DNS-Proxy doesn't recognize DNS type NAPTR (35)
recently, we have been experiencing sporadic outages in our Internet Connection. Tracking it down, we found that our internal DNS-Server did not answer requests (i.e. unable to resolve www.bing.com) . Further Analysis showed that at the same time, requests from the DNS-Server where blocked by our WatchGuard like such:
2019-04-15 14:50:38 M400-Member1 Deny 192.168.0.22 18.104.22.168 dns/udp 64088 53 0-Trusted 1-External ProxyDeny: DNS query type match (DNS-proxy-00) DNS-Outgoing proc_id="dns-proxy" rc="595" msg_id="1DFF-0006" proxy_act="DNS-Outgoing" rule_name="Default" query_type="NAPTR" Traffic
This message was repeated for all external DNS-Servers set as fowarders as well as for Zone masters. This process was then repeated multiple times for About 10 minutes - during this period, our DNS was locked up from answering other requests.
I already looked at the WatchGuard (Fireware 12.2) Settings and found that DNS type "NAPTR" (type Code 35) ist not included in the DNS Proxy and I cannot add it unless I create a new DNS Proxy which I would like to avoid. Further, I don't even know if the DNS Proxy is able to handle this type of request.
Does anybody know if the device can handle NAPTR requests? How do you handle this?