Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

FireBox cannot resolve domain names

Posted on 2007-11-20
10
Medium Priority
?
500 Views
Last Modified: 2013-11-16
We implemented a FireBox x550e in place of a Cisco Pix.  All the configuration settings seem to be copied over correctly.  When the FireBox is in use our DNS does not work.  Using public IP's is the only way to get to Internet sites.  Why would the FireBox effect our DNS.  Is the DNS entered incorrectly?  What else could it be?
0
Comment
Question by:level9tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20319902
I think the DNS Server is getting blocked by WG firebox default packet handler and hence getting moved under Blocked sites [you would be able to see it under System Manager->Blocked Sites]; if this is the case, go to Policy Manager->Setup->Intrusion Prevention->Default Packet Handling->Uncheck the box "Auto-block source of packets not handled"; this should solve the problem.

To make sure that DNS is correctly defined in Policy Manager->Network->configuration->WINS/DNS.

The steps I have listed would depend on the software version of WG management software; across versions the process remains same but the options might differ; if you have difficult following let me the exact software version and I would list out the exact steps for you.

Please implement and update.

Thank you.
0
 

Author Comment

by:level9tech
ID: 20327782
DNS is still not being resolved.  Any ideas?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20328984
Where is your DNS hosted, is it on the inside network; or at your ISPs end; if inside make sure that you are using the internal IP and not the public IP for DNS.

Please check and update.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:level9tech
ID: 20329026
I made sure that check box was unchecked in policy manager, also I am sure I have the correct dns info.

I am using our internal dns server to resolve names.   I need to because I am running a windows domain... any ideas what the issue could be ?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20329224
As I asked in my previous post, are you using internal IP or external IP address for DNS; if you are using external IP address things would not work because in this case the ingress and egress interface would be same on the packet; same thing might work in Cisco as they implement something called hairpin.

Please note you need to use internal IP on the machines only then DNS would work.

One more thing, is your DNS server itself able to go the internet and resolve sites. Also, have you created any 1-1 NAT rules and aliases for the same IP and using this IP for DNS, if so, you need to either remove alias or 1-1 NAT.

Please provide details if you are able to ping/traceroute/do dns lookups from the DNS server itself. further, if you specify some public DNS on some machine is the machine then able to resolve by name.

Please udpate.

Thank you.
0
 

Author Comment

by:level9tech
ID: 20361073
I am using the internal ip for dns. is there anything inside the firebox that i need to checK? I dont understand why its not working
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 20361278
Is the DNS server itself able to resolve names and go to the internet?
0
 

Author Comment

by:level9tech
ID: 20361305
yes it resolves names and gets out fine
0
 

Author Comment

by:level9tech
ID: 20361496
anyone have any ideas?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 20363162
so if u were to do nslookup from an internal machine for some website say www.yahoo.com; with the machine DNS pointing to internal DNS server what is the result; further if you specify command as:
nslookup www.yahoo.com dns-server-ip
where dns-server-ip is not your DNS Server then do you get any different output.

As your DNS Server can resolve website and can connect to the internet, then I would request you to make sure that the DNS server can resolve names as:
nslookup www.yahoo.com 127.0.0.1

Can you also check to make sure that DNS service/daemon is running properly and there is no dependency which might be causing the problem.

Finally can you run wireshark or some other packet capture tool on your server and one of the client machines and check if the packets are first coming from client to the server and then reaching back to the client with the correct data; also, if the server does not have the address is the server itself requesting for name resolution.

Please check and update.

Thank you.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question