Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 5490 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question Sophos UTM as Internal DNS Server with Domain.local

Sally

Hello,

I have some questions to the DNS Best Practice Configuration https://community.sophos.com/kb/en-us/120283 as I use the UTM with domain.local

 

Hostname: mysophos

 

Network Definitions:

Name: mysophos

Type: Host

IP: 192.168.0.1

DNS Settings: mysophos.domain.local

Reverse DNS: marked

 

All other Devices like Laptop, Printer, Access Point in DMZ, etc. are created as Host Definitions.

 

Network Services DNS

Allowed Networks:

Internal Network

DMZ Network

 

DNS Forwarders:

DNS Group – Availability Group with Cloudflare DNS 1 and Cloudflare DNS 2

User Forwarders by ISP – not checked

 

Request Routing:

domain.local to mysophos

 

My questions, with the setting request Routing domain.local to mysophos and created host definitions would this be enough for the internal dns resolution or do I have to add the 168.192.in-addr.arpa record for all networks as well, or just when I would like to have the names instead of ip address in the reports? Would this be the fastest way for Internal DNS Resolution with the UTM?

 

How can I check that the created DNS Forwarders to Cloudflare are working correct?

 

Thx



This thread was automatically locked due to age.
Parents
  • 0

    For others that pass by this thread, I recommend the DNS best practice post from which the KB article linked to above was copied.  The post is updated regularly, but the KB is rarely updated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello,

     

    still have the issues with the forwarders, when using Policy Route Internal Network - Any - Internet Ipv4 - External (WAN), the forwarders from the ISP are taken, instead the Cloudflare Forwarders in the DNS Forwarder Availability Group..

     

    Any suggestion? 

     

    Thx

    Sally

     

  • 0 in reply to Sally

    Please show a picture of the DNS Forwarders box with the Host for Cloudflare DNS open in Edit.  Also, a picture of the Edit of the Policy Route.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

     

    please see here the Information. Regarding Policy Route I meant Multipath Rule

     

     

    Best regards

    Sally

  • 0 in reply to Sally

    Now, how about pictures of the 'DNS Forwarders' tab, the 'Request Routing' tab and the enabled rules on the 'Multipath Rules' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Please see here

     

     

     

     

  • 0 in reply to Sally

    Confirm that the DMZ and Internal networks are in 'Allowed Networks' on the 'DNS' 'Global' tab.

    I assume that you did that, so the only remaining issue is DHCP - please show pictures of the Edits of the DHCP servers for your networks.

    Cheers - Bob
    PS, I assume you have only one WAN connection since you only showed us one Multipath rule - is that right?

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Sally

    Confirm that the DMZ and Internal networks are in 'Allowed Networks' on the 'DNS' 'Global' tab.

    I assume that you did that, so the only remaining issue is DHCP - please show pictures of the Edits of the DHCP servers for your networks.

    Cheers - Bob
    PS, I assume you have only one WAN connection since you only showed us one Multipath rule - is that right?

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML