Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 41 subscribers
  • Views 14633 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Issues.

ChristopherHarr

Just installed the XG came from UTM 9.3, I can't seem to get internal DHCP to add DNS records to the XG device when a computer requests an IP. If I add a manual entry sophos.townhouse.local to 192.168.11.1 it will then resolve. Is there a way to get DHCP to add entries so they resolve automatically? I did set the "LAN" to use internal DNS for the DHCP settings but doesn't seem like its adding anything.

I also have several IPSEC tunnels which are working however, the DNS Request Route does not seem to work. I have an entry for haven2.local with a host of 192.168.1.1 all it does is timeout:
PS C:\Users\Chris> nslookup sophos.haven2.local
Server: sophos.townhouse.local
Address: 192.168.11.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to sophos.townhouse.local timed-out

However the UTM on the other side works fine (at least if i query the static entries I entered into the XG).

I'm excited to use the XG as it seems to be able to keep up with my internet line and I've been bumping up against my 50 IP limit on the UTM. But if these features aren't working it kind of defeats the purpose of the XG. I am running the new MR2 firmware on the XG.



This thread was automatically locked due to age.
  • 0

    Christopher,

    can you show your DNS Requet Route configuration?

    Thanks.

  • 0 in reply to lferrara

    Here is the DNS Request route: 

    Trying to have it forward domains haven2.local to 192.168.1.1

    Here is the host item object:

    Just to make sure the tunnel is up and that the UTM is resolving:

    PS C:\Users\Chris> ping 192.168.1.1

    Pinging 192.168.1.1 with 32 bytes of data:
    Reply from 192.168.1.1: bytes=32 time=22ms TTL=63
    Reply from 192.168.1.1: bytes=32 time=23ms TTL=63

    Ping statistics for 192.168.1.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 23ms, Average = 22ms
    Control-C

    PS C:\Users\Chris> nslookup sophos.haven2.local 192.168.1.1
    Server: UnKnown
    Address: 192.168.1.1

    Name: sophos.haven2.local
    Address: 192.168.1.1

    And showing that the UTM can forward correctly to the XG:

    PS C:\Users\Chris> nslookup nas3.townhouse.local 192.168.1.1
    Server: UnKnown
    Address: 192.168.1.1

    DNS request timed out.
    timeout was 2 seconds.
    Non-authoritative answer:
    DNS request timed out.
    timeout was 2 seconds.
    Name: nas3.townhouse.local
    Address: 192.168.11.10

    Also in my browser I tried to log into the XG using my dns entry I manually entered https://sophos.townhouse.local:4444/ and i got a could not resolve dns:

    DNS just seems to be inconsistent at best:

    PS C:\Users\Chris> nslookup sophos.townhouse.local
    Server: sophos.townhouse.local
    Address: 192.168.11.1

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    Non-authoritative answer:
    DNS request timed out.
    timeout was 2 seconds.
    Name: sophos.townhouse.local
    Address: 192.168.11.1

  • 0 in reply to ChristopherHarr

    Chris,

    connect to XG using SSH, choose option 5 and then 3. Type: tcpdump "port 53" and post the output when you try to ping sophos.haven2.local or any resources on haven2.local.

    Thanks.

  • 0 in reply to lferrara

    tcp dump log attached.

