|reply to dnoyeB |
Re: Is this legal DNS Query?
If I do a nslookup the computer will send a DNS request for www.fitbit.com with a proper checksum. This gets treated properly. Its when there is no checksum that things get strange.
I have resolved the issue down to my Zyxel USG. It seems to be confused by the lack of a checksum. I think its not opening a session, or prematurely closing it. The DNS reply appears on the WAN side, but the firewall tosses it out and sends the DNS server an ICMP saying it can't find the host...
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard. " Ecclesiastes