periodic local DNS failures - service restart fixes
We've got one deployment of roaming DNS filter agents and we're seeing an issue that periodically affects some devices but not all.
While this issue is affecting a PC or laptop, I cannot ping server hostnames or the fully qualified domain names for servers.
The issue is limited to local DNS on the domain - external/public DNS still resolves fine.
Initially, I figured it was just failing to pass the queries to the correct DNS server for some reason but today I saw in the DNS server logs and in a diagnostic tool that the DNS queries are correctly going to out domain DNS servers.
While this issue is active, other users are unaffected although sometimes a few people can be having the issue at the same time (its never all users). A quick restart of the DNS filter agent resolves the issue so the users are often just rebooting to fix it.
The diagnostic details I've seen in the DNS server logs and on the workstations shows malformed DNS queries with formatting errors.
-
Hi Etienne , thanks for reaching out! From what you've described thus far we can't quite pin points what's going on, but I have some questions that can help rule out some issues:
- You mention local DNS: are local domains and resolvers accurate in the DNSFilter dashboard?
- Does the team utilize VPNs? If so, what is the brand, and are they setup as full or split tunnel? There could be some settings adjustments causing the conflict.
- Do the endpoints use statically assigned DNS resolvers? Some users have reported issues with Windows version 1.15.3 conflicting with those settings. If this could be the issue, setting DNS to DHCP helps, or reverting to our prior version 1.14.1 is recommended as a temporary solution.
If none of these ideas help, could you let me know a few more details for the impacted users:
- What OS type and version of the Roaming Client is experiencing the issue?
- How was the Roaming Client deployed onto this machine? (e.g. Manual install from dashboard or via RMM tool)
- Were there any other DNS filtering applications installed on this prior to our Roaming Client?
0 -
The client I most recently saw with this issue was running v1.15.3.0
The local domains and resolvers are configured although there are a lot of local domain entries. Are there sometimes issues with a lot of domains being specified there? is there a limit on the number?
The endpoints have their IPs and DNS configurations assigned by DHCP so nothing static.
The OS on the most recent example is Win10 pro and the agent version is 1.15.3.0
There were no other DNS filtering applications to my knowledge although this is a fairly new customer of ours.
I'm fairly certain it was deployed by our RMM tool.
0 -
Thanks for these additional details, Etienne !
There are no limits on our end to the amount of local domain and resolvers, so no worries there!
I had a colleague review everything you've sent, and we believe you're experiencing a bug with v1.15.3 that's different than the one I already noted: when the devices wake from sleep we've seen reports of dns traffic failing to query local domains and resolvers.
I'm happy to report a new beta version of the Windows Roaming Client (v2.0.3) is scheduled to release tomorrow that resolves this issue. You can follow our changelog to be notified of the release, which will be available to all customers from the DNSFilter dashboard: Deployments > Roaming Clients > Install Guide.
If you test the beta release and the issue persists, let me know and I'll begin a support ticket which you can reply to with diagnostic logs for further investigation!
0 -
Thanks for the update. After your last message, I went back and checked the internal domains and saw one of the internal domains seemed to be missing from the list so I re-added. I thought I'd seen it there before so I'm not sure if/why it would have been removed but I don't know why it works flawlessly for most people and affects some people occasionally.
You may be correct in saying there is another bug with the clietn but I'm currently waiting to hear back from the client to see if they experience any further issues. Since I started troubleshooting this, I've found a number of small issues with DNS so there could be something else at play I haven't seen yet. I will try the beta version if they come back to me with another instance of this problem.
1 -
This sounds like great progress, Etienne ! A missing resolver could definitely be the issue—glad you found it!
We're ready to keep testing solutions if they continue to have issues, so feel free to post a reply here and I'll spin up a ticket for the team to review.
0 -
Hi,
Well we've had another report of some PCs at this site getting this issue again. The few affected do appear to have been left on a while (some with 7 and 12 days up). A restart of the PC fixes the issue as usual and I'm sure a DNSFilter service restart would do it too.
Assuming there's no other update on this, I'll see if I can get the beta version you mentioned.
0 -
Quick question relating to the beta version you mentioned, can I update one client to the beta version for testing and will this prevent auto updates in the future?
0 -
Hi Etienne, sorry to hear the issue resurfaced. I'm going to start a ticket with our Support team. You can supply them with diagnostic logs from one of the impacted devices and they can help investigate further. The team has seen positive results from customers reporting similar issues testing the beta release.
The beta release channel has a built-in auto-update feature which will automatically update any Roaming Client set to the beta channel when a new release happens. You can read about the beta and production channel, as well as how to set the release channel, in this article: Roaming Client Release Channels
0 -
Thanks, I've update one client for testing and will see how that goes.
0
Please sign in to leave a comment.
Comments
9 comments