    Fullscreen tcpdump.log Download 
    13:30:19.452186 lo, IN: IP localhost.58380 > localhost.domain: 25486+ A? haven2.ignorelist.com. (39)
13:30:19.452363 lo, IN: IP localhost.domain > localhost.58380: 25486 1/0/0 (55)
13:30:20.226881 Port4, IN: IP 192.168.11.106.53097 > sophos.townhouse.local.domain: 49932+ A? sophos.haven2.local. (37)
13:30:20.228053 lo, IN: IP localhost.52694 > localhost.domain: 38458+ PTR? 1.11.168.192.in-addr.arpa. (43)
13:30:20.228198 lo, IN: IP localhost.domain > localhost.52694: 38458 1/0/0 (79)
13:30:20.228699 lo, IN: IP localhost.52056 > localhost.domain: 7319+ PTR? 106.11.168.192.in-addr.arpa. (45)
13:30:20.228928 lo, IN: IP sophos.townhouse.local.36144 > sophos.townhouse.local.domain: 12373+ PTR? 106.11.168.192.in-addr.arpa. (45)
13:30:21.227537 Port4, IN: IP 192.168.11.106.53097 > sophos.townhouse.local.domain: 49932+ A? sophos.haven2.local. (37)
13:30:21.769142 Port4, OUT: IP sophos.townhouse.local.domain > 192.168.11.106.53097: 49932 ServFail 0/0/0 (37)
13:30:21.769228 Port4, OUT: IP sophos.townhouse.local.domain > 192.168.11.106.63383: 17855 ServFail 0/0/0 (37)
13:30:21.769295 Port4, OUT: IP sophos.townhouse.local.domain > 192.168.11.106.53097: 49932 ServFail 0/0/0 (37)
13:30:21.769329 Port4, OUT: IP sophos.townhouse.local.domain > 192.168.11.106.63383: 17855 ServFail 0/0/0 (37)
13:30:21.769358 Port4, OUT: IP sophos.townhouse.local.domain > 192.168.11.106.63383: 17855 ServFail 0/0/0 (37)
13:30:21.769386 Port4, OUT: IP sophos.townhouse.local.domain > 192.168.11.106.63383: 17855 ServFail 0/0/0 (37)
13:30:21.769428 Port4, OUT: IP sophos.townhouse.local.domain > 192.168.11.106.63383: 17855 ServFail 0/0/0 (37)
13:30:23.254881 Port3, OUT: IP c-24-15-151-136.hsd1.il.comcast.net.2209 > cdns01.comcast.net.domain: 49513+ PTR? 106.11.168.192.in-addr.arpa. (45)
13:30:23.265825 Port3, IN: IP cdns01.comcast.net.domain > c-24-15-151-136.hsd1.il.comcast.net.2209: 49513 NXDomain 0/0/0 (45)
13:30:23.265951 lo, IN: IP localhost.domain > localhost.52056: 7319 NXDomain* 0/0/0 (45)
13:30:23.266023 lo, IN: IP sophos.townhouse.local.domain > sophos.townhouse.local.36144: 12373 NXDomain* 0/0/0 (45)
13:30:23.266978 lo, IN: IP localhost.57750 > localhost.domain: 48263+ PTR? 75.75.75.75.in-addr.arpa. (42)
13:30:23.267114 lo, IN: IP localhost.domain > localhost.57750: 48263 1/0/0 (74)
13:30:23.267570 lo, IN: IP localhost.34918 > localhost.domain: 3792+ PTR? 136.151.15.24.in-addr.arpa. (44)
13:30:23.267696 lo, IN: IP localhost.domain > localhost.34918: 3792 1/0/0 (93)
13:30:24.526415 Port4, IN: IP nas3.townhouse.local.57263 > sophos.townhouse.local.domain: 59417+ AAAA? ipcam4.townhouse.local. (40)
13:30:24.526814 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.57263: 59417 NXDomain* 0/0/0 (40)
13:30:24.527091 lo, IN: IP localhost.42868 > localhost.domain: 38630+ PTR? 10.11.168.192.in-addr.arpa. (44)
13:30:24.527172 Port4, IN: IP nas3.townhouse.local.58790 > sophos.townhouse.local.domain: 47585+ AAAA? ipcam4.townhouse.local. (40)
13:30:24.527375 lo, IN: IP localhost.domain > localhost.42868: 38630 1/0/0 (78)
13:30:24.527509 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.58790: 47585 NXDomain* 0/0/0 (40)
13:30:24.527849 Port4, IN: IP nas3.townhouse.local.60358 > sophos.townhouse.local.domain: 21164+ A? ipcam4.townhouse.local. (40)
13:30:24.528055 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.60358: 21164 NXDomain* 0/0/0 (40)
13:30:24.528396 Port4, IN: IP nas3.townhouse.local.58993 > sophos.townhouse.local.domain: 50040+ A? ipcam4.townhouse.local. (40)
13:30:24.528589 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.58993: 50040 NXDomain* 0/0/0 (40)
13:30:25.041439 Port4, IN: IP nas3.townhouse.local.34902 > sophos.townhouse.local.domain: 26546+ AAAA? ipcam3.townhouse.local. (40)
