Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Newbie
    Join Date
    Nov 2016
    Posts
    11

    Question DNS Connectvity Failed - Intermittently

    **Read the sticky afterwards my bad here is the answers
    Bridge or Router Mode: I think router mode, as it sits behind my modem, and in fornt of my devices, with no other router in the mix
    ISP-MODEM---UNTANGLE-----NETOWKR SWITCHES---DEVICES

    Does your network have more than one subnet? : Yes but all devices with the exception of 2 devices populat subnet 1; the other subnet is another site over vpn
    site 1: 192.168.0.0/24
    site 2: 192.168.2.0/24


    Hi all, I’m having issues for the last few days with my setup; Iv been running untangle for a few years never any serious issues, but this has occurred over the last few days and I can’t figure out why;

    my setup is:
    Server: custom
    CPU Count: 4
    CPU Type: AMD A4-6250J APU with AMD Radeon R3 Graphics
    Architecture: amd64
    Memory: 4.07 GB
    Disk: 144.92 GB HDD

    I’m getting regular drops in internet, when I login to untangle I will see dns connectivity failed 8.8.8.8/8.8.4.4
    first I thought the problem was with the ISP, so I rebooted the router, to no avail. I then rebooted the ut box and all was well. for a few more hours and then it happened again.

    I did a search and found a similar thread with the same complaint; forums.untangle.com/networking/42188-dns-connectivity-failed.html

    my symptoms seem to be the same, I performed tracert tests on the drop out and it won’t get past my external ip hop wise, until I reboot the ut box. however, the problem in the post above ended up being hardware, on-board nic to be exact. As my setup has been working flawlessly for such a long time I figured its unlikely to be the same culprit.

    I have no more than 30 active connections behind the firewall, it hosts a few services for outside which are port forwarded appropriately.

    dns is handled by windows server as im running active directory as far as dns config of untangle goes see below;
    Google < GOOGLE DNS
    8.8.8.8

    Virgin1 << ISP DNS
    194.168.8.100

    Virgin2 <<ISP DNS
    194.168.4.100

    mydomain.local <<Windows DNS Server Internal
    192.168.2.112

    I’m also running the following untangle apps;
    • Web filter
    • Virus blocker
    • Web cache
    • Application control
    • Firewall
    • Ad blocker
    • Reports
    • Openvpn
    • Tunnelvpn
    • Intrusion prevention

    Furthermore, DHCP is served via untangle
    Upnp disabled
    bypass rule for DNS port is enabled.
    Management is blocked for any WAN <access rule

    Can’t think of any more information that might be relevant. I have only started having this issue last few days, the only meaningful change I can think of that has been performed is;

    I’m in the process of moving my domain controller from an offsite location, where its joined via site to site with another untangle box, back inside my lan. This mean a creation of a second DC on 192.168.0* which now means I have a dns server that can be used in this site. I didn’t specify the dns server in untangles dns setting because it already points to the offsite dc so it should still work as before, I was going to change once I decommission the old dc. But now I’m having these issues I have stopped. I did notice that previously I had enabled a static route in dns for any of my domain.local dns requests, that would send them too the offsite dc 192.168.2.*, now since I have 2 DC’s active and 2 DNS servers serving the same mydomain.local I removed that static route. Since now AD can send dns requests to either server.

    Since the above is the only recent change I can think of I was starting to think the problem was something to do with those dns servers, however that doesn’t explain why a reboot of untangle would fix the issue.

    I have had this occur once before around a year ago, after I upgraded isp, factory reset and reload of the exact same config resolved the issue, I have tried that again this time to no avail.

    I downloaded the system logs but I don’t know where to start to look for the problem, I can’t seem to see anything that jumps out and screams problem unfortunately.

    The pc its installed on has been running a while and again I’m thinking maybe it’s a hw issue? Every time I check the box physically after an internet drop out all seems to be working fine , network activity blinking away etc. I also thought maybe the amount of reports being generated was battering the spindle hard disk? Maybe that could be the cause, hdd could of suddenly degraded. But that being said this thing is only occurring intermittently if It was a dieing hdd I would expect more of a spectacular failure like not even booting.

