Sophos DNS host entry fail

Question

We have a public wildcard DNS record configured (*.domain.com) so if someone puts in asdf.domain.com, it will still go to our main website www.domain.com. 
 On the Sophos firewall, I have set up many DNS host entries in Network --> DNS, with the idea these hostnames/URLs will only work while on the VPN. One example, is reports.domain.com, which points to a simple IIS website on a Windows server (192.168.1.100), on the same LAN as the Sophos (192.168.1.1). 
 Our IPSec VPN users are given the IP address the Sophos firewall, for DNS (configured in VPN --> IPsec (remote access) --> DNS Server 1 --> 192.168.1.1). 
 After connecting to the VPN, if I ping reports.domain.com, it resolves to the correct IP of 192.168.1.100. But when I go to reports.domain.com in my browser, it redirects to www.domain.com . 
 NSLOOKUP responds with the correct IP of 192.168.1.100. 
 In powershell, I ran the command Get-NetIPInterface and I confirm the InterfaceMetric for my VPN is 2. The InterfaceMetric for my Wi-Fi is 40. 
 ?.?.?..... what's a guy gotta do here??? 
 At first I thought it was because Chrome and Firefox like to try and be "smart" by automatically putting a "S" in my http request, and because reports.domain.com is only listening on port 80, the request is failing and falling back to the wildcard, which ultimately resolves to www.domain.com. I right-clicked in the address bar and chose the option "Always show full URLs", MANUALLY type in http://reports.domain.com , and it still redirects to httpS://www.domain.com . 
 !@#$%^&*( 
 I am trying to avoid all of us needing to use our local HOSTS file... 
 The DNS IP address configured on the Sophos at Network --> DNS --> DNS Configuration --> Static DNS --> DNS 1 = 127.0.0.1 
 
 [UPDATE]: I cleared all cache, browsing history, etc from Firefox and went to the site http://reports.domain.com . It loaded fine. I disconnected from the VPN and went to http://reports.domain.com , and it redirected to httpS://www.domain.com -- as expected. I reconnected to the VPN and http://reports.domain.com still loads fine. Now, I am not sure how/why it sometimes forwards to httpS://www.domain.com.

dirkkotte · Accepted Answer

With chrome i would think it is using "quick" protocol. 
 The Browser can make it's own DNS-over HTTPs(UDP) requests and bypass proxy/filter for websites. 
 (same as new apple privacy proxy)

LuCar Toni · Answer

Actually, that is not DNS over HTTPs or QUICK. 
 Its HSTS. https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security 
 Basically what the browser does: He remembers a domain to be using HTTPS, and if this is the case, it will automatically redirect to HTTPS all the time, as the browser expects HTTPS all the time to protect the communication. It is basically a feature to prevent a website to "look like https but has some http unprotected elements in it". 
 See: https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/ 
 Thats a browser feature. Not sure if you should disable this tho.

Sophos DNS host entry fail

Top Replies