Hi there, I seem to have a problem with DNS host lookup on a SSG-550 running 6.3.0r6.0. when a PPPoE connection is active.
I’m routing traffic out an ethernet interface to an ADSL modem using sourced based routing.
The ADSL modem is in bridge mode, using PPPoE for authentication.
I’ve set up a dedicated Ethernet interface for the modem, a dedicated zone and assigned the zone to a dedicated virtual router. No other interfaces are assigned to the zone, and no other zones are assigned to that virtual router.
I needed to use a dedicated virtual router for security, the existing un-trust cirtual router is doing other things.The default route on the ADSL link has to be learned automatically with PPPoE as the ISP assigns a different one each time i connect. I can then send any traffic I want to go out the ADSL line by sending it to the appropriate virtual router using source based routing.
The PPPoE and source based routing all appears to be working fine.
However I notice DNS lookup on the SSG is unreliable whenever the PPPoE connection is active. DNS lookup is configured so the SSG can resolve hostnames to internal DNS via a specific source interface.
My question is how can PPPoE possibly affect DNS host lookups? Are there any verbose debugging commands for DNS host lookup, the only ones i have found don't give any more information than the event logs show.
When the DNS lookup problems occur, logs show "Connection refused by the DNS server." errors.
If i disable the PPPoE and associated ethernet interfaces DNS lookups start working again.
When the PPPoE interface is up, the SSG can ping the DNS servers no problem.
Many thanks for your help,
Mark.