USG Lite 60AX DNS issues

Options
SistemistaDaRidere
SistemistaDaRidere Posts: 15 image  Freshman Member
First Comment Friend Collector Fifth Anniversary
in Nebula

I recently installed a USG Lite 60AX and configured static IP on WAN interface with manual DNS (primary 8.8.8.8 - secondary 1.1.1.1).

Since i couldn't establish an IPSEC vpn using remote peer FQDN, i checked dns lookup and found out that it's resolving a really old public IP for the FQDN. VPN establish correctly if pointing directly to the FQDN updated public IP.

Clearly, FQDN is always up to date and correctly resolved from any other location, but not from the USG.

Also noticed that it make dns query on itself and i'm wondering why, i tried switching on DHCP for WAN and releasing the same public DNS choice from my router, but same issue.

Internet access come from an LTE tplink router working on a big national provider (Italy - TIM) in CGNAT. Even tried setting up ISP DNS but, again, same issue.

WAN Interface

{5087C7F5-EF9B-434E-9009-1194FDC94507}.png

DNS Lookup results

image.png

Best Answers

  • PeterUK
    PeterUK Posts: 4,469 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    Answer ✓

    Can you check from a device other then USG Lite 60AX by

    nslookup FQDN 8.8.8.8

  • Zyxel_Tina
    Zyxel_Tina Posts: 786 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers 500 Comments
    Answer ✓

    Hi @SistemistaDaRidere,

    As PeterUK suggested, could you try running nslookup from another device to check the DNS resolution result?

    If it resolves to the correct/updated IP address, please enable Zyxel Support Access and share your org/site names so we can further investigate this issue on your USG LITE 60AX device.

    Zyxel Tina

All Replies

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)