06-29-2021 01:32 AM
Hi,
using an internal Dns server
client makes request for a domain ???.com and cannot get an answer.
from nslookup we see that it cannot resolve the domain.
internal dns server to public dns server rule has a spyware profile.
There is no threat log for this request.But if we disable spyware profile then client can resolve this name.
Any idea about this issue ?
we checked this domain in the lab but it is legal not suspicious.Thanks
Regards
07-02-2021 02:15 AM
Hi,
this is a known bug which will be fixed in 10.0.7
just confirmed.
Regards
06-29-2021 05:52 AM
Hi @panos
Do you have the DNS security subscription enabled on that firewall? If yes, does your firewall have internet access (at least towards paloalto dns service)?
06-29-2021 05:53 AM
Hi,
license was trial and it is expired.
Regards
06-29-2021 05:56 AM
So in this case I assume this feature is still configured in the spyware profile?
06-29-2021 05:57 AM
is there a way to disable it ? All categories are selected as allow.
06-29-2021 09:38 AM
Hello,
Also check to see if the request is getting dropped into the sinkhole if configured. To disable DNS in the profile:
Objects tab -> Anti-Spyware-> click the profile name
DNS-Signature tab and change Action to Alert (alert allows the traffic and logs it, allow just allows the traffic but does not log it)
Hope it helps.
06-29-2021 12:25 PM
Thanks for reply.
no sinkhole ip is returned.cannot resolve the domain.
we checked counters also for dns server's traffic,there is no drop.but clients cannot resolve the domain when spyware profile is selected.
Added the domain to Dns exceptions tab but again same issue.
I opened a Tac case.Let's see what they will find.
Regards
06-29-2021 01:27 PM
Maybe it is worth a try to delete the dns security license as it is expired anyway.
Did you check the system logs to see if there are some logs which could lead to the reason of this issue?
06-29-2021 01:37 PM
Hi,
Thanks,
there were logs saying that " critical general general 0 License for feature dns-security expired on ..." so we deleted license from cli but it did not change anything.
Regards
06-29-2021 02:06 PM
Did you try to add a newly created antispyware profile to that rule where you do not configure the dns security options at all?
06-29-2021 02:09 PM
Hi
Yes this option was our last test.
We cteated a fresh profile but again faced same issue.
Thanks
Regards
07-02-2021 02:15 AM
Hi,
this is a known bug which will be fixed in 10.0.7
just confirmed.
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
