This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange DNS behaviour - 53/udp blocked by Sophos

Hello

At first my DNS setup:

  • I have Sophos UTM 9.603-1
  • DynDNS is configured
  • The DNS feature is configured for internal and VPN networks
    • I setup OpenDNS servers as Forwarders
    • No special routes configured
    • Internal DNS resolution works from all networks
  • Internal networks are allowed to access the Internet by any protocol
  • Network traffic to the internet from internal networks is Nat-ed
  • One of my VMs is a DNS server
    • Nameservers of my domain point to my DynDNS addresses
    • DNAT is configured tp forward incoming traffic on 53/udp from the internet to my DNS server VM
      • I had to configure DNAT to translate 53/udp to some other port (54/udp) because otherwise the DNS queries would have gone lost in my Sophos
    • Firewall rule is configured to allow the Nat-ed traffic
      • This configuration works - DNS request reach my VM and are beeing answered correctly

I can live with my DNAT workaround using 54/udp, but I got a second issue.

This configuration works - DNS request reach my VM and are beeing answered correctly
When I want to query DNS from one of my hosts in the internal networks directly to some DNS servers (for example with "nslookup - 8.8.8.8") in the internet, this traffic go to my Sophos and there it is not beeing forwarded to the specified DNS server but is dropped instead. In the Live-Log I can see that the DNS queries are beeing recieved but they are not being blocked (red).

Does anyone have an idea what I can do to fix this? Do you need any further information, details, logs?

Thank you in advance, Nando.



This thread was automatically locked due to age.
Parents Reply Children
No Data