Hello all,I am currently trying to configure Sophos xg to replace my Fritzbox.From problems with certificates, I have become aware that my DNS resolution for internal hosts and the xg itself is not working.Currently I have only a test client, which has the xg entered as the default gateway and DNS server.When accessing blocked websites I always had problems with the certificate and had read somewhere that I should choose the hostname of the firewall as redirection page so that there are no problems with the CN.Here I found out that I can not make a ping on the name of the XG. Now I added the XG as DNS-HOST, but it still does not work. Also other host, which are meanwhile also registered as DNS host I can not reach via ping.Does anyone have an idea what I have configured wrong?Many greetingsMarc
the first step would be to check if DNS is allowed on the Zone.
An other useful thing is packet capture
you can see if and probably why something like DNS is blocked
DNS is enabled in the zone LAN
Here is the result from the packet capture. Where can I see here if it has been blocked?
Here is the result of nslookup:
nslookup schneckenxgDNS request timed out. timeout was 2 seconds.Server: UnKnownAddress: 172.16.0.2Nicht autorisierende Antwort:DNS request timed out. timeout was 2 seconds.Name: schneckenxgAddress: 172.16.0.2
172.16.0.2 is the LAN Interface172.16.3.103 is the client
please try adding you XG into the Network -> DNS -> DNS host entry table.
DNS Host was already added:
Any other idea?
Please post a copy of your DNS setup, there appears to be an issue with the XG DNS configuration. Also check the DNS setting on your test device.
hopefully here are all the information:
Have I forgotten a configuration? I'm currently having a bit of trouble with the configuration. I had administered an asg8 years ago.
thank you for all there screenshots.
The XG should be using an external DNS, where you would add the XG as an internal DNS is in the DHCP settings.
Hello Ian,is it not possible to have only the XG as DNS server?
Yes, it is but on the internal side not the external side. You need to provide some external DNS access to resolve lookups.
thanks for the answer
Doesn't the lookup of external names work automatically via the WAN interface? I am not sure what I need to change.
Sorry for possible stupid questions.
But, you have told the WAN interface to use the internal address of the XG as its lookup.
In the DNS settings change the DNS to use DHCP settings for the WAN interface or used fixed as you have.
I have mine set to use my ISP's DNS IP4 and IPv6, alot of people use 220.127.116.11 or 18.104.22.168 or 22.214.171.124 which are a mix of Google and Cloudflare DNS.
now I changed DNS 1 to 126.96.36.199 and the dns query configuration
The network configuration on my client looks like this:
IPv4-Adresse . . . . . . . . . . : 172.16.3.100 Subnetzmaske . . . . . . . . . . : 255.255.248.0 Standardgateway . . . . . . . . . : 172.16.0.2 (XG) DNS-Server . . . . . . . . . . . : 172.16.0.2(XG)
Unfortunately, it still doesn't work. Even ipconfig /flushdns on the client does not help.