This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error in Application Control logs

Hi,

since 10.05.16 I am experiencing some strange errors in my Application Control logs:

2016:05:20-13:01:42 utm-server afcd[27428]: vy_plugin: E: failed to parse DNS RR in answer section of length 16 at offset 4 [C0 33 00 01 80 01 00 00 00 78 00 04 C0 A8 B2 3C], unsupported resource records class (Resource temporarily unavailable) 2016:05:20-13:01:42 utm-server afcd[27428]: vy_plugin: E: failed to parse DNS RR in answer section of length 28 at offset 4 [C0 33 00 1C 80 01 00 00 00 78 00 10 FE 80 00 00 00 00 00 00 55 A6 D1 DD CB 2D CC 98], unsupported resource records class (Resource temporarily unavailable) 2016:05:20-13:01:42 utm-server afcd[27428]: vy_plugin: E: failed to parse DNS RR in additional section of length 18 at offset 4 [C0 0C 00 2F 80 01 00 00 00 78 00 06 C0 0C 00 02 00 08], unsupported resource records class (Resource temporarily unavailable)

I think this all started with the upgrade to UTM version 9.402-7.
Is someone experiancing the same issues?


This thread was automatically locked due to age.
  • Hi,

    Do you have any configuration for Request Route in UTM. Go to, Network Services>DNS>Request route.

    The error logs can be observed when UTM is not able to resolve the request routes.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hello Sachin Gurung,

    thank you very much for your help. I have just configured the proxy settings like you recommend me. I will report later if the issue is solved.

  • Hello,

    i am afraid the issue is not solved. Even after the update to version 9.403-4 there are the same errors in the logs. 

    Here is another summary of my current logs:

