This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN DNS Resolution always resolves same external ip

Hi Sophos Forum :)

I´ve been stuck with configuring VPN DNS and the error is recurring for several firewalls now. I cannot tell if it has something todo with the V18 migration but presumably it worked quite a while.

My issue:

 

I´ve setup SSL Client VPN with the usual DHCP Pool 10.81.235 and DNS of the internal firewall interface.

The firewall WAN Interface uses Google DNS.

When nslookup server.domain.com it adds another dns suffix from my LAN and always resolves in an external IP adress rather than the internal server

For example

nslookup server.domain.com resolves in server.domain.com.domainB.com 81.17.22.33

This is the case for any host I query.

Expected is 10.20.0.5

As there is no DNS Server like ADDNS the server requested is added to the firewalls DNS entry without FQDN but its not different from firewalls where the internal server is used for DNS.

I´fe seen this on a couple of managed firewalls already but can´t figure the reason. Its really stranged that this external Ip resolves all the time.

 

Any hint is much appreciated.

 

Thanks! Marc



This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    then how does the DNS know to use 10.x.x.x if you have not created it in the internal DNS, it will only see the external address.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Understand, let me explain it from my view

     

    The XG, lets say 10.20.0.254 runs the only dns available for internal clients.

     

    From DHCP for SSL VPN I configure 10.20.0.254 for clients

    From the XG I add the server.domain.com with 10.20.0.1

    From my understanding the SSLVPN client uses his configured primary dns to resolve using the firewalls ip as dns server.

    Am I missing something?

     

    Thanks, Marc

  • Hi Marc,

    maybe I am missing something in your explanation, how does the URL associate to the IP address?
    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • From the internal dns A record I set in the XG.

    So the XG knows the IP from a static record for the URL.

    Thats what actually works without issues but for certain firewalls the dns gets an additional dns domain name like explained above

    server.domain.com.seconddomain.com