DNS failures on regular basis
-
We are running two firewalls with 2 wans and 2 lans (temporary office and internet cafe) on Mon Apr 11 20:18:16 EDT 201 snapshot and are having DNS issues.
We have two entries in the DNS fields on the General Setup menu with no gateway specified and no override for DHCP.
At random intervals, and not apparently related to loading, the DNS resolution fails. This is both for DHCP clients using the firewall for DNS and from the firewall itself using the DNS lookup in the GUI. After a while the DNS will start responding again.
There do not appear to be any entries in the system log that relate to this - ie no errors or warnings.
Any ideas where I should be looking to diagnose this issue?
-
Sorry - forgot to mention its i386
-
If you have multi-wan, you really do need to specify at least one DNS server for each gateway under System > General, unless they're dynamic and get their DNS servers over PPPoE/DHCP - still, specifying them manually is better.
Two DNS servers for each WAN is best.
-
Have two DNS per WAN but am still getting issues.
The DNS appears to disappear for 5 minutes then comes back. Very odd
-
Are you maxing out your state table, perhaps?
Seems unusual that just DNS would stop, and nothing else.
-
Don't think so.
Have been clutching at straws and I think it is the DNS that our temporary internet supplier has given us.
Changing the DNS to the OpenDNS servers seems to have given us a stable system for the last couple of hours.
Will see what happens when the 100 users hit it in an hour when their program finishes and they all walk in with their iPhones :)
-
You could use OpenDNS and Google DNS (8.8.8.8 / 8.8.4.4), one from each on WAN/WAN2, might be even more stable.
-
I just ran into a similar issue.
After reading that I should add DNS i/p addresses to my 2-nd WAN , i was not able to access the webgui, or ping google.com from the console.
We have multi-lan .
I will restore an earlier config and reboot.
here are parts of the config:
# good: <dns1gwint>wan</dns1gwint> <dns2gwint>wan</dns2gwint> <dns3gwint>none</dns3gwint> <dns4gwint>none</dns4gwint> <dnsserver>8.8.8.8</dnsserver> <dnsserver>75.75.75.75</dnsserver> <dnsserver>8.8.4.4</dnsserver> <dnsallowoverride><maximumstates><maximumtableentries><reflectiontimeout>#bad <branch><dns1gwint>wan</dns1gwint> <dns2gwint>wan</dns2gwint> <dns3gwint>opt1</dns3gwint> <dns4gwint>opt1</dns4gwint> <maximumstates><maximumtableentries><reflectiontimeout><dnsserver>8.8.8.8</dnsserver> <dnsserver>8.8.4.4</dnsserver> <dnsserver>8.8.8.8</dnsserver> <dnsserver>8.8.4.4</dnsserver> <dnsallowoverride></dnsallowoverride></reflectiontimeout></maximumtableentries></maximumstates></branch></reflectiontimeout></maximumtableentries></maximumstates></dnsallowoverride> -
so after restart I gould oing:
Enter a host name or IP address: google.com PING google.com (74.125.113.106): 56 data bytes 64 bytes from 74.125.113.106: icmp_seq=0 ttl=53 time=34.514 ms 64 bytes from 74.125.113.106: icmp_seq=1 ttl=53 time=33.338 ms 64 bytes from 74.125.113.106: icmp_seq=2 ttl=53 time=34.110 ms --- google.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 33.338/33.987/34.514/0.488 ms Press ENTER to continue. -
You can't have the same IP on both WANs. Having conflicting routes probably freaked something out.
This would work:
8.8.8.8 WAN
8.8.4.4 OPT1
208.67.222.222 WAN
208.67.220.220 OPT1 -
OK, that fixed it for us. thanks.
