This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Some DNS Groups Not Resolving All IPs

We have several UTM 9 firewalls in our AWS environment, all of which are in the same region (US East Virginia).

All of them have a handful of the same firewalls rules, allowing outbound access to various URLs that are defined as DNS Groups.

The problem is that on some firewalls, the DNS Group will resolve to numerous IP (as they properly should), but on other firewalls, the DNS Group will only resolve to 2 or 3 IPs.

When working properly, some of these URLs should resolve to dozens or even hundreds of different IPs.

Under Network Services - DNS, I have the same basic setup on all firewalls, allowing the internal network. So there is nothing different about the network setup between the multiple firewalls we have.

The issue appears to be totally random in regards to which firewalls will resolve all the possible IPs for a given DNS Group, versus which firewalls will only resolve a small percentage of possible IPs.

Anybody have any idea what the problem may be, or how I can get around this? Is there a way to force the firewall to rebuild its cache of IPs (other than rebooting the firewall)?

Thanks!



This thread was automatically locked due to age.
Parents
  • Hi

    We experience the same problem.
    Multiple appliances (>10) at different locations with a connection to the same DNS-server show a different amount of learned IP's for the same DNS group.

    hostname example: autodiscover.outlook.com

    The number of resolved IP's is between 18 and 119

    SG/UTM Firmware version: 9.604-2

  • Hoi Bart and welcome to the UTM Community!

    It's common for this to happen with broadly used FQDNs.

    I just used Domain Dossier on centralops.net for this one and got the following:

    52.96.22.8
    40.97.196.8
    40.97.197.136
    52.96.22.184
    2603:1036:804:c::8
    2603:1036:804:2::8
    2603:1036:804:9::8
    2603:1036:805:28::8

    All of the TTLs were 60 seconds, so a minute later, a second query returned:

    40.97.120.248
    40.97.120.216
    52.96.22.8
    40.97.198.40
    2603:1036:805:a0::8
    2603:1036:804:b::8
    2603:1036:802:1::8
    2603:1036:805:b4::8

    Cheers Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hoi Bart and welcome to the UTM Community!

    It's common for this to happen with broadly used FQDNs.

    I just used Domain Dossier on centralops.net for this one and got the following:

    52.96.22.8
    40.97.196.8
    40.97.197.136
    52.96.22.184
    2603:1036:804:c::8
    2603:1036:804:2::8
    2603:1036:804:9::8
    2603:1036:805:28::8

    All of the TTLs were 60 seconds, so a minute later, a second query returned:

    40.97.120.248
    40.97.120.216
    52.96.22.8
    40.97.198.40
    2603:1036:805:a0::8
    2603:1036:804:b::8
    2603:1036:802:1::8
    2603:1036:805:b4::8

    Cheers Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children