Page 5 of 5 FirstFirst ... 345
Results 41 to 46 of 46
  1. #41
    Newbie
    Join Date
    Apr 2009
    Posts
    10

    Default Re: outbound DNS is blocked

    Disabling the local DNS server on the UT box eliminated this problem. It was enabled by oversight, however - the behavior was still not expected in the configuration.

    Clearly UT is doing something with incoming DNS queries in addition to passing them through when the DNS server is active. This DNS activity is only evident when you have an external interface that happens to be able to route to the internal network, internal DNS servers are configured on the external interface, and the local DNS server is enabled.

  2. #42
    Untanglit
    Join Date
    Mar 2009
    Posts
    23

    Default More DNS Wierdness

    Today at roughly 2pm the system was working fine. Sometime between 2pm and 9pm DNS queries stopped working.

    At 10pm I tracked down DNS problems to Untangle. It was blocking any request from any machine on the network to any DNS server outside the network.

    After disabling Firewall, Intrusion Protection, Attack Blocker, and Protocol Control and rebooting, and having DNS still blocked, I managed to get internet access by enabling the Untangle DNS server and using that. Prior to those troubleshooting steps, nothing had been changed on Untangle for weeks.

    Bypassing Destination UDP Port 53 resolved the problem. Thank you Darth-Nul for the solution/band-aid.

    I don't intend to troubleshoot mine further. When 6.2 is released I will do a fresh install and reconfigure by hand rather than import the backed up configuration. I also will expect further weirdness. While I find Untangles benefits outweigh its bugs, I do find it buggy. Logs missing/not being updated. DNS suddenly being blocked. Configuration changes made on a remote Untangle being implemented locally, local quarantine users showing up in the quarantine of a remote Untangle system I'd managed remotely, even when that system is managed locally. That sort of thing. And no, I'm not making it all up, and no I am not a completely clueless n00b. Shrug.

  3. #43
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    719

    Default

    Had a recent similar situation. It resolved itself when we added the internal DNS server to the exceptions list on the attack blocker. Only place where we have configured this in over 2 dozen locations.

    Similar to your description everyday, Like clockwork, around 3pm DNS would stop working and some traffic to the internal AD/DNS server would stop working. Band-aid fix was to bounce UT or the switch UT was plugged into.

  4. #44
    Newbie
    Join Date
    Jun 2009
    Posts
    1

    Default

    UT does not let my internal DNS server query any outside DNS servers except for the two DNS servers that are in UT's external interface config. This is not a connectivity issue. My server can ping outside DNS servers but DNS queries to them don't get through.

    I don't need or want UT to be a DNS server, or cache, or proxy, or do anything with DNS, but I don't want it to block any DNS lookups from internal hosts either.

  5. #45
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    lisajob, welcome to the forums.

    as state, untangle treats udp port 53 no different than any other udp traffic.
    I'd suggest running some tcpdumps (do a search) and recording the traffic and analyzing it in wireshark to see where your issue is.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #46
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Red face Similar issue actually result of 192.0.2.0 subnet

    I thought I had this issue until I realized that my ISP does something funny w/ their DNS servers. They use 192.0.2.2 & 192.0.2.253 for their primary & secondary DNS.

    I always thought those looked like private addresses from RFC 1918, but they aren't, because they aren't in the scope of 192.168.0.0/16.

    As it turns out, my problem was that Untangle uses the following addresses itself:

    192.0.2.42 - dummy0
    192.0.2.43 - utun

    which makes my routing table look like this:

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    69.39.19.240 0.0.0.0 255.255.255.240 U 0 0 0 eth0
    192.168.131.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 dummy0
    192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 utun

    Consequently UT thinks that 192.0.2.0/24 is local to it, so it doesn't send it out the WAN interface.

    I guess the problem comes as a result of UT & my ISP both trying to do something tricky by using 192.0.2.0/24, suspecting that almost no one else on the planet uses this subnet in practice.

    Although it doesn't fall under the normal private blocks outlined in RFC 1918, it is set aside for documentation purposes & is not to be used on the public internet, as stated in RFC 3330.

    So it looks like my problem is solved. I'll just use OpenDNS instead of my ISPs (although this is less efficient use of bandwidth and probably not quite as fast).

    Good luck to the rest of you guys still having issues.

    -
    Doug

Page 5 of 5 FirstFirst ... 345

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2