Thanks for sharing. I have noticed where DNS will stop resolving certain domains like splunk.com. I have to log in and flush the resolver cache and it immediately clears up. After it was pointed out that I was using the wrong action for the proxy action=drop instead of action=block I was able to identify a bunch of block events during some of the times I noted above and all were status 502, message "host not found". I'll stand by on the lookout for a patch/resolution.
↧