Split-DNS and RED15

Hi Ryan and welcome to the UTM Community!

What do you learn from doing #1 in Rulz?

Cheers - Bob

Thank you for the Reply Bob.

As you can see in the screenshot I see the SYN entry from Remote Desktop to 192.168.10.6 (one of the Servers in Split-DNS) but that is it. The entries for 192.168.10.4 are a successful connection with Remote Desktop to a Server not in our Split-DNS.

I do have a Firewall Rule setup that allows ANY Service from Source (RED15) to Destination (SG 125) and vice versa that I forgot to mention in my original Post.

So it sounds like this is a routing issue.  Show us a simple stick diagram of your topology including the devices behind the RED, the Interfaces & devices behind the UTM and representative IP addresses.  Also a picture of the Edit of the Server definition in the UTM for the RED.

Cheers - Bob

I hope that works for a Network Diagram. As far as "Server Definition" do you mean the Interface entry as that is what I included. If not, then I'm not sure what you are asking for.

Your diagram indicates that the RED I connected to the UTM via a switch instead of over the Internet - is that right?

The Server definition is on the '[Server] Client Management' tab in 'RED Management'.

Cheers - Bob

It is currently, yes. I just wanted to hook it up and test things before taking it to the site. At the site it will be hooked to a Business Cable modem with a switch off of it.

The UTM Hostname is in an IP format but I didn't want the Public IP known.

"The UTM Hostname is in an IP format but I didn't want the Public IP known."

Replace that with 192.168.10.3 (the IP of "Internal (Address)") and see if you get better mileage.  Ultimately, you will want to use the FQDN of the hostname that you assigned in accordance with The Zeroeth Rule in Rulz.

Cheers -Bob

I had tried that during my initial troubleshooting but for good measure went back and tried both again with no luck.

I think you've proven that it works, so I would urge you to deploy it.  Now, you're just fighting routing problems for no gain.

Cheers - Bob

I think you've proven that it works, so I would urge you to deploy it.  Now, you're just fighting routing problems for no gain.

Cheers - Bob

I went ahead and put in the FQDN of the Hostname for the UTM. I also just went ahead and put the RED15 on our Cable Modem as I forgot we had a spare outside/external IP.

I don't have time this morning to put a device on RED15 and see if the Routing issue is gone. I'll get back to you this afternoon and let you know how things went.

Sorry for just getting back to this, had a bigger issue to deal with.

I still have the Routing issue after putting in the FQDN and putting it on the Cable Modem.

I will say Networking is not my strong suit so do I start on the UTM or elsewhere to figure out the Routing issue?

All of the foregoing was with a note-really-remote RED 15, so I'm unclear.  What are you seeing (good and bad) when the RED 15 is connected to the cable modem? is the topology as follows?

client<-->[RED 15]<-->[cable modem]<-- Internet -->[UTM]<-->Internal network

Also, please show a picture of the Edit of the RED Server definition, the DHCP server definition (if applicable) and the relevant Interface definition.

Cheers - Bob

I am seeing the same situation having the RED15 plugged directly into the Cable Modem as I did plugged into the Switch on the above Network Diagram. I'm still unable to access anything we have setup via Split-DNS.

Current Topology:

Client<-->[RED15]<-->[Cable Modem]<--Internet-->[Cable Modem]<-->[UTM]<-->Internet Network

How about the Server definition for the RED 15?

How is DNS configured differently from DNS best practice?  Is the RED interface "(Network)" object in 'Allowed Networks' for DNS?

Cheers - Bob

When you say the "Server Definition" do you mean the one at '[Server] Client Management' tab in 'RED Management'? If so, that is the first of the 1st screen shots in my Reply before this. If that isn't the correct one then sorry but I'm not sure which one you mean.

This morning I did go back over the DNS Best Practice link. Step #7 doesn't apply (we don't have time out issues nor do we use QoS) nor does Step #8 (we use Standard Mode for the Web Filter). Everything else follows the DNS Best Practice and does not differ in any way. And yes, the RED Interface "(Network)" Object is in the 'Allowed Networks' under the Global tab of DNS.

Actually, Ryan, your post contains two pics of the Interface definition.

Cheers - Bob

Well I feel like an idiot. My apologies for not paying attention, I've corrected the Post.

What does route print on the client behind the RED?  Show the route for 192.168.10.0 255.255.255.0 if there is one.

Cheers - Bob

There is no Route for 192.168.10.0 255.255.255.0 in Active or Persistent