Connectivity Check on interface with domains

PeterUK
PeterUK Posts: 3,262  Guru Member
100 Answers 2500 Comments Friend Collector Seventh Anniversary
edited July 2023 in Security

VPN 300 V5.36(ABFC.2)

Using ge3 VLAN443 external

I get this every now and then about every 30 mins I have checked my DNS by Wireshark and can see the DNS answers being sent to the VPN300 on VLAN53 (DNS to my BIND has its own VLAN)

DNS forwarder

192.168.53.12 to BIND and 192.168.53.4 USG60

set with bounceme.net and no-ip.org with when probe succeeds when any one

here is another example

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Third Anniversary

    Dear @PeterUK

    Could you share your topology with us? It's convenient for us to understand your finding. Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • PeterUK
    PeterUK Posts: 3,262  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 2023

    It works for like 30 mins then does a DNS lookup and gets answer from BIND but the VPN300 choose not to accept the answer at times

    Here you go

  • PeterUK
    PeterUK Posts: 3,262  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 2023

    I'm not 100% sure I found the reason but I tried on FLEX200 and was not seeing a problem. I then added some WILDCARD FQDN in a group:

    *googlevideo.com

    *steamcontent.com

    *yahoo.com

    *youtube.com

    enabled BWM with a rule with that group then started seeing a problem.

    So a bug for DNS when the USG snoops DNS answers for WILDCARD FQDN?

Security Highlight