DNSWatch answering when not enabled

CWRCWR
in DNSWatch - General

We have noticed our m370 which does not have DNS Watch enabled is sending dns queries to the DNSWatch EU servers 34.240.115.208 and 34.251.171.117 so only one of our own configured dns servers get used after those two. Had a look through the network settings and those of the vlans etc and can only see out 2 dns servers. The site has had some odd dns behaviour so wondering if this could be related.

We tested DNSWatch when it first came out but disabled it and switched to our own over a year ago.

Logs show the dns requests going to the dnswatch servers.

On latest firmware.

Have I missed a setting or does this need to ne escalated to support.

Out M390 at our other site (same config) does not have this issue and uses both our configured dns servers.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @CWR

    It sounds like DNS Forwarding might be enabled.

    Check the following article here to see if you have anything configured to push traffic to the DNSWatch resolvers:

    (About DNS Forwarding)
    https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/networksetup/dns_forwarding_about.html

    If you don't see anything there, I'd suggest creating a support case so that one of our reps can look into the issue with you.

    -James Carson
    WatchGuard Customer Support

  • CWRCWR

    Raised a ticket as the dns watch servers were randomly handlng the queries instead of ours and support mentioned some issues currently with dns watch server 34.251.171.117 so this likely explains the dns issues out internal clients had been experiencing.
    Resolution was to enable dns watch with enforcement disabled then disable dns watch again.

Sign In to comment.