Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

FireBox cannot resolve domain names

Posted on 2007-11-20
10
495 Views
Last Modified: 2013-11-16
We implemented a FireBox x550e in place of a Cisco Pix.  All the configuration settings seem to be copied over correctly.  When the FireBox is in use our DNS does not work.  Using public IP's is the only way to get to Internet sites.  Why would the FireBox effect our DNS.  Is the DNS entered incorrectly?  What else could it be?
0
Comment
Question by:level9tech
  • 5
  • 5
10 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20319902
I think the DNS Server is getting blocked by WG firebox default packet handler and hence getting moved under Blocked sites [you would be able to see it under System Manager->Blocked Sites]; if this is the case, go to Policy Manager->Setup->Intrusion Prevention->Default Packet Handling->Uncheck the box "Auto-block source of packets not handled"; this should solve the problem.

To make sure that DNS is correctly defined in Policy Manager->Network->configuration->WINS/DNS.

The steps I have listed would depend on the software version of WG management software; across versions the process remains same but the options might differ; if you have difficult following let me the exact software version and I would list out the exact steps for you.

Please implement and update.

Thank you.
0
 

Author Comment

by:level9tech
ID: 20327782
DNS is still not being resolved.  Any ideas?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20328984
Where is your DNS hosted, is it on the inside network; or at your ISPs end; if inside make sure that you are using the internal IP and not the public IP for DNS.

Please check and update.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:level9tech
ID: 20329026
I made sure that check box was unchecked in policy manager, also I am sure I have the correct dns info.

I am using our internal dns server to resolve names.   I need to because I am running a windows domain... any ideas what the issue could be ?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20329224
As I asked in my previous post, are you using internal IP or external IP address for DNS; if you are using external IP address things would not work because in this case the ingress and egress interface would be same on the packet; same thing might work in Cisco as they implement something called hairpin.

Please note you need to use internal IP on the machines only then DNS would work.

One more thing, is your DNS server itself able to go the internet and resolve sites. Also, have you created any 1-1 NAT rules and aliases for the same IP and using this IP for DNS, if so, you need to either remove alias or 1-1 NAT.

Please provide details if you are able to ping/traceroute/do dns lookups from the DNS server itself. further, if you specify some public DNS on some machine is the machine then able to resolve by name.

Please udpate.

Thank you.
0
 

Author Comment

by:level9tech
ID: 20361073
I am using the internal ip for dns. is there anything inside the firebox that i need to checK? I dont understand why its not working
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20361278
Is the DNS server itself able to resolve names and go to the internet?
0
 

Author Comment

by:level9tech
ID: 20361305
yes it resolves names and gets out fine
0
 

Author Comment

by:level9tech
ID: 20361496
anyone have any ideas?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 20363162
so if u were to do nslookup from an internal machine for some website say www.yahoo.com; with the machine DNS pointing to internal DNS server what is the result; further if you specify command as:
nslookup www.yahoo.com dns-server-ip
where dns-server-ip is not your DNS Server then do you get any different output.

As your DNS Server can resolve website and can connect to the internet, then I would request you to make sure that the DNS server can resolve names as:
nslookup www.yahoo.com 127.0.0.1

Can you also check to make sure that DNS service/daemon is running properly and there is no dependency which might be causing the problem.

Finally can you run wireshark or some other packet capture tool on your server and one of the client machines and check if the packets are first coming from client to the server and then reaching back to the client with the correct data; also, if the server does not have the address is the server itself requesting for name resolution.

Please check and update.

Thank you.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question