Page 1 of 3 123 LastLast
Results 1 to 10 of 28
  1. #1
    Newbie
    Join Date
    Mar 2008
    Posts
    7

    Default Untangle blocking DNS

    I have untangle running in bridge mode. Here is a quick and dirty network diagram.

    ADSL router - Untangle - local server - internal network.

    The internal server is an all-in-one box. Mail, dhcp, dns, file server etc.

    The Untangle box is setup mostly stock, with Spam control, and virus blocker running.

    Everything runs great (for hours at a time), and then it stops allowing outgoing DNS traffic. NSLookups to the local server only work if the can be answered by the local server (cached or local zone). Any new names can not be resolved. Outgoing traffic by IP address works though.

    A reboot of Untangle fixes the problem.

    Any ideas?

    Thanks in advance,
    Chris

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    welcome to the forums!

    are you sure is isn't just blocking all traffic?

    what I would do is get on the untangle server itself and drop to a terminal.

    try 'host google.com'
    try 'ping 4.2.2.1'
    and see if it still have connectivity/DNS.

    next check the load and memory usage:
    'cat /proc/loadavg' or 'top'
    'cat /proc/meminfo' or 'free -m'

    what kind of hardware are you using?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Mar 2008
    Posts
    7

    Default

    I pulled it out of the client network so I didn't get to check the load.

    When the issue was happening pings to IP addresses would work, I could still VPN into the network and use the web interface fine. But no dns requests could be made.

    The box is an older P4 2.66Ghz HP desktop machine.

    Now that I have the machine at the office, I'm going to see if I can recreate the issue. I'll post the results soon.

    Thanks,
    Chris

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    also, check the attack blocker event log for any blocking
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untanglit
    Join Date
    Apr 2008
    Posts
    27

    Default

    We had a similar experience, we found that after several hours incoming DNS requests (from the Internet) would stop being answered but internal DNS would keep working.

    We disabled just the Attack Blocker and things have been fine. We know our external DNS gets hammered, along with our edge email server, so it's not surprising the box thinks they are being 'attacked', I have yet to dig into that module any further to figure out if we cant tune it, but really, if you have public-facing servers, expect 'attacks'.

  6. #6
    Untangle Ninja Silver Bullet's Avatar
    Join Date
    Sep 2007
    Posts
    2,008

    Default

    Did you disable it by editing the untangle-vm file?

    Not sure what version you are running. But, version 5.1 and up allow for creating Attack Blocker exceptions. One exception option is giving certain IP addresses unlimited access.

  7. #7
    Untanglit
    Join Date
    Apr 2008
    Posts
    27

    Default

    hmmm, it seems our problem may actually be related to the Protocol Filter. I had it and the attack blocker disabled for days, no problem, I enabled the Protocol filter yesterday, and by this morning our DNS won't answer again.

    The atttack blocker is still turned off though. WTH?

  8. #8
    Newbie
    Join Date
    Mar 2008
    Posts
    7

    Default

    When the box was at the client site and I was having this problem, I turned off everything (using the power buttons). DNS was still blocked.

    Does attack blocker work even if it's turned off?

  9. #9
    Untangle Ninja Silver Bullet's Avatar
    Join Date
    Sep 2007
    Posts
    2,008

    Default

    Quote Originally Posted by Mills888 View Post
    Does attack blocker work even if it's turned off?
    Yes. The power button doesn't disable Attack Blocker. It just turns the module off. The module is for viewing events and setting exceptions.

  10. #10
    Newbie
    Join Date
    Mar 2008
    Posts
    7

    Default

    One last question.

    I'm going to do a fresh install, ONLY spam, and ONLY reports. No anti-virus, no attack blocker... NOTHING.

    Is there any reason, or explanation, if the problem returns and Untangle starts blocking DNS again?

    I'd like to thank everyone that has replied.

    Chris

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2