WatchGuard Support Center

Knowledge Base - Article

000017715
 Troubleshoot two DNSWatch accounts using the same public IP address

Information
If you have two DNSWatch accounts using the same public IP address, you may receive a DNS-server address error. 

For example:

failed to obtain DNS-server addresses: cidr '203.0.113.10/32' overlaps with one already in use by another client: retrying in 60 seconds

The error in this example indicates that the Firebox is successfully registered, but the Firebox could not get a DNS server address because the public IP address of the Firebox is already associated with a Firebox registered to a different DNSWatch account.

Note: The same public IP address cannot be associated with Fireboxes activated for two different accounts in the WatchGuard Portal.

If you enable DNSWatch on Fireboxes activated in two different WatchGuard Portal accounts, and those Fireboxes use the same public IP address, DNSWatch associates the public IP address with the first Firebox that successfully registered with DNSWatch. Any other Firebox with the same public IP address that is registered to a different DNSWatch account receives this error and does not receive the IP address of DNSWatch DNS servers.
To resolve this error, make sure no other Fireboxes that use the same public IP address are activated to a different account in the WatchGuard Portal. 

If you cannot deactivate an IP address from one of your accounts, contact Technical Support for assistance.


For more information, see Troubleshoot DNSWatch on a Firebox.