Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS request to DNS over Site2Site VPN

Hello!

We are using a Hardware Firewall XGS-2100 to connect to two datacenters running our AD Controller there. The AD is also our DNS Server.

This worked fine for a long time. For some reason one of the VPN stopped working and one of the AD Controller was not reachable anymore.

 

Since the XG2100 is used to handle the DNS requests of the clients. It turned out that not every request was answered anymore.

 

So this lead to the following questing:

Is the Firewall not caching any DNS data for client requests? Is it only relaying the request to the DNS set in the configuration?

And since I still had a working AD Controller why was the request not sent to the working one? Is this just a randomly forwarding the request? So if one DSN server is down will request be still sent to this and fail?

Thanks! 

Christian



This thread was automatically locked due to age.
Parents
  • Hello Christian,

    I had the observation in an older release of SFOS, that the DNS request did always "stick" to the first DNS it has already reached. When this came offline, it didn't try to contact the other DNS-Servers. Talking about DNS request route entrie here.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello Christian,

    I had the observation in an older release of SFOS, that the DNS request did always "stick" to the first DNS it has already reached. When this came offline, it didn't try to contact the other DNS-Servers. Talking about DNS request route entrie here.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data