ping: unkonwn host on zywall310

m_b

zyxel-ping dnszone.PNG

zyxel-ping dnsname.PNG

Hi Together,

from Zywall310 i can't ping dns-addresses, with ip-addresses all works fine. In Domain-Zone Forwarding it doesn't matter which ip-address is entered. We have two ISP, but from Zyxels network tool the ping doesn't work with dns-address. When I ping from LAN to internet all works fine. We haven't set up Zyxel as DHCP-Server and DNS-Server, that does a linux server for us, where the nameserver is set to 8.8.8.8 and routing to the zyxel zywall310.

Did anyone have an idea, where the problem comes from? The zywall310 is behind a FritzBox (WAN1) and a unitymedia modem (WAN2).

Best regards m_b

PS: sry my english is not very good.

Zyxel_Jerry

Hi @m_b

Welcome to Zyxel community

It seems the network is working fine on your site, but somehow the linux server cannot parse the domain name (or the DNS query was not forwarded to the defined DNS server?)

You may need to check on your linux server and see if the DNS query packets were sent to the DNS server. If you can see the packets were sent to the linux server, then you should further check the DNS server configurations on the Linux DNS server.

If you didn’t see the DNS packets on the DNS server, you may try to add a policy route from zywall to your DNS server. Here it is the example for your reference.

Go to Configuration > Network > Routing > Policy Route > Add

Source Address : your local subnet

Destination Address : your DNS server

Service : DNS

Next Hop : auto

m_b

Hello Zyxel_Jerry,

i think there was an understanding problem. I have make today a graphik how is our network looking. Then you can see, that only ZyWall310 can't ping to a domain name, and i don't know why. The strange thing is, it doesn't matter which ip-address i enter in the Domain Forwarding Zone. I tried there the google ip and it doesn't work too.

The Zywall ip address are:

WAN1: 192.168.0.2, StG: 192.168.0.1, DNS: 192.168.0.1

WAN2: public ip-address, StG: ip address from unitymedia-modem, DNS: 8.8.8.8

LAN1 (where the linux server is): 192.168.1.1, no StG and no DNS

By the way, we have all in all 4 internal seperate LAN networks, which have their own ip addresses. Only in LAN1 is a Linux Server, which takes care for DHCP and DNS in that network. On the other 3 networks, the DHCP and DNS is handled by the ZyWall, which works well, and the clients in the other 3 networks can ping google.com as good as LAN1 network. By the 3 other networks the DNS is set to FritzBox. Only the Zywall himself can't ping to a domain name like google.com and shows the error "ping: unkown host google.com"

network-graphik.PNG

Zyxel_Jerry

Hi @m_b

Could you try to collect packet on USG device LAN interface to have a check on the packet to see if there is any DNS query forward from USG to the Linux Server on Lan interface?

Here is the step to collect packet on USG device

Go to Maintenance > Diagnostics > Packet Capture < select the Interfaces : lan1 > and click “ Capture”

After try to ping the domain, click “Stop “ and go to Go to Maintenance > Diagnostics > Files to Download the packet-capture file.

zyman2008

Hi @m_b,

I think you can using the NSLOOKUP tool to query both the DNS server(192.168.0.1) of WAN1 & 8.8.8.8

To make sure ZyWALL can resolve IP from both DNS server or not.

m_b

First thanks for your replys. I was two weeks in holliday and today i tested your suggestion zyman2008. If i fill in Query Server the ip addresses 8.8.8.8 or 192.168.0.1 the nslookup is working. If the field is empty i get this message:

"# host -a google.de

Trying "google.de"

;; connection timed out; no servers could be reached"

At the moment i didn't understand what is wrong. Maybe i should do a factory reset and set up the zyxel new?

Best regards

Zyxel_Jerry

Hi @m_b

Can you collect packet on USG device LAN interface for us to check as I mentioned in the previous reply??

m_b

Hey @Zyxel_Jerry,

that is the next step i will do, i hope that i can test it today. At the moment i have a lot of other work.