Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 3 subscribers
  • Views 19722 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS resolution failure from UTM

SalishSwede

I'm getting DNS failures on my UTM that are wreaking havoc with all systems.

Sample DNS logs:

2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 199.85.127.10#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.5.6.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.33.14.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.26.92.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.31.80.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.12.94.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.35.51.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.42.93.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.54.112.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.43.172.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.48.79.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.52.178.30#53
2016:01:11-00:00:08 ravenna named[4507]: error (network unreachable) resolving 'passthrough6.fw-notify.net/A/IN': 192.41.162.30#53

Reolved IP Addresses end up being all the DNS root servers:

128.63.2.53          Organization:   Headquarters, USAISC (HEADQU-3)
192.112.36.4         DoD Network Information Center (DNIC)
192.203.230.10         National Aeronautics and Space Administration
192.228.79.201        B.Root-Server-OPS (BROOT)
192.33.4.12        PSINet, Inc. (PSI)
192.36.148.17        Sweden DNS root name server i.root-servers.net.
192.5.5.241        Internet Systems Consortium, Inc. (ISC-94-Z)
192.58.128.30        VeriSign Global Registry Services (VGRS)
193.0.14.129        Netherland k.root-servers.net
198.41.0.4        VeriSign Infrastructure & Operations (VIO-2)
199.7.83.42        l.root-servers.net is run by the ICANN DNS Engineering Team
199.7.91.13        University of Maryland (UNIVER-262)
199.85.126.10        Symantec Corporation (SYMN)
2001:500:1::803f:235    h.root-server U.S. Army Research Laboratory (UARL-1)
2001:500:2d::d        d.root-server University of Maryland 
2001:500:2f::f        f.root Internet Systems Consortium, Inc. (ISC-94)
2001:500:3::42        l.root-servers.net is run by the ICANN DNS Engineering Team
2001:503:ba3e::2:30    a.root VeriSign Global Registry Services
2001:503:c27::2:30    j.root VeriSign Global Registry Services
2001:7fd::1        k.root Reseaux IP Europeens Network Coordination Centre (RIPE NCC)
2001:7fe::53        i.root NETNOD Internet Exchange i Sverige AB  same as 192.36.148.17 above
2001:dc3::35        a.root ip6
202.12.27.33        m.root Japan

My configuration was using Norton ConnectSafe service 
The attempts to resolve via the root servers is confusing to me.
Would this be a backup in case the forwarders fail?
Would my ISP (Centurylink) be the source of the blocking of this traffic?

I just reset to using Norton ConnectSafe again and did a direct lookup from the UTM Admin Tools interface.
I get the wrong result of 
Trying "outbound.mailhop.org" ;; 
->>HEADER<<- opcode: 
QUERY, status: NOERROR, 
id: 54348 ;; 
flags: qr rd ra; 
QUERY: 1, 
ANSWER: 2, 
AUTHORITY: 13, 
ADDITIONAL: 0 ;;
 QUESTION SECTION: ;outbound.mailhop.org. 
IN ANY ;; 
ANSWER SECTION: 
outbound.mailhop.org. 425 IN A  156.154.176.10 
outbound.mailhop.org. 425 IN A 156.154.175.10 ;; 

AUTHORITY SECTION: . 
72893 IN NS m.root-servers.net. . 
72893 IN NS b.root-servers.net. . 
72893 IN NS e.root-servers.net.

This is clearly wrong and it is stating it is using the root servers as the authority when I know they do not show this ip address for this fqdn.

The correct answer per this web site: http://centralops.net/co/DomainDossier.aspx
is

Address lookup

canonical name outbound.mailhop.org.
aliases
addresses 54.186.218.12
54.213.22.21
54.187.218.212		 

So setting a different set of DNS forwarders - this time Level 3's public DNS servers...

Trying "outbound.mailhop.org"

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13437

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 0



;; QUESTION SECTION:

;outbound.mailhop.org.		IN	ANY



;; ANSWER SECTION:

outbound.mailhop.org.	1490	IN	A	54.213.22.21

outbound.mailhop.org.	1490	IN	A	54.186.218.12

outbound.mailhop.org.	1490	IN	A	54.187.218.212

This is the correct set of addresses.


Can anyone explain what on earth is going on or how to troubleshoot this?

Thanks





This thread was automatically locked due to age.
Unfiltered HTML