Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

DNS Policy floods log with "Max Connections exeeded packets"

KOPFteamKOPFteam Newbie ✭
in Entry Level Firewalls

I have SplitDNS configured and working on a TZ370 with currrent firmware. This means I have enabled DNS Proxy and this means I have a DNS Policy configured. Everything seems to work, but:

The System Log is flooded with events (ID 1689) "Drop DNS Policy Max Connections exeeded packets" (DNS Policy 1. max connections exeeded. max connection percentage: 100%). There is an event generated every minute.

Screenshot 2024-12-04 152836.png

All of these events have the same source IP (a Ubiquiti CloudKey) with a random port and the same destination IP (port 53 on the SonicWall).

Checking the connection monitor shows that the firewall has 140-160 open connections (= nearly nothing is going on), but checking the DNS Rule shows 320.000 connections (226.000 closed connection and 100.600 active connections)

Screenshot 2024-12-04 153614.png
Screenshot 2024-12-04 153711.png

What is going on? Why does the DNS Rule show so many connections? How can I prevent the logs beeing flooded?

Category: Entry Level Firewalls
Reply
Sign In or Register to comment.