08-20-2018 03:26 PM
Hi Infoblox Community,
Im sorry if im breaking the rules on the forum. I have an issue which one of my customer infoblox cannot resolve dns specific domain (now i found only 1 domain which cannot be resolve) Im trying to dig the domain from infoblox and the answer is connection time out. The infoblox use as resolver and using the root servers.
From the packet capture i find something unusual after infoblox respond from root servers, i see the udp payload size is 4096 - udp payload size . On the next packet, infoblox trying to query to ns given by root with payload size 512 and theres no query respond from the NS - query udp payload size .
Any idea what could be the cause? i attach the packet capture, for specific domain issue please use filter dns.qry.name == "detikhost.com". --> pcap
Solved! Go to Solution.
08-20-2018 09:09 PM
08-22-2018 05:52 PM
Thank you for the respond. first i was thinking that the issue came from the Firewall. But then i try to compare with another domain seems that there firewall doesnot drop udp packet size over 512. You can see by using filter dns.qry.name == "assets.freshdesk.com", from the pcap attach on my first post, it shows the udp packet size is 4096 and it can resolve the A record from the destination ns.
And one more question, if the issue cause by the firewall dropping udp packet over 512, will it be a solution if i try to disable the EDNS feature on the infoblox - (as fas as i know the edns is turn on by default on infoblox) ?
08-23-2018 07:00 AM
You can try disabling the EDNS0 option to see if that helps but it would not recommended to leave it disabled. There is a lot of functionality that depends on this capability that would be impacted, such as DNSSEC validation and the resolution of records which contain a large amount of data.
As a next step, I would recommend looking at your firewall to see if these queries are reaching it and if so, are they going out, is a response being received, and is that response making its way back through the firewall? That would help guide where to concentrate your efforts.