This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS - request route | How to resolve a subset from the internet?

Hi everyone,

i have a change request that some domain names should not be resolved from an internal DNS server but all others should.
This setup is necessary so that one application can work (Skype for Business).

Say we have a partner contract with CompanyA - there are many services like citrix, webmail etc that we are using from this company.
My IT department does not know about these services - just responsible for the VPN connection and the DNS resolution.

Now we have to configure that 

skype.companyA.com
skypeSIP.companyA.com
skypeweb.companyA.com
(and 30 others)

should not be resolved from the internal CompanyA DNS server but the external DNS servers.

Is there any way to set an exception list or do i have to create all network definitions (and keep em updated) at the UTM with the corresponding external internet IPs? (which is the only possiblity i found yet)

Thanks for your help

Stephan



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    As you have internal DNS and your internal DNS server handles all other DNS queries, It would be better to configure DNS forwarders in your DNS server. With DNS forwarder configuration, you should forward external DNS queries to a specific DNS service or host. 

    Thanks,

  • I already have it set up like this.

    The whole "external partner domain" is resolved against their DNS server.

    But now i have to exclude a subset of domains from this partner domain. They should be resolved against another DNS server.

  • Hello Stephan,

    I think you have to go the "DNS/Request Routing" way. This means some work for you, I know.

    For longterm, would suggest to split into DNS sub-domains like internal.companyA.com and external.companyA.com.

    Like that you still have routable public domainnames and could even use companyA.com (without subdomain part).

    But this depends very much on your network design, which I don't know.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Philipp,

    i do not have any possibility to influence the IT of CompanyA. It's a customer of us.
    They told us what to configure to get it work.

    So i stick with request routing and adding the hosts i should resolve against the internet manually to the definitions and update the ip addresses once in a while.

    Was worth a shot.

    Thanks for your help.