ping: unkonwn host on zywall310

m_b
m_b Posts: 4  Freshman Member
First Comment Friend Collector Third Anniversary
edited April 2021 in Security
zyxel-ping dnszone.PNG
zyxel-ping dnsname.PNG

Hi Together,

from Zywall310 i can't ping dns-addresses, with ip-addresses all works fine. In Domain-Zone Forwarding it doesn't matter which ip-address is entered. We have two ISP, but from Zyxels network tool the ping doesn't work with dns-address. When I ping from LAN to internet all works fine. We haven't set up Zyxel as DHCP-Server and DNS-Server, that does a linux server for us, where the nameserver is set to 8.8.8.8 and routing to the zyxel zywall310.

Did anyone have an idea, where the problem comes from? The zywall310 is behind a FritzBox (WAN1) and a unitymedia modem (WAN2).

Best regards m_b

PS: sry my english is not very good.

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,318  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @m_b

    Welcome to Zyxel community

    It seems the network is working fine on your site, but somehow the linux server cannot parse the domain name (or the DNS query was not forwarded to the defined DNS server?)

    You may need to check on your linux server and see if the DNS query packets were sent to the DNS server. If you can see the packets were sent to the linux server, then you should further check the DNS server configurations on the Linux DNS server.

    If you didn’t see the DNS packets on the DNS server, you may try to add a policy route from zywall to your DNS server. Here it is the example for your reference.

    Go to Configuration > Network > Routing > Policy Route > Add

    image003.png

    Source Address : your local subnet

    Destination Address : your DNS server

    Service : DNS

    Next Hop : auto

    image002.png


  • m_b
    m_b Posts: 4  Freshman Member
    First Comment Friend Collector Third Anniversary
    edited February 2020

    Hello Zyxel_Jerry,

    i think there was an understanding problem. I have make today a graphik how is our network looking. Then you can see, that only ZyWall310 can't ping to a domain name, and i don't know why. The strange thing is, it doesn't matter which ip-address i enter in the Domain Forwarding Zone. I tried there the google ip and it doesn't work too.

    The Zywall ip address are:

    WAN1: 192.168.0.2, StG: 192.168.0.1, DNS: 192.168.0.1

    WAN2: public ip-address, StG: ip address from unitymedia-modem, DNS: 8.8.8.8

    LAN1 (where the linux server is): 192.168.1.1, no StG and no DNS

    By the way, we have all in all 4 internal seperate LAN networks, which have their own ip addresses. Only in LAN1 is a Linux Server, which takes care for DHCP and DNS in that network. On the other 3 networks, the DHCP and DNS is handled by the ZyWall, which works well, and the clients in the other 3 networks can ping google.com as good as LAN1 network. By the 3 other networks the DNS is set to FritzBox. Only the Zywall himself can't ping to a domain name like google.com and shows the error "ping: unkown host google.com"

    network-graphik.PNG


  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,318  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @m_b

    Could you try to collect packet on USG device LAN interface to have a check on the packet to see if there is any DNS query forward from USG to the Linux Server on Lan interface?

    Here is the step to collect packet on USG device

    Go to Maintenance > Diagnostics > Packet Capture < select the Interfaces : lan1 > and click “ Capture

    image 001 how to capture packet on USG.png

    After try to ping the domain, click “Stop “ and go to Go to Maintenance > Diagnostics > Files to Download the packet-capture file.

    image002 how to download the capture files.png


  • zyman2008
    zyman2008 Posts: 223  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary

    Hi @m_b,

    I think you can using the NSLOOKUP tool to query both the DNS server(192.168.0.1) of WAN1 & 8.8.8.8

    To make sure ZyWALL can resolve IP from both DNS server or not.

    image.png


  • m_b
    m_b Posts: 4  Freshman Member
    First Comment Friend Collector Third Anniversary

    First thanks for your replys. I was two weeks in holliday and today i tested your suggestion zyman2008. If i fill in Query Server the ip addresses 8.8.8.8 or 192.168.0.1 the nslookup is working. If the field is empty i get this message:

    "# host -a google.de

    Trying "google.de"

    ;; connection timed out; no servers could be reached"

    At the moment i didn't understand what is wrong. Maybe i should do a factory reset and set up the zyxel new?

    Best regards

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,318  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @m_b

    Can you collect packet on USG device LAN interface for us to check as I mentioned in the previous reply??

  • m_b
    m_b Posts: 4  Freshman Member
    First Comment Friend Collector Third Anniversary

    Hey @Zyxel_Jerry,

    that is the next step i will do, i hope that i can test it today. At the moment i have a lot of other work.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)