13:30:25.041806 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.34902: 26546 NXDomain* 0/0/0 (40)
13:30:25.042159 Port4, IN: IP nas3.townhouse.local.46794 > sophos.townhouse.local.domain: 46610+ AAAA? ipcam3.townhouse.local. (40)
13:30:25.042357 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.46794: 46610 NXDomain* 0/0/0 (40)
13:30:25.042703 Port4, IN: IP nas3.townhouse.local.39811 > sophos.townhouse.local.domain: 885+ A? ipcam3.townhouse.local. (40)
13:30:25.042925 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.39811: 885 NXDomain* 0/0/0 (40)
13:30:25.043266 Port4, IN: IP nas3.townhouse.local.55109 > sophos.townhouse.local.domain: 46041+ A? ipcam3.townhouse.local. (40)
13:30:25.043528 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.55109: 46041 NXDomain* 0/0/0 (40)
13:30:25.492567 Port4, IN: IP nas3.townhouse.local.51017 > sophos.townhouse.local.domain: 40980+ AAAA? ipcam5.townhouse.local. (40)
13:30:25.492939 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.51017: 40980 NXDomain* 0/0/0 (40)
13:30:25.493290 Port4, IN: IP nas3.townhouse.local.36491 > sophos.townhouse.local.domain: 13143+ AAAA? ipcam5.townhouse.local. (40)
13:30:25.493516 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.36491: 13143 NXDomain* 0/0/0 (40)
13:30:25.493862 Port4, IN: IP nas3.townhouse.local.56323 > sophos.townhouse.local.domain: 53659+ A? ipcam5.townhouse.local. (40)
13:30:25.494085 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.56323: 53659 NXDomain* 0/0/0 (40)
13:30:25.494432 Port4, IN: IP nas3.townhouse.local.35148 > sophos.townhouse.local.domain: 51938+ A? ipcam5.townhouse.local. (40)
13:30:25.494651 Port4, OUT: IP sophos.townhouse.local.domain > nas3.townhouse.local.35148: 51938 NXDomain* 0/0/0 (40)
13:30:28.481138 Port4, IN: IP 192.168.11.106.60879 > sophos.townhouse.local.domain: 8281+ A? nas1.haven2.local. (35)
13:30:28.481605 Port3, OUT: IP c-24-15-151-136.hsd1.il.comcast.net.62722 > 192.168.1.1.domain: 4649+ A? nas1.haven2.local. (35)
13:30:28.482183 lo, IN: IP localhost.58761 > localhost.domain: 53300+ PTR? 1.1.168.192.in-addr.arpa. (42)
13:30:28.482417 lo, IN: IP sophos.townhouse.local.58173 > sophos.townhouse.local.domain: 15969+ PTR? 1.1.168.192.in-addr.arpa. (42)
13:30:29.481760 Port4, IN: IP 192.168.11.106.60879 > sophos.townhouse.local.domain: 8281+ A? nas1.haven2.local. (35)
13:30:30.482346 Port4, IN: IP 192.168.11.106.60879 > sophos.townhouse.local.domain: 8281+ A? nas1.haven2.local. (35)
13:30:30.811586 Port4, IN: IP 192.168.11.101.15940 > sophos.townhouse.local.domain: 30872+ A? pbx1.haven2.local. (35)
13:30:30.811930 Port3, OUT: IP c-24-15-151-136.hsd1.il.comcast.net.63988 > 192.168.1.1.domain: 12773+ A? pbx1.haven2.local. (35)
13:30:31.505191 Port3, OUT: IP c-24-15-151-136.hsd1.il.comcast.net.2753 > cdns01.comcast.net.domain: 36011+ PTR? 1.1.168.192.in-addr.arpa. (42)
13:30:31.505374 Port3, OUT: IP c-24-15-151-136.hsd1.il.comcast.net.3247 > 192.168.1.1.domain: 23466+ A? nas1.haven2.local. (35)
13:30:31.516367 Port3, IN: IP cdns01.comcast.net.domain > c-24-15-151-136.hsd1.il.comcast.net.2753: 36011 NXDomain 0/0/0 (42)
13:30:31.516496 lo, IN: IP localhost.domain > localhost.58761: 53300 NXDomain* 0/0/0 (42)
13:30:31.516571 lo, IN: IP sophos.townhouse.local.domain > sophos.townhouse.local.58173: 15969 NXDomain* 0/0/0 (42)
13:30:31.517300 lo, IN: IP localhost.43370 > localhost.domain: 65235+ PTR? 101.11.168.192.in-addr.arpa. (45)
13:30:31.517535 lo, IN: IP sophos.townhouse.local.46579 > sophos.townhouse.local.domain: 61308+ PTR? 101.11.168.192.in-addr.arpa. (45)
13:30:32.281484 lo, IN: IP localhost.37635 > localhost.domain: 11981+ A? resolver1.ast.ctmail.com. (42)
13:30:32.281484 lo, IN: IP localhost.35864 > localhost.domain: 26393+ A? resolver1.ast.ctmail.com. (42)
