Flood of "resolver priming query complete" when using DNS forwarders

Same issue as in the post below.

https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/104163/sophos-utm-9-510-4-released---let-s-share-experiences/380061#380061

This has been on going since the 9.510-4 build.  Found to be present in 9.510-4, -5, and now 9.6. 

How do we get this fixed??

 

Parents
  • I experience the very same as Jay Jay. Another symptom is that no DNS forwarders are displayed at the corresponding place (Network Services/DNS/Forwarders shows "Currently assigned forwarders: none"). UTM version is 9.600-5. I found in the logs when all this started on my system:

    2018:12:21-21:50:28 vm-fw named[4809]: automatic empty zone: view default: 8.B.D.0.1.0.0.2.IP6.ARPA
    2018:12:21-21:50:28 vm-fw named[4809]: automatic empty zone: view default: EMPTY.AS112.ARPA
    2018:12:21-21:50:28 vm-fw named[4809]: none:99: 'max-cache-size 90%' - setting to 3686MB (out of 4095MB)
    2018:12:21-21:50:28 vm-fw named[4809]: configuring command channel from '//etc/rndc.key'
    2018:12:21-21:50:28 vm-fw named[4809]: reloading configuration succeeded
    2018:12:21-21:50:28 vm-fw named[4809]: reloading zones succeeded
    2018:12:21-21:50:28 vm-fw named[4809]: oculus driver teardown
    2018:12:21-21:50:28 vm-fw named[4809]: [tid 4147907440]: [aptp_disconnect]: aptp socket has been disconnected
    2018:12:21-21:50:28 vm-fw named[4809]: [tid 4147907440]: [aptp_exit] APTP cleanup done
    2018:12:21-21:50:28 vm-fw named[4809]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/no_rpz_dlz: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: zone 0.0.127.in-addr.arpa/IN/no_rpz_dlz: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: all zones loaded
    2018:12:21-21:50:28 vm-fw named[4809]: running
    2018:12:21-21:50:28 vm-fw named[4809]: zone localhost/IN/no_rpz_dlz: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: zone 0.0.127.in-addr.arpa/IN/default: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/default: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: rpz.zone:9: using RFC1035 TTL semantics
    2018:12:21-21:50:28 vm-fw named[4809]: zone rpz/IN/default: zone serial (1345588987) unchanged. zone may fail to transfer to slaves.
    2018:12:21-21:50:28 vm-fw named[4809]: rpz: (re)loading policy zone 'rpz' changed from 1 to 1 qname, 0 to 0 nsdname, 2084 to 2084 IP, 0 to 0 NSIP, 0 to 0 CLIENTIP entries
    2018:12:21-21:50:28 vm-fw named[4809]: zone rpz/IN/default: loaded serial 1345588987
    2018:12:21-21:50:28 vm-fw named[4809]: zone localhost/IN/default: loaded serial 1545425428
    2018:12:21-21:53:20 vm-fw named[4809]: [tid 4147907440]: [aptp_connect]: aptp socket connect succeeded
    2018:12:21-21:53:20 vm-fw named[4809]: resolver priming query complete
    2018:12:21-21:55:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-21:58:49 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:00:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:10:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:17:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:17:32 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:20:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:25:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:40:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:42:39 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:47:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:47:32 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:00:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:10:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:17:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:17:32 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:20:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:25:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:40:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:47:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:47:32 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:55:02 vm-fw named[4809]: resolver priming query complete
    2018:12:22-00:00:01 vm-fw named[4809]: resolver priming query complete

    On the other hand, DNS is apparently working.

Reply
  • I experience the very same as Jay Jay. Another symptom is that no DNS forwarders are displayed at the corresponding place (Network Services/DNS/Forwarders shows "Currently assigned forwarders: none"). UTM version is 9.600-5. I found in the logs when all this started on my system:

    2018:12:21-21:50:28 vm-fw named[4809]: automatic empty zone: view default: 8.B.D.0.1.0.0.2.IP6.ARPA
    2018:12:21-21:50:28 vm-fw named[4809]: automatic empty zone: view default: EMPTY.AS112.ARPA
    2018:12:21-21:50:28 vm-fw named[4809]: none:99: 'max-cache-size 90%' - setting to 3686MB (out of 4095MB)
    2018:12:21-21:50:28 vm-fw named[4809]: configuring command channel from '//etc/rndc.key'
    2018:12:21-21:50:28 vm-fw named[4809]: reloading configuration succeeded
    2018:12:21-21:50:28 vm-fw named[4809]: reloading zones succeeded
    2018:12:21-21:50:28 vm-fw named[4809]: oculus driver teardown
    2018:12:21-21:50:28 vm-fw named[4809]: [tid 4147907440]: [aptp_disconnect]: aptp socket has been disconnected
    2018:12:21-21:50:28 vm-fw named[4809]: [tid 4147907440]: [aptp_exit] APTP cleanup done
    2018:12:21-21:50:28 vm-fw named[4809]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/no_rpz_dlz: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: zone 0.0.127.in-addr.arpa/IN/no_rpz_dlz: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: all zones loaded
    2018:12:21-21:50:28 vm-fw named[4809]: running
    2018:12:21-21:50:28 vm-fw named[4809]: zone localhost/IN/no_rpz_dlz: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: zone 0.0.127.in-addr.arpa/IN/default: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/default: loaded serial 1545425428
    2018:12:21-21:50:28 vm-fw named[4809]: rpz.zone:9: using RFC1035 TTL semantics
    2018:12:21-21:50:28 vm-fw named[4809]: zone rpz/IN/default: zone serial (1345588987) unchanged. zone may fail to transfer to slaves.
    2018:12:21-21:50:28 vm-fw named[4809]: rpz: (re)loading policy zone 'rpz' changed from 1 to 1 qname, 0 to 0 nsdname, 2084 to 2084 IP, 0 to 0 NSIP, 0 to 0 CLIENTIP entries
    2018:12:21-21:50:28 vm-fw named[4809]: zone rpz/IN/default: loaded serial 1345588987
    2018:12:21-21:50:28 vm-fw named[4809]: zone localhost/IN/default: loaded serial 1545425428
    2018:12:21-21:53:20 vm-fw named[4809]: [tid 4147907440]: [aptp_connect]: aptp socket connect succeeded
    2018:12:21-21:53:20 vm-fw named[4809]: resolver priming query complete
    2018:12:21-21:55:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-21:58:49 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:00:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:10:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:17:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:17:32 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:20:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:25:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:40:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:42:39 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:47:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-22:47:32 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:00:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:10:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:17:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:17:32 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:20:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:25:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:40:01 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:47:02 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:47:32 vm-fw named[4809]: resolver priming query complete
    2018:12:21-23:55:02 vm-fw named[4809]: resolver priming query complete
    2018:12:22-00:00:01 vm-fw named[4809]: resolver priming query complete

    On the other hand, DNS is apparently working.

Children