Announcement

Collapse
No announcement yet.

Intermittent Client Access Issue – NXFilter Requires Service Restart to Restore Access

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Intermittent Client Access Issue – NXFilter Requires Service Restart to Restore Access

    We are experiencing an intermittent issue with NXFilter and would appreciate your assistance in troubleshooting.

    Issue Summary:
    Clients intermittently cannot access certain websites when using NXFilter for DNS filtering. The issue does not affect all devices equally—some devices work while others cannot access the same site at the same time. Restarting the NXFilter service consistently restores access to the affected URL across all sites.

    Observed Behavior:
    • The issue is intermittent and device-specific.
    • Some iOS client devices are unable to access a site, while others can.
    • Restarting the NXFilter service on the DNS server immediately resolves the issue.
    • After the restart, the previously inaccessible URL works normally for all clients.
    • We are not yet 100% certain whether the correct IP address is always returned during DNS resolution when the issue occurs.

    Environment Details:
    • NXFilter version: 4.6.8.9
    • OS: Linux
    • Deployment type: High Availability (HA)
    • Client types: iOS
    • Upstream DNS forwarders: Cloudflare and Google
    • Scope: Multiple sites affected

    Troubleshooting Already Done:
    • Verified that NXFilter policies/categories are not blocking the affected domains
    • Confirmed that restarting the NXFilter service reliably resolves the issue
    • Issue may reoccur after some time for the same or different domains

    Questions:
    1. Are there any known issues in version 4.6.8.9 related to intermittent access, caching, or HA synchronization?
    2. Could this behavior be related to NXFilter DNS cache, internal state, or HA failover behavior?
    3. What logs or debug settings should we enable to capture more detail when the issue occurs?
    4. Are there configuration changes, patches, or recommended upgrades to address this issue?

    Has anyone else experienced these kinds of issues?
    Tags: None
  • #2
    NxFilter doen't treat iOS client differently. It doesn't have per-client DNS response cache. And yo have only some of iOS clients have such a problem. If it's a NxFilter problem, it can't be only for iOS.

    What do you mean by High Availability deployment? Do you use the built-in clustering of NxFilter or do you install multiple NxFilter in a different way?

    You should use the same upstream servers for all the nodes and they should be from one company. These DNS servers could respond with the different answers if they are not from the same provider.

    Comment

    Previous template Next
    Working...
    X