13:30:32.281682 lo, IN: IP localhost.domain > localhost.37635: 11981 2/0/0[|domain]
13:30:32.281809 lo, IN: IP localhost.domain > localhost.35864: 26393 2/0/0[|domain]
13:30:32.282310 lo, IN: IP localhost.40648 > localhost.domain: 17837+ A? resolver2.ast.ctmail.com. (42)
13:30:32.282309 lo, IN: IP localhost.54356 > localhost.domain: 16910+ A? resolver2.ast.ctmail.com. (42)
13:30:32.282466 lo, IN: IP localhost.domain > localhost.54356: 16910 2/0/0[|domain]
13:30:32.282624 lo, IN: IP localhost.domain > localhost.40648: 17837 2/0/0[|domain]
13:30:32.283087 lo, IN: IP localhost.36639 > localhost.domain: 46715+ A? resolver3.ast.ctmail.com. (42)
13:30:32.283234 lo, IN: IP localhost.domain > localhost.36639: 46715 2/0/0[|domain]
13:30:32.283534 lo, IN: IP localhost.33312 > localhost.domain: 9635+ A? resolver3.ast.ctmail.com. (42)
13:30:32.283682 lo, IN: IP localhost.domain > localhost.33312: 9635 2/0/0[|domain]
13:30:32.284094 lo, IN: IP localhost.53548 > localhost.domain: 35464+ A? resolver4.ast.ctmail.com. (42)
13:30:32.284239 lo, IN: IP localhost.domain > localhost.53548: 35464 2/0/0[|domain]
13:30:32.284526 lo, IN: IP localhost.45912 > localhost.domain: 22493+ A? resolver4.ast.ctmail.com. (42)
13:30:32.284675 lo, IN: IP localhost.domain > localhost.45912: 22493 2/0/0[|domain]
13:30:32.285121 lo, IN: IP localhost.54641 > localhost.domain: 7862+ A? resolver5.ast.ctmail.com. (42)
13:30:32.285270 lo, IN: IP localhost.domain > localhost.54641: 7862 2/0/0[|domain]
13:30:32.285639 lo, IN: IP localhost.48322 > localhost.domain: 52582+ A? resolver5.ast.ctmail.com. (42)
13:30:32.285768 lo, IN: IP localhost.domain > localhost.48322: 52582 2/0/0[|domain]
13:30:32.482853 Port4, IN: IP 192.168.11.106.60879 > sophos.townhouse.local.domain: 8281+ A? nas1.haven2.local. (35)
13:30:32.529424 lo, IN: IP localhost.59733 > localhost.domain: 61937+ A? iprep1.t.ctmail.com. (37)
13:30:32.529574 lo, IN: IP localhost.domain > localhost.59733: 61937 2/0/0[|domain]
13:30:32.530031 lo, IN: IP localhost.55234 > localhost.domain: 62856+ A? iprep2.t.ctmail.com. (37)
13:30:32.530170 lo, IN: IP localhost.domain > localhost.55234: 62856 2/0/0[|domain]
13:30:32.530622 lo, IN: IP localhost.34306 > localhost.domain: 25566+ A? iprep3.t.ctmail.com. (37)
13:30:32.530761 lo, IN: IP localhost.domain > localhost.34306: 25566 2/0/0[|domain]
13:30:32.531209 lo, IN: IP localhost.38236 > localhost.domain: 13145+ A? iprep4.t.ctmail.com. (37)
13:30:32.531444 lo, IN: IP sophos.townhouse.local.12560 > sophos.townhouse.local.domain: 2752+ A? ipres.4.geo.ctmail.com. (40)
13:30:33.838851 Port3, OUT: IP c-24-15-151-136.hsd1.il.comcast.net.56981 > 192.168.1.1.domain: 46998 A? pbx1.haven2.local. (35)
13:30:34.542792 Port3, OUT: IP c-24-15-151-136.hsd1.il.comcast.net.31542 > cdns01.comcast.net.domain: 53031+ PTR? 101.11.168.192.in-addr.arpa. (45)
13:30:34.553129 Port3, IN: IP cdns01.comcast.net.domain > c-24-15-151-136.hsd1.il.comcast.net.31542: 53031 NXDomain 0/0/0 (45)
13:30:34.553274 lo, IN: IP localhost.domain > localhost.43370: 65235 NXDomain* 0/0/0 (45)
13:30:34.553350 lo, IN: IP sophos.townhouse.local.domain > sophos.townhouse.local.46579: 61308 NXDomain* 0/0/0 (45)
13:30:34.862782 Port3, OUT: IP c-24-15-151-136.hsd1.il.comcast.net.30623 > 192.168.1.1.domain: 9391 A? pbx1.haven2.local. (35)
13:30:34.977526 Port4, IN: IP 192.168.11.104.14248 > sophos.townhouse.local.domain: 37579+ A? pbx1.haven2.local. (35)
13:30:34.978247 lo, IN: IP localhost.41284 > localhost.domain: 15883+ PTR? 104.11.168.192.in-addr.arpa. (45)
13:30:34.978475 lo, IN: IP sophos.townhouse.local.47521 > sophos.townhouse.local.domain: 25871+ PTR? 104.11.168.192.in-addr.arpa. (45)
13:30:35.129004 Port4, IN: IP 192.168.11.58.59792 > sophos.townhouse.local.domain: 2+ A? time.nist.gov. (31)

