11:39:47 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep2t :: iprep2.t.ctmail.com
2017:01:06-11:39:48 sophos ntpd[31558]: ntpd exiting on signal 15 (Terminated)
2017:01:06-11:39:48 sophos ntpd[31558]: 127.127.1.0 local addr 127.0.0.1 -> <null>
2017:01:06-11:39:48 sophos ntpd[31558]: 136.243.177.133 local addr 172.17.16.5 -> <null>
2017:01:06-11:39:48 sophos ntpd[31558]: 78.46.188.101 local addr 172.17.16.5 -> <null>
2017:01:06-11:39:48 sophos ntpd[31558]: 5.100.133.221 local addr 172.17.16.5 -> <null>
2017:01:06-11:39:48 sophos ntpd[598]: ntpd 4.2.8p8@1.3265-o Thu Sep 15 09:37:01 UTC 2016 (1): Starting
2017:01:06-11:39:48 sophos ntpd[598]: Command line: /sbin/ntpd
2017:01:06-11:39:48 sophos ntpd[600]: proto: precision = 0.840 usec (-20)
2017:01:06-11:39:48 sophos ntpd[600]: restrict 0.0.0.0: KOD does nothing without LIMITED.
2017:01:06-11:39:48 sophos ntpd[600]: restrict ::: KOD does nothing without LIMITED.
2017:01:06-11:39:48 sophos ntpd[600]: Listen and drop on 0 v6wildcard [::]:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen and drop on 1 v4wildcard 0.0.0.0:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 2 lo 127.0.0.1:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 3 eth0 172.17.16.10:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 4 br0 172.17.16.5:123
2017:01:06-11:39:48 sophos ntpd[600]: Listen normally on 5 lo [::1]:123
2017:01:06-11:39:48 sophos ntpd[600]: Listening on routing socket on fd #22 for interface updates
2017:01:06-11:40:01 sophos /usr/sbin/cron[621]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
2017:01:06-11:40:01 sophos /usr/sbin/cron[626]: (root) CMD (/sbin/audld.plx --trigger)
2017:01:06-11:40:02 sophos /usr/sbin/cron[632]: (root) CMD (/var/mdw/scripts/pmx-blocklist-update)
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_DefaultSophosUTMSupportHost
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep1t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep5t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver2a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep4t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep2t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver4a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsIPrep3t
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver3a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver1a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsResolver5a
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NetDnsSophoLivec
2017:01:06-11:40:25 sophos dns-resolver[4246]: Adding REF_NtpPoolm
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver1a :: resolver1.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver2a :: resolver2.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_DefaultSophosUTMSupportHost :: dispatch.apu.sophos.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver5a :: resolver5.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep1t :: iprep1.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep5t :: iprep5.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep4t :: iprep4.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep3t :: iprep3.t.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver3a :: resolver3.ast.ctmail.com
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NtpPool :: pool.ntp.org
2017:01:06-11:40:25 sophos dns-resolver[4246]: No change to REF_NetDnsResolver4a :: resolver4.ast.ctmail.com
2017:01:06-11:40:26 sophos dns-resolver[4246]: No change to REF_NetDnsIPrep2t :: iprep2.t.ctmail.com

confd.log
2017:01:06-11:39:28 sophos confd[3272]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="availability_group" ref="REF_NetAvaGooglDnsServe" objname="Google DNS Servers" user="system" srcip="127.0.0.1" sid="PehrxfTgRcwIAJtshBbN" facility="system" client="service_monitor" pid="538" attr_address="8.8.4.4" oldattr_address="8.8.8.8"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1341 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1342 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1343 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1344 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1345 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::cleanup_changelog:990() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 1346 from changelog"
2017:01:06-11:39:28 sophos confd[3272]: I main::top-level:774() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="PehrxfTgRcwIAJtshBbN" facility="system" client="service_monitor" pid="538" version="1348" storage="/cfg"
2017:01:06-11:39:47 sophos confd[3272]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="dns_group" ref="REF_NtpPool" objname="NTP Server Pool" user="system" srcip="127.0.0.1" sid="qWGWVRaofSzKrVvDVxEl" facility="system" client="dns-resolver.plx" pid="554" attr_addresses="['146.0.32.144','131.188.3.222','37.120.191.245']" oldattr_addresses="['136.243.177.133','78.46.188.101','5.100.133.221']"
2017:01:06-11:39:47 sophos confd[3272]: I main::top-level:774() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="qWGWVRaofSzKrVvDVxEl" facility="system" client="dns-resolver.plx" pid="554" version="1349" storage="/cfg"
2017:01:06-11:40:23 sophos confd[3272]: I main::top-level:677() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="availability_group" ref="REF_NetAvaGooglDnsServe" objname="Google DNS Servers" user="system" srcip="127.0.0.1" sid="JjLnrOBnIoHxrArYqEvW" facility="system" client="service_monitor" pid="713" attr_address="8.8.8.8" oldattr_address="8.8.4.4"
2017:01:06-11:40:24 sophos confd[3272]: I main::top-level:774() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="JjLnrOBnIoHxrArYqEvW" facility="system" client="service_monitor" pid="713" version="1350" storage="/cfg"

named.log
2017:01:06-11:39:29 sophos named[4253]: received control channel command 'reload'
2017:01:06-11:39:29 sophos named[4253]: loading configuration from '//etc/named.conf'
2017:01:06-11:39:29 sophos named[4253]: sizing zone task pool based on 24 zones
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 10.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 16.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 17.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 18.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 19.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 20.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 21.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 22.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 23.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 24.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 25.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 26.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 27.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 28.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 29.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 30.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 31.172.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 168.192.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 64.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 65.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 66.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 67.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 68.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 69.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 70.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 71.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 72.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 73.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 74.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 75.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 76.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 77.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 78.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 79.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 80.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 81.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 82.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 83.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 84.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 85.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 86.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 87.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 88.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 89.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 90.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 91.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 92.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 93.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 94.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 95.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 96.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 97.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 98.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 99.