after the last update of our clustered M370 to 12.7.1 we encounter numerous problems with DNS (site unreachable) and then soon become reachable does any of you have a similar experience?
Are you using DNSWatch?
If not, are you using DNS proxies for outgoing DNS?
Anything to help understand this in Traffic Monitor?
Could your external DNS server IP addr sometimes end up on the temp Blocked Sites list? If so, you can add that/those IP addrs to the Blocked Sites Exceptions.
And/or turn off the Default packet Handling option of "Auto-block source of unhandled external packets"
I used DNSwatch until 2 days ago, now I have disabled it thinking this was the problem but nothing, it persists, the thing is very strange it does not find the site and then after a few seconds yes, Saturday or I did the last upgarde to the firewall.
Nothing unusual in the traffic monitor, no proxy dns, the strange thing is that the same thing happens in the other office always with a M370 latest update but only for the Watchguard forum.
Explain what you mean by "but only for the Watchguard forum"
So you are running V12.7.1 and the problems started soon thereafter?
Consider opening a support incident on this if you have not already done so.
yes, that's right, this only happens in my office on the forum https://www.watchguard.com/Forum/login.aspx
I haven't opened a ticket yet
in my office I have DNSWatch active
So it is related to your DNS_PROBE_FINISHED_NXDOMAIN post?
usually first I update my firewall in the office and when I think everything is ok I also update the cluster in the other office, for me everything started from the last update on Saturday 25th, as regards DNS fail
So again, this was your update to V12.7.1?
open a support incident
nothing to do, even the technical support has not found any problems on the DNS, I do not know where to turn my head, the only thing left to do is to downgrade the cluster to 12.7 but I would like to avoid .. sic sic
Please see my comment on your other post here:https://community.watchguard.com/watchguard-community/discussion/2094/dns-probe-finished-nxdomain#latest
Based on what you've described both here, and in the case, I do not expect that downgrading will fix your issue. If the DNS response coming from an external server is NXDOMAIN, that issue lies outside of the firebox.
I've left information on how to determine for sure, via packet capture, if that's what is happening. If the issue is external to the firebox, and is in fact a DNS issue, you'll need to troubleshoot the DNS issue, or contact the admin responsible for that DNS to proceed.
WatchGuard Customer Support