Sophos XGS 116w - DNS Request Route

Question

A customer site has a 2nd gateway that is required to access one of their vendor's systems. Our Sophos XGS has static routes in place to direct any traffic intended for the vendor network to the 2nd router. Rather than adding host entries for the vendor in the DNS config I'm trying to set up a DNS request route that points to the vendors DNS servers, thus future proofing the setup against any IP address changes on the vendor's end. 
 Unfortunately its not resolving the URLs. I've added the base domain to the DNS request route section and the target DNS servers which I had set up in the hosts section.

Vishal_R · Answer

Hi Clawcity Do you have any clue from TCPDUM on the DNS service port to see cpn.vwg domain query requests are going out via the expected Gateway or not? if it is routing via expected GW in TCPDUMP, are you getting a reply packet or not for the same DNS queries by DNS1 or DNS2 set by you in the host?

If Multiple WAN Gateways are there I would suggest adding an SD-WAN route for the required domain/FQDN/Host to route the query for DNS protocol via the required ISP as it may be possible DNS query above is getting out via another Gateway which is not knowing the answer for it!

Sophos XGS 116w - DNS Request Route

Top Replies