Internal DNS problems: DNS service timeout


#1

Hi all,
we have a Peplink Balance 210 with 2 connected WAN. We are using internal DNS server for our extranet:

ns1.mycompany.com --> WAN1 IP
ns2.mycompany.com --> WAN2 IP

Until today both server works perfect. But this morning WAN1 DNS was lost and unreachable.

From external host:

dig mycompany.com @WAN1_IP


; <<>> DiG 9.6-ESV-R3 <<>> mycompany.com @WAN1_IP
;; global options: +cmd
;; connection timed out; no servers could be reached


dig mycompany.com @WAN2_IP


; <<>> DiG 9.6-ESV-R3 <<>> mycompany.com @WAN2_IP
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54690
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available


;; QUESTION SECTION:
;mycompany.com.               IN      A


;; ANSWER SECTION:
mycompany.com.        5       IN      A       WAN2_IP


;; AUTHORITY SECTION:
mycompany.com.            3600    IN      NS      ns2.mycompany.com.
mycompany.com.            3600    IN      NS      ns1.mycompany.com.


;; ADDITIONAL SECTION:
ns2.mycompany.com.        3600    IN      A       WAN2_IP
ns1.mycompany.com.        3600    IN      A       WAN1_IP


;; Query time: 48 msec
;; SERVER: WAN2_IP#53(WAN2_IP)
;; WHEN: Wed Feb  6 15:54:50 2013
;; MSG SIZE  rcvd: 117

WAN1 is still UP and pingable:

ping WAN1_IP
PING WAN1_IP (WAN1_IP) 56(84) bytes of data.
64 bytes from WAN1_IP: icmp_seq=1 ttl=53 time=34.6 ms
64 bytes from WAN1_IP: icmp_seq=2 ttl=53 time=34.7 ms

UDP port 53 on WAN1 is still open:

nmap -sU -p 53 WAN1_IP


Starting Nmap 4.62 ( http://nmap.org ) at 2013-02-06 15:57 CET
Interesting ports on WAN1_IP (WAN1_IP):
PORT   STATE         SERVICE
53/udp open|filtered domain


Nmap done: 1 IP address (1 host up) scanned in 0.594 seconds

No log are displayed on Status --> Eventlog --> Device Log

How can i debug that problem?

Other configuration informations:

  • Device is in Drop-in-Mode
  • Device is handling IPsec VPN via WAN1_IP (i tryed to disable it but DNS stills not working)
  • Firewall allow all traffic
  • Current firmware is 5.4.7 build 1439.

Thanks in advance
Roberto


#2

Hi rgiovanardi,

Thanks for the information. After talking things over with the Advanced Team, let’s go ahead and get a support ticket started with everything at the following link-

http://www.peplink.com/contact/support/

To help expedite matters, go ahead and send up a diagnostic report while the DNS issues are going on for review. This will get us a snapshot of the Balance configuration and ideally any back-end messages to help narrow down what’s going on. Instructions on capturing the report of course can be found at the following link:

The team will also want to get remote access to the Balance 210 to take a look in real time in your deployment to test and confirm further. To enable the remote assistance function, instructions are at the following link-

Ideally with the additional information, the team will get to the bottom of the matter.