This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.1]DNS server failed to contact!

Hi All

It seems that i am getting the following entries in the system log

2013:05:24-19:10:59 ****** dns-resolver[4774]: DNS server failed to contact!
2013:05:24-19:12:22 ****** dns-resolver[4774]: DNS server failed to contact!
2013:05:24-19:13:44 ****** dns-resolver[4774]: DNS server failed to contact!

However, there is nothing in the DNS log!

DNS last entries are:

2013:05:24-11:47:49 ***** named[4780]: DNS format error from 2620:0:ccc::2#53 resolving for client unrelated AAAA in authority section

2013:05:24-11:47:49 ***** named[4780]: error (FORMERR) resolving '': 2620:0:ccc::2#53
2013:05:24-11:48:16 ***** named[4780]: error (unexpected end of input) resolving '': 2620:0:ccc::2#53


This thread was automatically locked due to age.
  • Hi,

    I have the same errors in my log. Did you find the reason for this?

    Thank You!

    Jas Man

  • Hi all,

    I did some research and find out, that it has to do with the "Request Routing" under "Network Services" -> "DNS". I have different domains and PTRs configured regarding some VPN connections and guest networks.

    I disabled all routes and the failure was gone.
    So I enabled them one after another and the failure occures right after I enabled the entry for my own domain/DNS suffix, which is spread out via the DHCP server to the clients. The entry points to the UTM itself (jasnet.intern -> Sophos UTM LAN IF). The PTR record for the subnet of jasnet.intern works well.

    I configured this as supposed by the DNS Best Practise guide. Maybe I've only a understanding problem:

    - must I configure the DNS suffix for "Request Routing" when the UTM itself manage this suffix?
    - same question regarding the PTR record. Is the "Request Routing" needed for PTR when the UTM is the only DNS server in the network?

    Thank you!

    Jas Man

  • No Request Route is needed for froward and reverse DNS created by the UTM.

    That KB article was plagiarized from my post DNS Best Practice.  I don't know how accurate that article is, but my post is maintained and improved on a regular basis.  As you can see from the change log at the bottom of the post, I'm careful to credit the work of others.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob.

    This answers my question, and the failure is still gone.

Reply Children
No Data