    So anyone know where else I can look? As it stands I’m going from 2 hours to 15 hours having to reboot untangle to pick a connection back up. And that’s if I’m working and realise it’s gone. I’ve got a mail server and a few websites behind the box which I can’t afford to be going down multiple times a day.

    Any help will be greatly appreciated
    thankyou
    Last edited by cappilio; 11-20-2020 at 09:23 AM. Reason: added sticky required info

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    Hi.

    Thanks for the detail, it will take time to unpack it all.

    I have some initial observations.
    As my setup has been working flawlessly for such a long time I figured its unlikely to be the same culprit.
    I would suggest that heat and time are the enemies, and after years go by, hardware will start to fail. It doesn't get better.
    Also, catastrophic events like ESD or a lightning strike can break things suddenly, at any time.

    Next, you use the word 'router' interchangeably for the ISP device and NGFW. This is not helpful. It would be helpful if we had a specific model number and connection protocol for the modem.

    Your provided ASCII-art does not show the interfaces with two ISP connections.
    We need a hand-drawn sketch with you network layout. (take a picture of a napkin, post a couple of more times and you will be able to attach it.) Show both ISP devices, IP addresses / subnets, the DC, etc.

    Having two identical connections from the same ISP in itself can be problematic.

    It would be best to avoid the double-NAT situation.

    Although NGFW does need a DNS service on the WAN connected to the Internet, the administrative alert you receive on the NGFW GUI should not break the Internet for the rest of the network. A windows server should have that DNS role in a Microsoft ecosystem.
    Last edited by Jim.Alles; 11-20-2020 at 10:32 AM.

  3. #3
    Newbie
    Join Date
    Nov 2016
    Posts
    11

    Default

    Hi Jim

    Thank you, Ok Firstly sorry for the terrible asci representation of my network it caught me off guard with no time to draw anything up, I have created a new one that is a little more detailed and hopefully reflects my network layout better, it’s not professional by any means so forgive the MS paint look.

    Quote Originally Posted by Jim.Alles View Post
    I have some initial observations.
    I would suggest that heat and time are the enemies, and after years go by, hardware will start to fail. It doesn't get better.
    Also, catastrophic events like ESD or a lightning strike can break things suddenly, at any time.
    I appreciate all this, and I’m sure this is could be a possibility, but personally think that’s a lot less likely considering ifs working sometimes / sometimes not. I have seen faulty NICS before which normally result in 0 connectivity or at least packet drop, I’m not ruling this out and I will circle back to it if we rule out everything else. I just think its more likely config though.

    Quote Originally Posted by Jim.Alles View Post
    Next, you use the word 'router' interchangeably for the ISP device and NGFW. This is not helpful. It would be helpful if we had a specific model number and connection protocol for the modem.
    Sorry my fault, it’s because the device in particular I am referring to comes from the ISP as standard in its default configuration it is a "router" in my case it's switched to "modem mode" so it’s not actually acting like a router, just a regular cable modem, just so use to calling it one even when that’s not what it’s doing.


    Quote Originally Posted by Jim.Alles View Post
    Your provided ASCII-art does not show the interfaces with two ISP connections.
    We need a hand-drawn sketch with you network layout. (take a picture of a napkin, post a couple of more times and you will be able to attach it.) Show both ISP devices, IP addresses / subnets, the DC, etc.
    Ok so my terrible ASCII drawing problem made this a little confused here, in hindsight I should of probably not mentioned the other site that connected via site to site vpn as I don’t think its relevant, however considering it houses one of the DC's I thought best to be as detailed as possible and complete. just to be clear all my connectivity problems are in "site1", hopefully again the new diagram makes that a little clearer.

    Quote Originally Posted by Jim.Alles View Post
    Having two identical connections from the same ISP in itself can be problematic.

    It would be best to avoid the double-NAT situation.
    Sorry again this must be missed confusion with my crap drawing, we have only 1 ISP per site, and 1 modem. they are linked via IPSEC vpn tunnels.

