About alpha1.rpc.cubs.zyxel.com

xbolshe
xbolshe Posts: 10
Friend Collector First Comment
edited August 2021 in Security
VPN50 V5.02(ABHL.0)

My VPN50 router performs a DNS resolving of alpha1.rpc.cubs.zyxel.com.mydomain.com. It is strange. Because this resolve is failed, it tries to find the following addresses:
 _.com.mydomain.com
_.zyxel.com.mydomain.com
 _.cubs.zyxel.com.mydomain.com
_.rpc.cubs.zyxel.com.mydomain.com

This situation is happened when:
System Name: mySubdomain.mydomain.com
Domain Name: <empty>

I cannot setup Domain Name, because several problems with e-mail from VPN50 will be (like Email Daily Report).

Is it possible to fix a suffix usage like mydomain.com for alpha1.rpc.cubs.zyxel.com ?













All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited August 2021
    @xbolshe
    Regarding to your description, 
    in my understanding, the "alpha1.rpc.cubs.zyxel.com " was created on the PTR record, and
    mydomain.com created on domain name.
    However, the FQDN"alpha1.rpc.cubs.zyxel.com.mydomain.com" cannot be resolved?
    Also, I just curious that related with issue of domain name, what exactly issue of Email daily report did you face?

    As my case,
    couple settings combined could achieve, for example, if hostname is test.mydomain.com
    Configure domain name of USG
    On System -> Host Name, key in a domain name.(not fill in the system name)
    USG DHCP service will offer the Domain Name as DNS suffix for clients


    Add hostname into DNS



    Then the FQDN: test.mydomain.com can be resolved.

  • xbolshe
    xbolshe Posts: 10
    Friend Collector First Comment
    As I understand, VPN50 uses alpha1.rpc.cubs.zyxel.com for some internal processes (a logic of Zyxel  VPN50's developers). I do not use DNS records with *.zyxel.com. And it is strange to add my domain name to this address. Of course FQDN "alpha1.rpc.cubs.zyxel.com.mydomain.com" cannot be resolved, because it does not exist definitely.

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited August 2021

    @xbolshe

    Regarding to this issue, we will address this symptom, and just confirm with you that was this device managed by Orchestrator(SD-Wan)?

    Otherwise, can you share more information what exactly issue did you face? And for investigating further, (If device managed by Orchestrator) please help to add both account access into this site.

    - cso_security@zyxel.com.tw 

    - sdwan-its@zyxel.com.tw


  • No, I do not use SD-WAN. It is just a stand-alone VPN50 device. I found the problem looking into DNS traffic that goes from VPN50's WAN interface (there is no such traffic on LAN interfaces) to DNS server, where mydomain.com is hosted. "mydomain.com" is just hided my domain name. I have found that there are DNS requests with "alpha1.rpc.cubs.zyxel.com.mydomain.com" domain name from VPN50 as well as like "_.rpc.cubs.zyxel.com.mydomain.com".





  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    edited September 2021
    @xbolshe
    From my lab, VPN device is truly doing the DNS query to FQDN: alpha1.rpc.cubs.zyxel.com.
    We will check it.

    However, following the setting you mentioned  " configure 
    System Name: zyxel.cso.com", then packet capture on wan interface.
    From my lab, the packet only appear alpha1.rpc.cubs.zyxel.com without zyxel.cso.com.
    Therefore, can you private message the configuration to me for fully test?

Security Highlight