Duplicate DNS requests seen when integration AWS with Cisco Umbrella via R53 resolver outbound endpoint

0

I've integrated my AWS Infra (with very basic services - VPC, subnets, IGW and nat gw) to Cisco Umbrella via R53 resolver outbound endpoint and Resolver Rule. But we see Duplicate dns requests getting forwarded to Cisco Umbrella. Cisco Team has confirmed that they see 2 requests coming from the source.

On the AWS end, we've tried the below -

  • Did the packet capture on EC2 instance, but see single request and response.
  • On VPC flow logs, we see 2 requests and response with a small time window gap, assuming it's corresponding to the same request, since we do not have anything else running on AWS on that specific region.
  • R53 query logs shows only 1 DNS entry.
  • dig www.internetbadguys.com shows duplicate requests, but dig @208.67.220.220 www.internetbadguys.com shows single request forwarded to umbrella wherein 208.67.220.220 is the umbrella IP address. This proves that the duplication might be taking place somewhere around resolver outbound endpoint.

Any suggestion what could be causing this issue? Thanks in advance for the help.

Juhi
질문됨 일 년 전292회 조회
2개 답변
0
  1. Im curious to know if one of the requests is IPv4 and the other is IPv6?
  2. Im wondering also because you have 2 outbound IP ENI's R53 may be default send 2 requests
  3. On your VPC Flow logs, are the requests coming from each of the 2 ENI's for the outboud endpoints?
profile picture
전문가
답변함 일 년 전
  • Unfortunately , no. It's 2 IPv4 requests (A records) .

  • Just updated question also..

0

On your VPC Flow logs, are the requests coming from each of the 2 ENI's for the outboud endpoints?

profile picture
전문가
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