Skip to main content

298006 - DNS Resolution Failed

Agent error code #298006 indicates that the agent could not resolve the hostname configured for a firewall. The agent attempted to look up the firewall's hostname but the DNS query failed.

This error is distinct from connection refused (#298005) or timeout (#298001) errors, which occur after the hostname has been successfully resolved. A DNS resolution failure means the agent cannot even determine the IP address of the firewall.

Common causes include:

  • The hostname configured in Knocknoc contains a typo or is incorrect
  • The DNS server used by the agent cannot resolve the hostname
  • The firewall uses an internal hostname that is not resolvable from the agent's network
  • DNS service is unavailable or misconfigured on the agent's host

Steps to Resolve

Verify the Hostname

  1. Check the firewall hostname configured in Knocknoc for typos or errors
  2. Confirm the hostname is the correct fully-qualified domain name (FQDN) for the firewall's management interface
  3. If the firewall uses an internal DNS name, ensure it matches exactly what is configured in the internal DNS server

Test DNS Resolution

From the machine running the agent:

  1. Attempt to resolve the hostname using DNS lookup tools (e.g., nslookup or dig on the command line, or a web-based tool like MXToolbox DNS Lookup)
  2. If the lookup fails, the hostname is not resolvable from the agent's network
  3. If the lookup succeeds, verify the returned IP address matches the expected value

Note: Web-based DNS tools test resolution from the public internet. If the firewall uses an internal hostname, the lookup must be performed from the agent's host using command-line tools.

If this fails, check the DNS configuration:

  1. Verify the agent's host has a working DNS configuration
  2. If the firewall uses an internal hostname, ensure the agent's DNS server can resolve internal names
  3. Check that no DNS-related firewall rules are blocking queries from the agent's host

Consider Using an IP Address

If DNS resolution continues to fail:

  1. Configure the firewall backend in Knocknoc using the firewall's IP address instead of its hostname
  2. Ensure the IP address is the management interface address
  3. Note that using IP addresses may require updates if the firewall's IP changes

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top