Clear DNS cache pre 12.7

cmccmc
in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

Per documentation,

To disable the DNS cache, in Policy Manager (Fireware v12.7 or higher):

Select Network > Configuration > WINS/DNS.
Clear the Enable DNS Cache check box.

I have a T35 running 12.5.9 that seems to have bad DNS entry in the cache. Is there a way to clear the cache on this device with restarting?

Comments

  • cmccmc

    This seems to not be possible. In 12.6.4 this looks to be possible using the CLI command

    no ip dns cache enable

    but no such luck for 12.5

  • cmccmc
    edited January 7

    So this turned out to _not _ be a DNS cache issue. After much testing, and with the help of Reddit, I determined that Comcast was in fact injecting their own data into DNS response packets. And in this case the IP addresses entered were stale/incorrect. Comcast has a security feature on business accounts called SecurityEdge that apparently has this *feature*. Pretty sneaky, as a packet trace for a DNS query to 8.8.8.8 showed a response from 8.8.8.8 with no indication that the packet had been modified.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @cmc
    This feature isn't currently available on the T35 I made a feature request to have this feature added to 12.5.x. That is FBX125X-255

    I would suggest upgrading your T35 to 12.5.12, as there's been quite a few bug and security fixes since 12.5.9 which may help address your issue.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.