No DNS after policy is loaded

[johann.spies]

I am building a load sharing cluster of two UTM-1's with R70.
.
When the policy is not installed, dns lookups work normally. When I load a policy, no lookups can be done.

Even when I try it with one rule

Src Dest service
any any any accept

No DNS lookups succeed.

At one stage a few days while trying to determine what the problem was, it suddenly worked with a full set of 88 rules. Today again there was no DNS and nothing changed in the rules since then.

The log shows that udp-domain packets to the dns-servers were accepted.

Any idea what is going on?

Regards
Johann

[johann.spies]

It is not primarily a dns-problem. It is a networking problem. When the dns was not working I could not ping the backbone or the external segments of our network from the UTM, but I could ping the DMZ and the other member of the cluster through the private network. And I could ssh to the UTM from the backbone segment.

Somehow after some fiddling here and there and reloading an older policy (the same one that was active when the problem occurred this morning) everthing is working again.

I have tried to activate the Sticky option in the advanced Load Sharing Configuration but it was rejected because some accleration option is not available.

Can this be an indication that the communication witin the cluster is not working as it should?

Regards
Johann

[Yasushi Kono]

Hi Johann,

did you install HFA20 just on the Security Management Server? If not, try that one. After this, you should try to do DNS. Without HFA (at least 20), you could run into trouble, since truncated DNS packets could be dropped.

Regards,
Yasushi