Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ470 - failed in DNS resolve

For a couple of domains (office.net and kamaitechnologies.com), this notice appears on a regular basis in the System Log:

It doesn't seem to have any effect on users or machines. I do wonder why those domains do not resolve? And maybe there's fix?

Category: Firewall Management and Analytics
Reply

Best Answer

  • CORRECT ANSWER
    prestonpreston Enthusiast ✭✭
    edited February 18 Answer ✓

    Hi @Simon_Weel, I would go with Michael_Bischof @ SonicWall's answer as what he is saying is correct, in addition to Michael's answer see below

    F.Y.I. if you do an NSlookup for the FQDN's they don't resolve, this is is because Microsoft and Akamai are using sub domains of these for their services, so for them to work you would need to use the Wildcard method I.e *.office.net, and then you would see the last entries for anything that was seen from a subdomain, but be aware that this puts more CPU overhead on the appliance.

Answers

  • Michael_BischofMichael_Bischof SonicWall Employee

    These seem to be FQDN address objects that cannot be resolved by the firewall while using the current DNS servers you configured on the firewall.

    The reason for that could be that the DNS servers which are used do not know these domains, that these domains do not exist any longer, or that their domain names have changed.

    If these domains are not relevant to you, you could delete the FQDN address objects for these two domains.

  • MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭

    Hi @Simon_Weel ,

    You should create the DNS Forwarder ON dns settings for this domain for the local dns servers.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    @preston has the right response: an nslookup (or dig) of these domains do not return a response, so the log is just informing you of this. There is no fix, this is by design of the owners.

Sign In or Register to comment.