Howto let Sophos UTM return NXDOMAIN for use-application-dns.net

Hi tomba 

We can not return NXDOMAIN exactly. However, you may create a DNS request route for this domain to a non-existing host and thus the user will not be able to do DNS lookup for this host. Or you may redirect the request to your Internal DNS server and maybe you can configure it over there.

Hi Jaydeep,

Jaydeep said:

Hi tomba 

We can not return NXDOMAIN exactly.

I was afraid of that.

Jaydeep said:

However, you may create a DNS request route for this domain to a non-existing host and thus the user will not be able to do DNS lookup for this host. Or you may redirect the request to your Internal DNS server and maybe you can configure it over there.

 

I tried adding a DNS host which points to a non-existant domain; this does not work (UTM just returns the correct IP addresses) Your suggesting of using a dummy DNS forwarder (at least I think that is what you are suggesting) appears to work though:

C:\Users\tomda>ping use-application-dns.net
Ping request could not find host use-application-dns.net. Please check the name and try again.

The Time-out does take a pretty long time (because I pointed it to an internal IP address that is not in use)

Yes, I meant to suggest using a DNS Request Redirect option under Network Services > DNS > Request Routing Something like this:



And I'm not sure if we can do anything about the timeout.