    2016:05:26-09:20:41 utm-server afcd[9645]: vy_plugin: N: finalizing vineyard thread
    2016:05:26-09:20:41 utm-server afcd[9645]: STATUS: alert_lvl="GREEN" run_time=4506 num_cts=0 pktps_avg=69.49 pktps_avg_max=106.20 skipped_pktps_avg=0.00 skipped_pktps_avg_max=2.00 connps_avg=7.59 connps_avg_max=13.17 rusage_sys=2.492 rusage_usr=1.620
    2016:05:26-09:20:41 utm-server afcd[9645]:  BONJOUR (nfmark 0000050c):     15 packets,   0 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:     CIFS (nfmark 00000048):    137 packets,   6 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:     DHCP (nfmark 00000075):      4 packets,   4 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:      DNS (nfmark 0000007c):   3278 packets, 1574 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:      GCM (nfmark 0000042b):      3 packets,   3 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:    GMAIL (nfmark 000000ad):     39 packets,  13 connections
    2016:05:26-09:20:41 utm-server afcd[9645]: GOOGANAL (nfmark 000000af):      7 packets,   7 connections
    2016:05:26-09:20:41 utm-server afcd[9645]: GOOGAPIS (nfmark 000000b0):      6 packets,   6 connections
    2016:05:26-09:20:41 utm-server afcd[9645]: GOOGDOCS (nfmark 000000b4):      2 packets,   2 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:   GOOGLE (nfmark 000000b6):     44 packets,  44 connections
    2016:05:26-09:20:41 utm-server afcd[9645]: GOOGPLUS (nfmark 0000024c):      5 packets,   5 connections
    2016:05:26-09:20:41 utm-server afcd[9645]: HOTSPTSH (nfmark 00000432):      8 packets,   8 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:     HTTP (nfmark 000000d3):   1066 packets,  54 connections
    2016:05:26-09:20:41 utm-server afcd[9645]: NTBIOSNS (nfmark 00000441):    103 packets, 103 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:      NTP (nfmark 0000015d):      8 packets,   8 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:    SKYPE (nfmark 000001c0):    227 packets,  26 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:     SOAP (nfmark 000004b0):   4835 packets, 506 connections
    2016:05:26-09:20:41 utm-server afcd[9645]: SOPHBROK (nfmark 00000318):      9 packets,   9 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:     SSDP (nfmark 000001d7):     66 packets,  66 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:      SSL (nfmark 000001d9):     72 packets,  18 connections
    2016:05:26-09:20:41 utm-server afcd[9645]:   TEREDO (nfmark 00000238):     40 packets,   0 connections
    2016:05:26-09:20:41 utm-server afcd[9645]: WSDSCVRY (nfmark 000004b6):      9 packets,   9 connections
    2016:05:26-09:20:41 utm-server afcd[9645]: packets: 15516 (15173 inspected, 52 skipped)
    2016:05:26-09:20:41 utm-server afcd[9645]: connections: 3472 (2471 classified)
    2016:05:26-09:20:41 utm-server afcd[18558]: _afc_cfg_file_plugin_parse: 1415 protocols registered
    2016:05:26-09:20:41 utm-server afcd[18558]: vy_plugin: N: aptp: threaddata loaded from /var/chroot-afc/etc/aptpdata
    2016:05:26-09:20:41 utm-server afcd[18558]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so'
    2016:05:26-09:20:41 utm-server afcd[18558]: _afc_cfg_file_plugin_parse: 1415 protocols registered
    2016:05:26-09:20:41 utm-server afcd[18587]: AFC ready.
    2016:05:26-09:48:18 utm-server afcd[18587]: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 89 from 192.168.178.56:5353 to 224.0.0.251:5353 [45 00 00 59 00 00 40 00 FF 11 27 B7 C0 A8 B2 38 E0 00 00 FB 14 E9 14 E9 00 45 80 8F 00 00 00 00 00 02 00 00 00 00 00 00 09 5F 32 33 33 36 33 37 44 45 04 5F 73 75 62 0B 5F 67 6F 6F 67 6C 65 63 61 73 74 04 5F 74 63 70 05 6C 6F 63 61 6C 00 00 0C 80 01 C0 1B 00 0C 80 01]
    2016:05:26-09:48:19 utm-server afcd[18587]: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 89 from 192.168.178.56:5353 to 224.0.0.251:5353 [45 00 00 59 00 00 40 00 FF 11 27 B7 C0 A8 B2 38 E0 00 00 FB 14 E9 14 E9 00 45 81 8F 00 00 00 00 00 02 00 00 00 00 00 00 09 5F 32 33 33 36 33 37 44 45 04 5F 73 75 62 0B 5F 67 6F 6F 67 6C 65 63 61 73 74 04 5F 74 63 70 05 6C 6F 63 61 6C 00 00 0C 00 01 C0 1B 00 0C 00 01]
    2016:05:26-09:48:20 utm-server afcd[18587]: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 89 from 192.168.178.56:5353 to 224.0.0.251:5353 [45 00 00 59 00 00 40 00 FF 11 27 B7 C0 A8 B2 38 E0 00 00 FB 14 E9 14 E9 00 45 81 8F 00 00 00 00 00 02 00 00 00 00 00 00 09 5F 32 33 33 36 33 37 44 45 04 5F 73 75 62 0B 5F 67 6F 6F 67 6C 65 63 61 73 74 04 5F 74 63 70 05 6C 6F 63 61 6C 00 00 0C 00 01 C0 1B 00 0C 00 01]

    As you can see the application module work properly but there are some sporadically occuring issues as described above.
  • Hi,

    The log lines will not disappear in the latest firmware and so is never suggested. This logs are generated when you have an incorrect request routing configured in UTM as mentioned in my previous post.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • A few days ago i just went back to UTM version 9.356 and the error is gone.

  • I have this too:

     

    Build: 9.408-4

     

  • Hi All,

    Please show us a picture of the DNS configuration on UTM and if any request route configured. 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Global:

    Forwarders:

    Request Routing (includes all reverse lookup networks, this shot shows the local domains and some of the reverses):

    Static Entries and DynDNS are untouched/default/blank.

     

    Using the Support > Tools > DNS Lookup I can resolve my local domain names and reverse lookups.

    Also, I did put our local client/server domain name as the "Search Domain".

     

    Mark

  • Hi Mark,

    Add LAN network in the Allowed network box in DNS settings and see if the logs disappear. As I mentioned earlier, the issue could be caused due to the configured request routes in UTM. I can see several request routes and I suspect some of them might be unresolved. 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.