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 100.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 101.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 102.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 103.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 104.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 105.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 106.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 107.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 108.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 109.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 110.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 111.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 112.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 113.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 114.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 115.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 116.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 117.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 118.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 119.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 120.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 121.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 122.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 123.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 124.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 125.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 126.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 127.100.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 0.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 127.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 254.169.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 2.0.192.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 100.51.198.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 113.0.203.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 255.255.255.255.IN-ADDR.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: D.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 8.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 9.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: A.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: B.E.F.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: 8.B.D.0.1.0.0.2.IP6.ARPA
2017:01:06-11:39:29 sophos named[4253]: automatic empty zone: view default: EMPTY.AS112.ARPA
2017:01:06-11:39:29 sophos named[4253]: configuring command channel from '//etc/rndc.key'
2017:01:06-11:39:29 sophos named[4253]: reloading configuration succeeded
2017:01:06-11:39:29 sophos named[4253]: reloading zones succeeded
2017:01:06-11:39:29 sophos named[4253]: received control channel command 'flush'
2017:01:06-11:39:29 sophos named[4253]: flushing caches in all views succeeded
2017:01:06-11:39:29 sophos named[4253]: all zones loaded
2017:01:06-11:39:29 sophos named[4253]: running
2017:01:06-11:40:24 sophos named[4253]: received control channel command 'reload'
2017:01:06-11:40:24 sophos named[4253]: loading configuration from '//etc/named.conf'
2017:01:06-11:40:24 sophos named[4253]: sizing zone task pool based on 24 zones
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 10.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 16.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 17.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 18.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 19.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 20.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 21.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 22.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 23.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 24.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 25.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 26.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 27.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 28.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 29.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 30.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 31.172.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 168.192.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 64.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 65.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 66.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 67.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 68.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 69.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 70.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 71.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 72.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 73.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 74.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 75.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 76.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 77.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 78.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 79.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 80.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 81.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 82.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 83.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 84.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 85.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 86.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 87.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 88.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 89.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 90.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 91.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 92.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 93.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 94.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 95.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 96.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 97.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 98.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 99.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 100.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 101.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 102.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 103.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 104.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 105.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 106.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 107.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 108.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 109.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 110.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 111.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 112.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 113.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 114.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 115.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 116.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 117.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 118.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 119.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 120.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 121.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 122.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 123.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 124.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 125.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 126.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 127.100.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 0.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 127.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 254.169.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 2.0.192.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 100.51.198.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 113.0.203.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 255.255.255.255.IN-ADDR.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: D.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 8.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 9.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: A.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: B.E.F.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: 8.B.D.0.1.0.0.2.IP6.ARPA
2017:01:06-11:40:24 sophos named[4253]: automatic empty zone: view default: EMPTY.AS112.ARPA
2017:01:06-11:40:24 sophos named[4253]: configuring command channel from '//etc/rndc.key'
2017:01:06-11:40:24 sophos named[4253]: reloading configuration succeeded
2017:01:06-11:40:24 sophos named[4253]: reloading zones succeeded
