This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN DNS Resolution always resolves same external ip

Hi Sophos Forum :)

I´ve been stuck with configuring VPN DNS and the error is recurring for several firewalls now. I cannot tell if it has something todo with the V18 migration but presumably it worked quite a while.

My issue:


I´ve setup SSL Client VPN with the usual DHCP Pool 10.81.235 and DNS of the internal firewall interface.

The firewall WAN Interface uses Google DNS.

When nslookup it adds another dns suffix from my LAN and always resolves in an external IP adress rather than the internal server

For example

nslookup resolves in

This is the case for any host I query.

Expected is

As there is no DNS Server like ADDNS the server requested is added to the firewalls DNS entry without FQDN but its not different from firewalls where the internal server is used for DNS.

I´fe seen this on a couple of managed firewalls already but can´t figure the reason. Its really stranged that this external Ip resolves all the time.


Any hint is much appreciated.


Thanks! Marc

This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    then how does the DNS know to use 10.x.x.x if you have not created it in the internal DNS, it will only see the external address.


    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Understand, let me explain it from my view


    The XG, lets say runs the only dns available for internal clients.


    From DHCP for SSL VPN I configure for clients

    From the XG I add the with

    From my understanding the SSLVPN client uses his configured primary dns to resolve using the firewalls ip as dns server.

    Am I missing something?


    Thanks, Marc

  • Hi Marc,

    maybe I am missing something in your explanation, how does the URL associate to the IP address?

    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    If a post solves your question use the 'This helped me' link.
  • From the internal dns A record I set in the XG.

    So the XG knows the IP from a static record for the URL.

    Thats what actually works without issues but for certain firewalls the dns gets an additional dns domain name like explained above