    I tried to ping sophos.haven2.local and then i tried to ping nas1.haven2.local both are valid names.

    PS C:\Users\Chris> ping sophos.haven2.local
    Ping request could not find host sophos.haven2.local. Please check the name and try again.
    PS C:\Users\Chris> ping nas1.haven2.local
    Ping request could not find host nas1.haven2.local. Please check the name and try again.

  • 0 in reply to ChristopherHarr

    Chri,

    are you trying to ping from 192.168.11.106? What DNS are you using on the PC where pings come from?

    Where is the 192.168.1.1 located?

    Thanks.

  • 0 in reply to lferrara

    Sorry for the delay.

    Office2(PC) ----- XG -----IPSEC----- UTM ---- NAS2

    office2 (192.168.11.106) DNS: 192.168.11.1

    XG (192.168.11.1 sophos.townhouse.local)

    UTM (192.168.1.1 sophos.haven2.local)

    Nas1 (192.168.1.12 nas1.haven2.local) DNS: 192.168.1.1

    Office2 is trying to ping the UTM or Nas1 if I do it by lookup it fails. If I do it by IP it pings fine:

    PS C:\Users\Chris> ping 192.168.1.1

    Pinging 192.168.1.1 with 32 bytes of data:
    Reply from 192.168.1.1: bytes=32 time=28ms TTL=63
    Reply from 192.168.1.1: bytes=32 time=22ms TTL=63
    Reply from 192.168.1.1: bytes=32 time=34ms TTL=63
    Reply from 192.168.1.1: bytes=32 time=27ms TTL=63

    Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 34ms, Average = 27ms
    PS C:\Users\Chris> ping sophos.haven2.local
    Ping request could not find host sophos.haven2.local. Please check the name and try again.

    PS C:\Users\Chris> ping 192.168.1.12

    Pinging 192.168.1.12 with 32 bytes of data:
    Reply from 192.168.1.12: bytes=32 time=23ms TTL=62
    Reply from 192.168.1.12: bytes=32 time=22ms TTL=62
    Reply from 192.168.1.12: bytes=32 time=21ms TTL=62
    Reply from 192.168.1.12: bytes=32 time=24ms TTL=62

    Ping statistics for 192.168.1.12:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 24ms, Average = 22ms
    PS C:\Users\Chris> ping nas1.haven2.local
    Ping request could not find host nas1.haven2.local. Please check the name and try again.

    If i force the lookup to use the UTM which the (DNS Request Route should be doing) the UTM returns fine so it is working:

    PS C:\Users\Chris> nslookup nas1.haven2.local 192.168.1.1
    Server: UnKnown
    Address: 192.168.1.1

    Name: nas1.haven2.local
    Address: 192.168.1.12

    It's like DNS is just broken on the XG. Like I said DHCP is not adding records automatically like the UTM does and the DNS forwarding doesn't seem to work either.

Unfiltered HTML