2017:01:06-11:40:24 sophos named[4253]: received control channel command 'flush'
2017:01:06-11:40:24 sophos named[4253]: flushing caches in all views succeeded
2017:01:06-11:40:24 sophos named[4253]: all zones loaded
2017:01:06-11:40:24 sophos named[4253]: running

packetfilter.log
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="54609" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="54609" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42877" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42877" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="46499" dstport="53" 
2017:01:06-11:39:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="46499" dstport="53" 
2017:01:06-11:39:08 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:09 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:11 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:14 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="58339" dstport="53" 
2017:01:06-11:39:14 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.8.8" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="30615" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:24 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:24 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:25 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:25 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:27 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:27 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:28 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="65" tos="0x00" prec="0x00" ttl="255" srcport="52034" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="173.194.169.101" dstip="172.17.17.6" proto="17" length="95" tos="0x00" prec="0x00" ttl="45" srcport="63850" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="51085" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="59" tos="0x00" prec="0x00" ttl="255" srcport="57852" dstport="53" 
2017:01:06-11:39:30 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.8.8" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="45275" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:32 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="58421" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:33 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:33 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:33 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="44460" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:35 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:35 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:36 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="61393" dstport="53" 
2017:01:06-11:39:36 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:36 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="21872" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="61393" dstport="53" 
2017:01:06-11:39:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="64" srcport="45987" dstport="53" 
2017:01:06-11:39:40 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="255" srcport="59561" dstport="53" 
2017:01:06-11:39:41 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="69" tos="0x00" prec="0x00" ttl="255" srcport="51902" dstport="53" 
2017:01:06-11:39:41 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="55820" dstport="53" 
2017:01:06-11:39:41 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="28220" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="61393" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="54851" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49272" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="69" tos="0x00" prec="0x00" ttl="255" srcport="51902" dstport="53" 
2017:01:06-11:39:42 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="55820" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49272" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49550" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="77" tos="0x00" prec="0x00" ttl="255" srcport="56716" dstport="53" 
2017:01:06-11:39:43 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="50170" dstport="53" 
2017:01:06-11:39:44 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="69" tos="0x00" prec="0x00" ttl="255" srcport="51902" dstport="53" 
2017:01:06-11:39:44 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="55820" dstport="53" 
2017:01:06-11:39:44 sophos ulogd[4515]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="172.17.16.5" dstip="8.8.4.4" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="59165" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="81" tos="0x00" prec="0x00" ttl="255" srcport="49550" dstport="53" 
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="77" tos="0x00" prec="0x00" ttl="255" srcport="56716" dstport="53" 
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="50170" dstport="53" 
2017:01:06-11:39:45 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="96" tos="0x00" prec="0x00" ttl="255" srcport="63833" dstport="53" 
2017:01:06-11:39:47 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="71" tos="0x00" prec="0x00" ttl="255" srcport="64454" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="41740" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="41740" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="37466" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="37466" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42869" dstport="53" 
2017:01:06-11:40:02 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:25:90:46:5c:84" dstmac="00:1a:8c:40:f3:38" srcip="172.17.17.6" dstip="172.17.16.10" proto="17" length="73" tos="0x00" prec="0x00" ttl="64" srcport="42869" dstport="53" 
2017:01:06-11:40:06 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="55388" dstport="53" 
2017:01:06-11:40:12 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="66" tos="0x00" prec="0x00" ttl="64" srcport="53308" dstport="53" 
2017:01:06-11:40:20 sophos ulogd[4515]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="104.244.42.1" dstip="172.17.20.21" proto="6" length="40" tos="0x00" prec="0x00" ttl="60" srcport="443" dstport="39116" tcpflags="RST" 
2017:01:06-11:40:22 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="88:15:44:2f:cc:ad" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.4" dstip="172.17.16.10" proto="17" length="56" tos="0x00" prec="0x00" ttl="64" srcport="52291" dstport="53" 
2017:01:06-11:40:38 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:09:4f:65:2d:53" dstmac="00:1a:8c:40:f3:38" srcip="172.17.16.3" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="62" srcport="39519" dstport="53" 
2017:01:06-11:40:47 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="68" tos="0x00" prec="0x00" ttl="255" srcport="55859" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="56837" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="67" tos="0x00" prec="0x00" ttl="255" srcport="65228" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="109" tos="0x00" prec="0x00" ttl="255" srcport="56837" dstport="53" 
2017:01:06-11:40:48 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="109" tos="0x00" prec="0x00" ttl="255" srcport="65228" dstport="53" 
2017:01:06-11:40:50 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="ac:29:3a:32:45:6b" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.3" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="255" srcport="59373" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="255" srcport="61860" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="62" tos="0x00" prec="0x00" ttl="255" srcport="60249" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="60" tos="0x00" prec="0x00" ttl="255" srcport="50057" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="176.34.233.8" dstip="172.17.20.43" proto="6" length="40" tos="0x00" prec="0x00" ttl="60" srcport="443" dstport="56045" tcpflags="RST" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="br0" outitf="br0" srcmac="00:a0:57:22:7d:77" dstmac="00:1a:8c:40:f3:39" srcip="176.34.233.8" dstip="172.17.20.43" proto="6" length="40" tos="0x00" prec="0x00" ttl="60" srcport="443" dstport="56047" tcpflags="RST" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="61" tos="0x00" prec="0x00" ttl="255" srcport="49843" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="61" tos="0x00" prec="0x00" ttl="255" srcport="52760" dstport="53" 
2017:01:06-11:40:52 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="78:4f:43:0c:09:ac" dstmac="00:1a:8c:40:f3:38" srcip="172.17.20.43" dstip="172.17.16.10" proto="17" length="99" tos="0x00" prec="0x00" ttl="255" srcport="61860" dstport="53" 
2017:01:06-11:40:56 sophos ulogd[4515]: id="2014" severity="info" sys="SecureNet" sub="packetfilter" name="DNS request" action="DNS request" fwrule="60011" initf="eth0" srcmac="00:09:4f:65:2d:53" dstmac="00:1a:8c:40:f3:38" srcip="172.17.16.3" dstip="172.17.16.10" proto="17" length="61" tos="0x00" prec="0x00" ttl="63" srcport="7162" dstport="53"


This thread was automatically locked due to age.
Unfiltered HTML