Bridge DNS forwarding problem
Guru Member
VPN300 V5.37(ABFC.2)
USG FLEX 200 V5.41(ABUI.0)
So I think sadly nothing can be likely done for the VPN300 thats EOL but I might be able to workaround that but the problem happens on FLEX 200 so I be thankful if this could be fixed.
The issue I'm seeing is I have a bind server with WAN IP does lookup from root servers you can see here the from DNS server a DNS query is sent in this case sig.cloud.zyxel.com with transaction ID 0x8082 no reply
Then a view from DMZ side of the Bridge
Then a view from WAN side of the Bridge which you can see a reply but FLEX200 didn't pass it on over the DMZ
All Replies
-
Hi @PeterUK
Could you share the topology and packet flow of this scenario? And we also need the remote access to VPN300 and FLEX200 to check this issue.
Zyxel Melen0 -
Ok Melen you can have remote access to VPN300 and FLEX200 to check this issue I was hoping you could of done internal testing given its DNS and how important it is. My guess is the FQDN system might be causing this problem?
simple topology
internet > VPN300 > FLEX200 > DNS server
0 -
update on problem for anyone following
Now with a simple setup DNS server on VLAN55 to SNAT SFP WAN the cause looks to be if you have any WILDCARD FQDN in use this cause some DNS replies to not be forwarded from WAN to LAN and can happen to any query for LAN to WAN that a reply may not make it from WAN to LAN.
0
Zyxel Employee
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 211 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 544 USG FLEX H Series
- 340 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 295 Service & License
- 465 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 87 About Community
- 99 Security Highlight