    Quote Originally Posted by Jim.Alles View Post
    Although NGFW does need a DNS service on the WAN connected to the Internet, the administrative alert you receive on the NGFW GUI should not break the Internet for the rest of the network. A windows server should have that DNS role in a Microsoft ecosystem.
    Ok so at the moment, my NGFW has my 2 isp dns servers listed, 1 for google just because and lastly it has my internal dns server for AD requests etc. Are we saying here I should have “0” dns configured in NGFW at all? and only use the windows dns servers to answer the requests?

    Thank you for all the assistance


    Diagram: diagram-poor-attempt-in-paint.JPG
    Last edited by cappilio; 11-20-2020 at 04:57 PM. Reason: realised i adderessed the person by forum ranking not name, my bad jim
    Jim.Alles likes this.

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    One part I don't understand is this:

    dns is handled by windows server as im running active directory as far as dns config of untangle goes see below;
    Google < GOOGLE DNS
    8.8.8.8

    Virgin1 << ISP DNS
    194.168.8.100

    Virgin2 <<ISP DNS
    194.168.4.100
    EDIT
    We can't tell what you are using where.

    Also, the 192.168.n.n DNS servers suggests to me you are pointed at the modems, AND they are not in bridge mode AND you are doing double-NAT.


    Ok so at the moment, my NGFW has my 2 isp dns servers listed, 1 for google just because and lastly it has my internal dns server for AD requests etc. Are we saying here I should have “0” dns configured in NGFW at all? and only use the windows dns servers to answer the requests?
    Oops, I missed your clarification at first.
    The subnets are confusing, 192.168.4.0/24 and 192.168.8.0/24 are not mentioned in the drawings.

    I don't understand where you are putting 4 DNS server entries into NGFW, there are fields for exactly 2 server IP addresses in the External Interface configuration screen.

    There is no reason to have NGFW looking at your internal dns server for AD requests etc. because nothing should be looking at NGFW for DNS.

    NGFW must have an external DNS server on the Internet for its own purposes, I would pick one DNS supplier for both entries. OpenDNS would be like
    208.67.220.220
    208.67.222.222

    What is the connection medium to the ISP?
    cable?
    DSL?
    Fiber?
    Last edited by Jim.Alles; 11-21-2020 at 01:09 PM.

  5. #5
    Newbie
    Join Date
    Nov 2016
    Posts
    11

    Default

    Update so it doesn't seem to have dropped out as regular over the last two days. I have noticed it's gone, logged into ngfw, see the usual error DNS connectivity in the top right corner.

    Weird thing is, it's now resolving it's self without a reboot. So maybe DNS issue after all? Noticed that while this was occuring ngfw responsiveness wasn't exactly as it is normal. As soon as I noticed the UI speed up again my connectivity issue resolved it's self.

    Since I'm browsing to ngfw via local IP I can't blame the slowness on DNS, so maybe ngfw is overloading after all or getting to busy at least? Where would I look to see logs of this? If it would even record such issues?

  6. #6
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    A request, let's now switch to screenshots of NGFW configuration screens, rather than descriptions.

  7. #7
    Newbie
    Join Date
    Nov 2016
    Posts
    11

    Default

    Quote Originally Posted by Jim.Alles View Post
    A request, let's now switch to screenshots of NGFW configuration screens, rather than descriptions.
    Ok no problem, not sure exactly what in particular you are looking for in regards to screenshots, I have taken the liberty of guessing and provided some below, should you need any additonal please let me know,

    Site 1 NGFW:
    metwork-intrface-summary.JPG
    WAN_Detailed_interface.JPG
    LAN_Detailed_interface.JPG
    dns_servers.JPG
    Bypass_Rules_INC_53.JPG

    i did have one more screenshot showing Advanced > DNS/DHCP, but i cant upload ude to 5 image resitrctions, it merely shows; "dhcp-boot=undionly.kpxe,,192.168.0.196" which is a line of config used to enable PXE Booting from FOG.

