Duplicate DNS requests seen when integration AWS with Cisco Umbrella via R53 resolver outbound endpoint

Question

I've integrated my AWS Infra (with very basic services - VPC, subnets, IGW and nat gw) to Cisco Umbrella via R53 resolver outbound endpoint and Resolver Rule. But we see Duplicate dns requests getting forwarded to Cisco Umbrella. 
Cisco Team has confirmed that they see 2 requests coming from the source.

On the AWS end, we've tried the below -

- Did the packet capture on EC2 instance, but see single request and response.
- On VPC flow logs, we see 2 requests and response with a small time window gap, assuming it's corresponding to the same request, since we do not have anything else running on AWS on that specific region.
- R53 query logs shows only 1 DNS entry.
- `dig www.internetbadguys.com` shows duplicate requests, but `dig @208.67.220.220 www.internetbadguys.com` shows single request forwarded to umbrella wherein 208.67.220.220 is the umbrella IP address. This proves that the duplication might be taking place somewhere around resolver outbound endpoint.

Any suggestion what could be causing this issue?
Thanks in advance for the help.

Answer

On your VPC Flow logs, are the requests coming from each of the 2 ENI's for the outboud endpoints?

Answer

1. Im curious to know if one of the requests is IPv4 and the other is IPv6?
2. Im wondering also because you have 2 outbound IP ENI's R53 may be default send 2 requests
3. On your VPC Flow logs, are the requests coming from each of the 2 ENI's for the outboud endpoints?

Duplicate DNS requests seen when integration AWS with Cisco Umbrella via R53 resolver outbound endpoint

Relevant content