Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25
  1. #21
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    Quote Originally Posted by sky-knight View Post
    Because it's DNS based, the upstream DNS servers you're using may have cached a lookup, and aren't bothering to ask the filter for an answer.
    The problem was asking the filter directly the categorization of penthouse.com. It said News only long after it should have updated.

    And that's the remaining rub. I get that these things happen. If Web Filter responds to corrections and updates relatively quickly, that's about all anyone can ask (assuming upstream mistakes aren't commonplace). If the filter takes hours to update under some (currently unknown) circumstances, then it would be nice to know why, for obvious reasons. Categorizing google.com as a malware distribution point is frustrating but harmless, categorizing a malware distribution point as News (or whatever benign category) is another thing altogether. Mistakes happen, but are they reliably being corrected in a timely manner at the NGFW end? That's what's unclear to me, because there is some evidence that it's not happening as described.

  2. #22
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,024

    Default

    It's not unknown at all.

    Web Filter itself has a cache you can reset, that's step one. But because the engine itself is tied to DNS, there's nothing stopping upstream DNS servers from caching results and handing bad data back to Untangle.

    I've not had an issue that clicking the cache clear button in web filter hasn't immediately fixed in ages, but I also use Google DNS or OpenDNS on most Untangle servers. If I need spam blocker I redirect the lists that won't work on those servers to my own VPS that does the looking.

    It's DNS, that's all... which is infuriating at times. Bad DNS lookups being cached are a huge pain in the rear, and relatively common.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #23
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    Quote Originally Posted by sky-knight View Post
    It's not unknown at all.
    I think my point is that a DNS problem is nowhere described early on as potentially delaying cache updates, despite clear evidence that the cache problem had compounded the miscategorization problem in this case. After all, it took only five minutes for the original problem to be corrected once it was known. It took at least two NGFWs hours to get the good news.

    Quote Originally Posted by dmorris View Post
    The cache sounds to be working correctly....

    The categorization service sends at cache time with the response that tells the server to cache the result for some period of time.

    There is no need to flush the cache manually - it automatically cleans itself. If you want to force it now, the button is there to do so.
    No mention of DNS here. If someone had said early on, "Well, this can happen at any time. DNS is the culprit. We recommend occasional manual refreshes of the cache if there is any doubt." That never came up for the first days of this thread's life, leaving the impression that the cause of the problems a couple NGFWs experienced is not known.

  4. #24
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,024

    Default

    I wanted to point out that the DNS basis for Web Filter was well known, and indicated in the wiki but it's not... At least not directly, the language of the article has DNS fingerprints all over it, but that's terribly easy to miss.

    So the only thing I've got is that I didn't point this out sooner because I was on vacation last week.

    Untangle is horribly tied to DNS health, almost as much so as Active Directory. Everyone should keep that in mind.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #25
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    I hope you had a great vacation. Thanks for getting us to some better understanding of why things don't always work as expected in Web Filter.

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2