Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changing DHCP DNS for LAN Clients to Internal Windows DNS


XGS2300 is our DHCP Server. Currently, DNS settings under Network > DHCP > Default_DHCP_Server are the gateway itself for the Primary, and our ISP for the secondary DNS Servers. Works fine.

Our external DNS servers (Network > DNS) are our ISP's servers.

Devices with static IPs (servers, etc) use our DCs for DNS (well, 2 actually, for redundancy, so DC1 and DC2) so they can be on our internal domain.

The DCs' forwarders are the gateway LAN address itself followed by our ISP.

We need to put client machines on the internal domain, so I need them to likewise use the Windows Servers for DNS.

If I change the primary DNS under Network > DHCP > Default_DHCP_Server to DC1 and the secondary to DC2, that will ONLY change the DNS server being used by DHCP clients, correct? It won't affect the DNS server the gateway itself uses or create some sort of loop for the gateway or clients?

My logic being, the client will ask the DCs for an address. If unknown, the DC will ask the gateway which will pass it along to the ISP. This is for external hosts, obviously. I have static internal addresses already set under Network > DNS > DNS Host Entry and under the DC's DNS Forward Lookup Zones.



This thread was automatically locked due to age.
  • Hi  Yes your understanding is correct with reference to DNS settings inside Network > DHCP > Click on DHCP Server > DNS server ==> This is going to be set as in DNS to end clients that are getting an IP address via DHCP method from XG DHCP Server. 

    Your DC will forward it to a defined DNS forwarder if it does not have any answer on it which will be a kind of Internet traffic on the firewall for DNS query and will be routed by the firewall via required rules from the Zone of DC (LAN/DMZ) to WAN.

    (Network > DNS) settings are going to be used if any end machine's DNS IP is set with Firewall LAN IP and Firewall will do a lookup with those DNS IPs which are set under (Network > DNS) for any such system's DNS query as well as for its own generated DNS query.


    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • Thank you so much! Whenever I mess with DNS I'm worried I'd encounter yet another new aspect of it. 

Reply Children
No Data