ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

DNS traffic may be blocked at client when Endpoint Protection is installed

book

Article ID: 162178

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

DNS traffic may be blocked at client when Symantec Endpoint Protection (SEP) is installed. There is a built-in SEP firewall rule "Enable Smart DNS" that should allow DNS traffic automatically without the need for explicit rules; even though this feature is enabled DNS traffic is sometimes seen as blocked in logs by the "Block all other traffic" rule.

Cause

The SEP Smart DNS feature sometimes does not correctly recognize and allow DNS traffic if the packets are using DNS compression. This has been fixed in SEP 12.1 RU6.

Resolution

Upgrade to SEP 12.1 RU6.

If an upgrade is not possible then as a work-around create a firewall rule that explicitly allows DNS traffic. Disabling Smart DNS is not necessary for the work-around, and leaving it enabled is best in case clients are upgraded to RU6 and the explicit rule is removed.

Note that Smart DNS will never block anything; it is an “allow” mechanism only, and anything it doesn’t allow is handled by other firewall rules.