Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32
  1. #1
    Untanglit
    Join Date
    Feb 2018
    Posts
    29

    Default DNS categorization query alert

    I'm running v13.1.1 of Untangle. The Web Filter app is installed but not configured or running (the power button is gray, not green). Still I am getting the admin alert that says "Web Filter is installed but a DNS server (X, Y) fails to resolve categorization queries." I get one alert for each of two DNS servers in my config. Both belong to Comcast (75.75.75.75 and 75.75.76.76) and are assigned via DHCP on my external interface. So...

    1) Since Web Filter isn't running, why am I getting this alert?

    2) Since Web Filter isn't running, do I need to worry about this?

    3) If I don't need to worry about the alert, how do I clear it? Do I need to uninstall the Web Filter app?

    4) If I do need to heed the warning about this configuration slowing web traffic, what do you suggest? I am using my ISP's DNS server, which is the recommended setting. Should I ignore this recommendation and switch to OpenDNS or some other public DNS server?

    Tnx! ~bd

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    6,662

    Default

    Quote Originally Posted by bdoster View Post
    Both belong to Comcast (75.75.75.75 and 75.75.76.76) and are assigned via DHCP on my external interface. So...
    BTW, you can enter new DNS entries to override the DHCP DNS offered by Comcast.

    Quote Originally Posted by bdoster View Post
    1) Since Web Filter isn't running, why am I getting this alert?
    The test are run independent of Web Filter on login. The tests only look to see if the app is installed.

    Quote Originally Posted by bdoster View Post
    2) Since Web Filter isn't running, do I need to worry about this?
    No worry.

    Quote Originally Posted by bdoster View Post
    3) If I don't need to worry about the alert, how do I clear it? Do I need to uninstall the Web Filter app?
    Uninstalling it and refreshing the browser on the dashboard page will re-run the tests.

    Quote Originally Posted by bdoster View Post
    4) If I do need to heed the warning about this configuration slowing web traffic, what do you suggest? I am using my ISP's DNS server, which is the recommended setting. Should I ignore this recommendation and switch to OpenDNS or some other public DNS server?
    Any public DNS server will have times when they are overloaded and have slow responses to DNS request. I can't comment on OpenDNS since I don't use it or test it. I use a paid private DNS server just to avoid these slowdowns.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Feb 2018
    Posts
    29

    Default

    Thank you for your reply.

    BTW, you can enter new DNS entries to override the DHCP DNS offered by Comcast.
    True, but searching here on 'override DNS' turns up a page recommending not to do so and recommending use of one's ISP's DNS servers. I suppose if I were running Web Filter, I might want to ignore that suggestion due to the categorization issue. Other than that though, are there good reasons not to use the Comcast DNS servers?

    Uninstalling it and refreshing the browser on the dashboard page will re-run the tests.
    Is there any other way (save changing DNS servers) to clear and/or suppress these alerts. I would prefer simply not to see them since they are irrelevant to anything I am actually doing.

  4. #4
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    427

    Default

    Quote Originally Posted by bdoster View Post
    Is there any other way (save changing DNS servers) to clear and/or suppress these alerts.
    I experience these alerts infrequently and to my knowledge there is no way to clear them so long as the alert condition exists. If the conditions change, they will disappear on their own (maybe a page refresh; I'm not sure).

    There is a "layered" approach to DNS that might help improve resolution time on your clients (if you're concerned about that). You can push an alternative DNS to clients via DHCP. I use that capability to send a "security solution" DNS to clients while sticking with the recommended ISP DNS for Untangle itself.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,276

    Default

    The condition that alert is warning you about is a pretty substantially serious DNS fault. I'd be configuring Untangle to use reliable DNS servers regardless of what modules I'm running.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untanglit
    Join Date
    Feb 2018
    Posts
    29

    Default

    I am pushing Untangle as the DNS server to DHCP clients, letting it do its thing as a DNS caching server. The alerts for the Comcast servers first appeared a week or so ago, and do not clear with page refreshes or logouts/logins to Untangle. It looks like they may have updated something on their DNS servers which broke categorization.

    If not using Comcast's DNS, are there recommended publicly available alternatives? Or does "publicly available" infer "play at your own risk"?

  7. #7
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    427

    Default

    Quote Originally Posted by bdoster View Post
    If not using Comcast's DNS, are there recommended publicly available alternatives? Or does "publicly available" infer "play at your own risk"?
    Yes, and no. There are a few that turn up here as trustworthy and often used. I've used both OpenDNS and (currently) Quad9 for clients, both with satisfaction.

    For more choices, some of which are used by people here, see: https://www.lifewire.com/free-and-pu...ervers-2626062
    Last edited by Sam Graf; 02-10-2018 at 10:11 AM.

  8. #8
    Untanglit
    Join Date
    Feb 2018
    Posts
    29

    Default

    Thanks for the link - it's quite helpful. However, I am now having trouble getting new DNS server settings to stick. I can edit the Primary and Secondary DNS Override settings on my WAN interface, click Done, and even renew the lease and all looks good. But if I click the Refresh button on Config --> Network --> Interfaces page, or logout and login, the settings revert to the Comcast servers. Any idea what the problem might be? If I need to move this to a more appropriate forum, I can do so. Thanks.

  9. #9
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    427

    Default

    Hmm… That's my experience, too. The wiki says:
    If set, this will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP)
    But the setting doesn't seem to stick, as you are pointing out. Perhaps this is a bug (13.1.1)?

    EDIT: /me smacks himself in the head with a rolling pin. We have to save the change in the interface dialogue.

    EDIT 2: That was good experience, though. I used the Quad9 DNS just to test the override and Untangle immediately complained about it being slow. That doesn't surprise me. I think it's fine for clients, but not for Untangle's purposes.
    Last edited by Sam Graf; 02-10-2018 at 06:50 PM.

  10. #10
    Untanglit bluechris's Avatar
    Join Date
    May 2016
    Posts
    29

    Default

    I use opendns as extra precaution and untungle moans about it constantly for my both wan lines, i ignore it and all working fine offcourse.

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2