Why this syslog message are outputting?

Security Gateway Discussions
Post Reply
ICEMan
Posts: 14
Joined: 11 Oct 2017, 03:20

Why this syslog message are outputting?

Post by ICEMan » 28 Feb 2018, 03:01

Hi

Below logs are outputting Intermittently.

Feb 27 11:54:34 CLV_Master EFW RULE: prio=4 id=06000075 rev=1 event=dns_timeout action=None rule=v4001_CTS_whitelist fqdn_name=FQDN_TEST_SV dir=dest
Feb 27 11:54:49 CLV_Slave EFW RULE: prio=4 id=06000075 rev=1 event=dns_timeout action=None rule=v4001_CTS_whitelist fqdn_name=FQDN_TEST_SV dir=dest

I think this log means that dns_timeout occurred.

But, Actually, dns looks working normally and
The rule works normally using this FQDN object.

CLV_Master:/> dns -query www.testsv.com
www.testsv.com is at 192.168.1.100
CLV_Master:/> dns -cache

Name Status IP Cnt Address
---------------------------------- ---------- ------ --------------------------
FQDN_TEST_SV Resolved 1 www.testsv.com

we are using version 12.00.04

Best Regards

Peter
Posts: 696
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: Why this syslog message are outputting?

Post by Peter » 02 Mar 2018, 14:51

Hello.

Difficult to say for sure what the problem could be. Some ideas.

1. There is a high latency to the DNS server, causing the query to timeout from time to time.
2. There are multiple DNS server used in the query, and the reply from the different DNS servers vary. One DNS server may reply with 3 IP addresses but the other with 4. The change may be logged as a timeout.
2.1. A potential case where this could happen would be if the primary DNS server is slow that the Firewall sometimes use the secondary DNS server and it resolves the address slightly different or with more/less IP addresses.
3. The primary DNS server does not respond, the secondary (or tertiary) server is always used. The log gives a hint that something may be wrong with one or more of the configured DNS servers.

There may be other reasons as well of course, but these are some that we came up with right now.

Best regards
/Peter

ICEMan
Posts: 14
Joined: 11 Oct 2017, 03:20

Re: Why this syslog message are outputting?

Post by ICEMan » 08 Mar 2018, 08:49

Hi perter

Thank you for replying.

It might be necessary getting packet capture.
I will continue to investigate use the official support.

Thank you.

Post Reply