Problems Changing DNS - Reputation Authority

I'm having problems changing the M500 DNS settings.

I opened Policy Manager, under Network/Configuration/WIN-DNS I remove the old DNS servers (10.0.1.55 and 10.0.1.60) add the new servers, and save the configuration.

I then put Wireshark on the old DNS servers and still see requests from the Firebox:

4/29/2019 11:56:38 AM 0B3C PACKET 000000CB90514E90 UDP Rcv 10.0.0.254 0b2a Q [0001 D NOERROR] A (2)na(3)web(7)repauth(10)watchguard(3)com(0)

4/29/2019 11:56:47 AM 0B3C PACKET 000000CB93E3E210 UDP Rcv 10.0.0.254 36ee Q [0001 D NOERROR] A (2)na(3)web(7)repauth(10)watchguard(3)com(0)

Looks like it may have something to do with the Reputation Authority. I have searched the Policy Manager settings, but cannot find where this is set to use the old DNS servers. Where is this setting made?

I saved the configuration to XML and search for the old DNS IP addresses and found the following. Where are these coming from (also, don't appear to have anything to do with the reputation authority):

<address-group>
<name>Microsoft.1.pcy</name>
<description></description>
<property>16</property>
<addr-group-member>
<member>
<type>1</type>
<host-ip-addr>10.0.1.55</host-ip-addr>
</member>
</addr-group-member>
</address-group>
<address-group>
<name>Microsoft.3.pcy</name>
<description></description>
<property>16</property>
<addr-group-member>
<member>
<type>1</type>
<host-ip-addr>10.0.1.55</host-ip-addr>
</member>
</addr-group-member>
</address-group>
<address-group>
<name>Microsoft.2.pcy</name>
<description></description>
<property>16</property>
<addr-group-member>
<member>
<type>1</type>
<host-ip-addr>10.0.1.60</host-ip-addr>
</member>
</addr-group-member>
</address-group>
<address-group>
<name>Microsoft.4.pcy</name>
<description></description>
<property>16</property>
<addr-group-member>
<member>
<type>1</type>
<host-ip-addr>10.0.1.60</host-ip-addr>
</member>
</addr-group-member>
</address-group>

I would appreciate help from anyone.

Thanks in advance.

Comments

  • I doubt that this has anything to do with the Reputation Authority.

    What is in the Microsoft policy ?

  • AFAIK, the Reputation Authority is RED - Reputation Enabled Defense.
    RED is supported in HTTP client proxy actions only.

  • Wireshark shows DNS resolution requests against the old DNS servers from the Firebox for repauth.watchguard.com -- that's why I was guessing Reputation Authority. Again, I'm trying to figure out where the old DNSes are stored for this activity.

  • If repauth.watchguard.com is the only DNS lookups that you are seeing to your old DNS servers, then my guess that the RED service (/usr/bin/red) has the DNS server IP addrs cached.
    So a reboot would resolve this.
    However, this does appear to be a design flaw - so consider opening a support incident on this.

  • Thanks Bruce. Rebooting the cluster resolved the DNS resolution requests against the old DNS servers.

Sign In to comment.