This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS request timed out (Again)

I've read other users posts who have experienced the dreaded "DNS request timed out" error and also DNS best practice and Rulz but still have no idea what causes this:

C:\Windows\system32>nslookup api.netatmo.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    front-azure.netatmo.net
Address:  51.145.143.28
Aliases:  api.netatmo.com

192.168.0.0/24 has been added to DNS-Global-Allowed Networks

DNS-Forwarders have been configured with an Availability group containing Cloudflare Gateway DNS servers and 'Use forwarders assigned by ISP' is unchecked

DNS-Request Routing is empty. I'm not doing any reverse DNS for internal IPs

QoS is disabled for all networks

If I specify one of the Cloudflare DNS servers on the same host, instead of the UTM as the DNS server, no DNS time outs occur.

Here are some DNS logs:

2021:02:19-13:12:49 Hillary-1 named[4836]: client @0xa500680 127.0.0.1#41232 (220.0.168.192.in-addr.arpa): view no_rpz_dlz: RFC 1918 response from Internet for 220.0.168.192.in-addr.arpa
2021:02:19-13:17:52 Hillary-1 named[4836]: client @0xa4e9cd8 127.0.0.1#31441 (220.0.168.192.in-addr.arpa): view no_rpz_dlz: RFC 1918 response from Internet for 220.0.168.192.in-addr.arpa
2021:02:19-13:23:16 Hillary-1 named[4836]: client @0xa3cb150 127.0.0.1#26911 (220.0.168.192.in-addr.arpa): view no_rpz_dlz: RFC 1918 response from Internet for 220.0.168.192.in-addr.arpa
2021:02:19-13:28:10 Hillary-1 named[4836]: no valid RRSIG resolving '168.192.in-addr.arpa/DS/IN': 172.64.36.1#53
2021:02:19-13:29:04 Hillary-1 named[4836]: client @0xa76ea38 127.0.0.1#38483 (220.0.168.192.in-addr.arpa): view no_rpz_dlz: RFC 1918 response from Internet for 220.0.168.192.in-addr.arpa
2021:02:19-13:31:38 Hillary-1 named[4836]: validating plex.tv/A: no valid signature found
2021:02:19-13:31:39 Hillary-1 named: Last message 'validating plex.tv/A' repeated 1 times, suppressed by syslog-ng on Hillary
2021:02:19-13:31:39 Hillary-1 named[4836]: validating plex.tv/SOA: no valid signature found
2021:02:19-13:31:39 Hillary-1 named[4836]: validating plex.tv/NSEC: no valid signature found
2021:02:19-13:32:03 Hillary-2 named[4867]: no valid RRSIG resolving '168.192.in-addr.arpa/DS/IN': 172.64.36.1#53 

What am I not understanding?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    What's an observation with 'DNS forwarders' as google DNS IP 8.8.8.8 or Cloudflare IP 1.1.1.1?

    Which IPs are added in Cloudflare availability group?

    Ensure to an exception for UDP port 53 service to skip UDP Flood Protection.

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    What's an observation with 'DNS forwarders' as google DNS IP 8.8.8.8 or Cloudflare IP 1.1.1.1?

    Which IPs are added in Cloudflare availability group?

    Ensure to an exception for UDP port 53 service to skip UDP Flood Protection.

Children