topic DNS aged-out, tcp-rst-from-client, and tcp-fin in General Topics

DNS aged-out, tcp-rst-from-client, and tcp-fin

JohnCSteamer — Tue, 20 Dec 2016 17:06:32 GMT

I'm pretty new to Palo Alto products, and I just inherited one. I was having some small issues getting to a site (just a minute or two delay). When I went to the Monitor tab, and saw something that looked a little strange, but could be completely normal.

There are a lot of these every second. Is it normal for a DNS to go to aged-out or tcp-rst-from-client, or tcp-fin after it returns the information requested? Or is this a sign of something else being wrong.

Re: DNS aged-out, tcp-rst-from-client, and tcp-fin

reaper — Tue, 03 Jan 2017 14:16:09 GMT

Hi John

In the case of DNS this is normal as DNS is a UDP protocol which has no means of terminating a session other than no longer transferring packets (where TCP can send FIN or RST packets)

The rst-from-client packets may be your client timing out and deciding to give up gracefully by sending a rst to the server

Since there is a delay I'd recommend setting up a packetcapture to see if you can detect where packets may be getting lost or where a delay me be introduced

please take a look at this article to get you started: Getting Started: Packet Capture

For future reference: you posted your question in the community feedback forum. You'll reach a much wider audience (all of our other customers, partners, Palo Alto Networks staff etc), if you post questions in the general forum 🙂

Re: DNS aged-out, tcp-rst-from-client, and tcp-fin

jdelio — Wed, 18 Jan 2017 22:02:09 GMT

Just to let you know that I moved this article to the General Topics area.