Duplicate DNS requests seen when integration AWS with Cisco Umbrella via R53 resolver outbound endpoint

0

I've integrated my AWS Infra (with very basic services - VPC, subnets, IGW and nat gw) to Cisco Umbrella via R53 resolver outbound endpoint and Resolver Rule. But we see Duplicate dns requests getting forwarded to Cisco Umbrella. Cisco Team has confirmed that they see 2 requests coming from the source.

On the AWS end, we've tried the below -

  • Did the packet capture on EC2 instance, but see single request and response.
  • On VPC flow logs, we see 2 requests and response with a small time window gap, assuming it's corresponding to the same request, since we do not have anything else running on AWS on that specific region.
  • R53 query logs shows only 1 DNS entry.
  • dig www.internetbadguys.com shows duplicate requests, but dig @208.67.220.220 www.internetbadguys.com shows single request forwarded to umbrella wherein 208.67.220.220 is the umbrella IP address. This proves that the duplication might be taking place somewhere around resolver outbound endpoint.

Any suggestion what could be causing this issue? Thanks in advance for the help.

Juhi
已提問 1 年前檢視次數 291 次
2 個答案
0
  1. Im curious to know if one of the requests is IPv4 and the other is IPv6?
  2. Im wondering also because you have 2 outbound IP ENI's R53 may be default send 2 requests
  3. On your VPC Flow logs, are the requests coming from each of the 2 ENI's for the outboud endpoints?
profile picture
專家
已回答 1 年前
  • Unfortunately , no. It's 2 IPv4 requests (A records) .

  • Just updated question also..

0

On your VPC Flow logs, are the requests coming from each of the 2 ENI's for the outboud endpoints?

profile picture
專家
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南