    I did make a video of the issue occrung, and me logging into NFGW at the same time via my mobile phone, as i said UI was very unresponsive, network interfaces page took a good 2 minuites to load. as soon as that returned to being "snappy" behaving at the speeds im use to, the dns issue went away. Was going to post the video but i dont fancy blurring my ip adderess out in powerdirector much. so hopefully the description works. thankyou



    **Edit , sorry Jim totally missed your post above, will try and adderess the points raised here;
    Quote Originally Posted by Jim.Alles View Post
    One part I don't understand is this:



    EDIT
    We can't tell what you are using where.

    Also, the 192.168.n.n DNS servers suggests to me you are pointed at the modems, AND they are not in bridge mode AND you are doing double-NAT.
    - There in NO Double NAT'ing as far as im aware, for dns majority fo ym devices will have 2 dns servers set "192.168.0.1"-NGFW & "192.168.2.112" Microsoft DNS Server.

    Now it was my understanding, which could be wrong, that if a client on my network wanted to visit say "www.ihatemylife.com" in my current config the dns request would go to NGFW, ngfw would use the list of dns servers as shown in the screenshot above. obviously it will get an ip from either of the external dns servers listed, virgin media or google. if that DNS request was internal, it would first try the external dns servers get no info, and then try the internal windows dns and be able to resolve the ip address, but i could be wrong here or get this configured incorrectly?




    Quote Originally Posted by Jim.Alles View Post
    Oops, I missed your clarification at first.
    The subnets are confusing, 192.168.4.0/24 and 192.168.8.0/24 are not mentioned in the drawings.
    --Sorry if you look at the Diagram the subnet's are in RED Writing in each Rectangle, each rectangle representing a site, so we have 2 subnets one per site "192.168.0.0/24 and 192.168.2.0/24"



    Quote Originally Posted by Jim.Alles View Post
    There is no reason to have NGFW looking at your internal dns server for AD requests etc. because nothing should be looking at NGFW for DNS.

    NGFW must have an external DNS server on the Internet for its own purposes, I would pick one DNS supplier for both entries. OpenDNS would be like
    208.67.220.220
    208.67.222.222
    Ok so my issue here could be NGFW looking to my internal DNS server? so remove that and keep say google only? or isp only? - isp ones are a little slow.

    Quote Originally Posted by Jim.Alles View Post
    What is the connection medium to the ISP?
    cable?
    DSL?
    Fiber?
    Site1: So you can see from the diagram, the NGFW boxes connect by gigabit link to the "modem" the modem connects to the ISP via Copper Coax Cable, to the isp equipment on my street from there its Fibre. 500down / 40up

    Site 2: - 40down/40up
    Last edited by cappilio; 11-22-2020 at 04:57 AM.
    Jim.Alles likes this.

  8. #8
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    This is for rapid response, I am not done chewing on it.

    I would remove all entries From [DNS Server] Domain DNS servers. There isn't any reason for them being there.
    However, in that table you have 192.168.4.100 and 192.168.8.100. This also does not make sense since these two IP addresses do not fall in the "192.168.0.0/24 and 192.168.2.0/24" subnets.

  9. #9
    Newbie
    Join Date
    Nov 2016
    Posts
    11

    Default

    Where are you see'ing 192.168.8.100 and 192.168.4.100? I think
    I think your refering to the "virgin media" DNS servers that are actually "194.168".4.100 and 8.100.

    As stated in my diagram and the LAN/inside config page

    192.168.0.0/24 is where I'm having the problems , the other site is 192.168.2.0/24


    I will remove all DNS entry's from the NGFW list.

  10. #10
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    Quote Originally Posted by cappilio View Post
    Where are you see'ing 192.168.8.100 and 192.168.4.100? I think
    I think your refering to the "virgin media" DNS servers that are actually "194.168".4.100 and 8.100.
    Indeed, my bad eyes!
    Thanks, sorry we had to argue that.
    Last edited by Jim.Alles; 11-22-2020 at 09:02 PM.
    If you think I got Grumpy

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2