I've integrated my AWS Infra (with very basic services - VPC, subnets, IGW and nat gw) to Cisco Umbrella via R53 resolver outbound endpoint and Resolver Rule. But we see Duplicate dns requests getting forwarded to Cisco Umbrella.
Cisco Team has confirmed that they see 2 requests coming from the source.
On the AWS end, we've tried the below -
- Did the packet capture on EC2 instance, but see single request and response.
- On VPC flow logs, we see 2 requests and response with a small time window gap, assuming it's corresponding to the same request, since we do not have anything else running on AWS on that specific region.
- R53 query logs shows only 1 DNS entry.
dig www.internetbadguys.com
shows duplicate requests, but dig @208.67.220.220 www.internetbadguys.com
shows single request forwarded to umbrella wherein 208.67.220.220 is the umbrella IP address. This proves that the duplication might be taking place somewhere around resolver outbound endpoint.
Any suggestion what could be causing this issue?
Thanks in advance for the help.
Unfortunately , no. It's 2 IPv4 requests (A records) .
Just updated question also..