Skip to main content

How can we help you?

Search

help Knowledge Base
forum Community
checklist Release Notes
event Events

DNS Relay on Windows - UDP listener crashes

Michael Yaeger

I am currently hitting a very strange situation. I have 2 DNS Filter Relays running on Windows, which work fine. I am going through a process to move from an old firewall to a new firewall and as part of that, I am moving a DMZ which has 1 host that uses these DNS Filter Relays for resolution. During the migration of the DMZ to the new firewall, I add a new route to a switch upstream of the DNS Filter Relays that points traffic for the new DMZ at the new firewall. About 10 seconds after I add the new route, the UDP Listener for port 53 crashes on both of the DNS Filter Relays. It shows this error on the console:
msg="unable to start listener" address=":53" error="read udp [::]:53: wsarecvfrom: The connection has been broken due to keep-alive activity detecting a failure while the operation was in progress."

At this point in the process, the ability for responses from the DNS Filter Relay to reach the host in the DMZ would be impacted. ChatGPT suggests that there is some kind of health check occurring in the DNS Filter Relay, that knows this and is therefore shutting down the service. 

During the next maintenance window, I plan to cut off traffic to the DNS Resolvers from the host in the DMZ completely before adding the route to see if that makes a difference. As well as capture the traffic with Wireshark if it doesn't. 

But I guess I'm hoping someone could confirm this is a logical explanation? And if so, is there any configuration I can use to manage that “health check” so it doesn't crash the listener? Any other ideas why this might be happening. All of my internal servers can't use DNS once that listener crashes and it's causing major issues during this cutover process.

Comments

1 comment

Date Votes
  • Minetta Gould Community Team DNSFilter Staff

    Thanks for the detailed write-up, Michael Yaeger—that helps a lot.

    In situations like this, the most common cause for issues is a port 53 binding conflict, often introduced during firewall changes. Some firewalls or related services will try to bind to or inspect port 53, even briefly, which can cause the Relay’s UDP listener to fail.

    First step would be to review the new firewall settings and make sure nothing is listening on or intercepting port 53 (DNS inspection, health checks, etc.). If that doesn’t resolve it, please open a support ticket and include Relay diagnostic logs from the time of the crash so we can dig in further.

    0

Please sign in to leave a comment.

New post

Featured posts