Back to All Scenarios
PASSEDnetwork / dns_failure
DNS Resolution Failing — Upstream Resolver Unreachable
The local DNS resolver cannot reach upstream DNS servers. All external DNS queries timing out. Internal zone resolution still working.
Pattern
FIREWALL_RULE_BLOCK
Expected: DNS_FAILURE
Severity
HIGH
Confidence
68%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | DNS_FAILURE | FIREWALL_RULE_BLOCK | |
| Severity Assessment | CRITICAL | HIGH | |
| Incident Correlation | N/A | None | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
Ubuntu 22.04 running BIND 9. Upstream forwarders 8.8.8.8 and 8.8.4.4 unreachable due to firewall rule change. Internal zones (.corp.local) resolving fine. External resolution broken.
Injected Error Messages (1)
DNS resolution failure — BIND unable to reach upstream forwarders 8.8.8.8 and 8.8.4.4, all external DNS queries timing out (SERVFAIL), internal zones resolving normally, firewall rule blocking UDP 53 outbound
Neural Engine Root Cause Analysis
Firewall rule block detected — legitimate traffic is being denied by a firewall ACL or security policy. This may be caused by an overly restrictive rule, a recent policy change, or an implicit deny catching traffic that should be permitted. Blocked traffic can prevent application connectivity, break integrations, and disrupt business operations.
Remediation Plan
1. Identify the specific firewall rule or ACL entry causing the block from the firewall logs (note rule ID, source, destination, port).
2. Verify whether the traffic should be permitted — confirm with the application owner or network documentation.
3. If the block is a false positive, create or modify a firewall rule to allow the traffic with the principle of least privilege.
4. Check for recent firewall policy changes that may have inadvertently blocked the traffic.
5. Test the fix by re-initiating the blocked connection and verifying it passes through the firewall.
Improvements Applied
- Pattern classified as FIREWALL_RULE_BLOCK (expected DNS_FAILURE)
- Severity: HIGH (expected CRITICAL)
Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnoopv001zlig7nyd76z0c