Dropped by DNS sinkhole.Domain
blue
Newbie ✭
was wondering where I can find the list for this or how to whitelist sites that get triggered by this when the company doesn't have the dns security feature paid for. I thought it was by the content filtering whitelist area but that doesn't help me when i add the site to it.
Category: Mid Range Firewalls
0
Answers
Not sure I understand the question - if it's not licensed, then surely it's not being triggered?
@blue DNS Security is a new payable option for SonicOS 7.1 and up, if you're running 6.x or 7.0.x it's working without a dedicated license.
IMHO there is no published list of blacklisted domains.
--Michael@BWC
running Firmware Version SonicOS 7.1.1-7047
i am just getting the PUBLIC IP calling out to other DNS IP's and trying to find where its starting,also out the same port all the time; i am also getting a temp red flag and have gone and checked on it and it is cool to the touch and room is at 65 degrees, I am going to sit and watch the fans on the back for a bit and see if that might be the issue, just trying to make sure these aren't connected, also these sinkhole drops are happening every 5 mins so i want to believe it is a client on the network just am unable to track it down at the moment.
@blue that's interesting, it might be a Sonicwall Newsletter which hit Mandrilapp in the past 😂
I guess you can't modify any settings for DNS security without the valid license? Was it enabled before upgrading to 7.1.1? Did you checked the configuration via CLI, maybe the upgrade messed things up and you need to disable it manually?
But 7.1.1 is buggy by itself and probably you hit this 100% Task dilemma which plagued a lot of users. I highly recommend not to use it atm.
--Michael@BWC
interesting, I have been using SonicWall for about 8 years with this company and never had the license for it, what firmware would you say is the stable one? i thought Maintenance Release where the stable ones?
DNS Security needs to be licensed from 7.1 and up. It's part of APSS and noone could tell me the SKU for extending EPSS.
IMHO the Label Maintenance Relese is misleading, because 7.1.1-7040 was a Feature Release (or Early Release?) and only due to a huge vulnerabilty it became MR.
Best Firmware for Gen7 is 7.0.1-5145, IMHO.
--Michael@BWC
thanks for direction on this, will be making a change back tonight.
i have reverted back to Firmware for Gen7 is 7.0.1-5145 and am still getting dns sinkholes
This is an interesting topic.
Just tested its not firmware issue.
@blue
DNS security license just apply to the first tab DNS Filtering(without license, it will prompt an alert)
However, other tabs like DNS Sinkhole is still configurable and usable without DNS security license. Not sure its intended or bug.
So your device has enable DNS sinkhole service.
I think mandrillap is Mailchimp's click-tracking domain so almost certainly no upside to allowing this traffic for you. So "correct" in that sense - it's blocking something that isn't necessarily malicious, but is just junk traffic.
i don't see that whitelist option on my not paid for dns security license
nor is there anything under policy, there is no way for me to whitelist 1drv.ms.
****** just read this on newer firewall so will try a upgrade later today
GEN7-43554 Unable to add valid domains to the Custom Malicious Domain Name list and
White List pages after adding an domain one because the pending configuration
is still present.
Workaround: Logging out and back in should resolve the issue