DNS proxy is badly broken in V1.31
Guru Member
USG FLEX 200H V1.31(ABWV.0)
I have DNS from my ISP 194.168.4.100 and 194.168.8.100 on auto Forwarder which a block upstream with a switch ACL and have Forwarder 192.168.53.2 which goes to my BIND resolve its not a problem
I have VLAN 53 on P5 internal 192.168.53.1/27 with Secondary IP 192.168.53.14, 192.168.53.26, 192.168.53.6
Test PC's on VLAN47 P8 192.168.255.39/255.255.255.240
192.168.255.44 and in VirtualBox 192.168.255.43
I know it not my DNS server as I can bypass with NAT and routing rules what really odd is I see DNS to my server and yet these packets are some how not valid same thing as case #446011 which I think has to do with FCS not being added which you can't see in Wireshark and the NIC drops them
Accepted Solution
-
Ok but something does not add up…so found the cause it was a routing rule incoming zywall next hop VLAN443 to do with another thing Ok and yes that would cause the problem but before I went to V1.31 my config was for that rule:
/ vrf "main" routing policy-route rule "VLAN443"
/ vrf "main" routing policy-route rule "VLAN443" "enabled" "false"then when to V1.31 it changed to
/ vrf "main" routing policy-route rule "VLAN443"
/ vrf "main" routing policy-route rule "VLAN443" "enabled" "true"So now I have modified that rule with Destination Address *.zyxel.com and the other problem to do with the trunk now seems to work plus DDNS too!
0
All Replies
-
So the only DNS that will work on V1.31 is by a interface with DHCP that the DNS gets added to Forwarder and maybe only DNS IP's that are in the same subnet as the IP you get be DHCP
0 -
i confirm that with 1.31 i have to set dns server manually on computer, not working with dhcp server (controlled by flex 200h)
0 -
Okkkkk.....this was odd so I wanted to do a sanity with my other firmware slot which had V1.21(ABWV.0)ITS-24WK43-1022-241001089 it tested fine for the DNS proxy then updated that slot to V1.30(ABWV.1)ITS-24WK47-m6271 again no problems then I booted to the firmware slot with V1.31(ABWV.0) and NOW IT WORKS! Nothing was changed😦
Update
So just to be sure I rebooted V1.31 again and Now DNS proxy broken again rebooted again still not working so now I'm going to boot back to the other slot test then boot back to V1.31 and see what happens…
update hmm still broken…I wonder if I unplug P8 to the test PC reboot USG wait then connect P8 to see if that works…nope still broken let me unplug the LAN to UI and VLAN53 port too and wait for it to boot…nope unplug WAN port to see if boot up auto add DNS is a problem…still no dice…what if I remove all forwarders reboot add it back in after reboot….and NOW it works!
So workaround remove added DNS forwarders reboot add them back @Asgatlat can you see if that works for you?
0 -
Ok but something does not add up…so found the cause it was a routing rule incoming zywall next hop VLAN443 to do with another thing Ok and yes that would cause the problem but before I went to V1.31 my config was for that rule:
/ vrf "main" routing policy-route rule "VLAN443"
/ vrf "main" routing policy-route rule "VLAN443" "enabled" "false"then when to V1.31 it changed to
/ vrf "main" routing policy-route rule "VLAN443"
/ vrf "main" routing policy-route rule "VLAN443" "enabled" "true"So now I have modified that rule with Destination Address *.zyxel.com and the other problem to do with the trunk now seems to work plus DDNS too!
0
Ally Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 152 Nebula Ideas
- 100 Nebula Status and Incidents
- 5.8K Security
- 285 USG FLEX H Series
- 278 Security Ideas
- 1.5K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 251 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 86 About Community
- 75 Security Highlight
