This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

what is the DNS Forwarder sequence with multiple servers

Hi,

If I configure the ISP DNS servers in DNS>Forwarders, in which order will SG 9.7xx use them?

I've read 10 year old posts here where one is saying alphabetical rule matters, others say, they found out that the shortest response time wins. Whats true today?

I ask to plan a setting with multiple WAN lines from different ISP where every ISP only allows DNS requests to their resolver from their own leased IP range. Do not want to use Open DNS.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    When you configure Forwarders > DNS Forwarders and select ISP DNS servers, all the DNS queries will be forwarded to your ISP's DNS servers. When this check box is selected, your ISP's automatically assigned forwarders will be listed there in the box. 

    With the ISP DNS servers, Whatever DNS server response first to DNS query will be used first; it will then use the other servers. 

    Thanks,

  • Hello ,

    thanks for your reply. It still leaves some questions.

    first about the actual order of manual configured DNS servers with "use ISP DNS servers" deselected

    and second how the SG will behave in the described case of two different ISP WAN lines, when DNS server of WAN1 will not accept queries from WAN2 interface and vice versa.

  • Hallo,

    If you follow the recommendations in DNS best practice, you might not have these questions.   Even if not using the SMTP Proxy, I prefer to use an Availability Group instead of using the ISP's name servers.  That lets you order the Forwarders based on response-time in your location.  I believe that there's no preference for any server if an Availability Group is not used.

    What I don't know is whether selecting 'Use forwarders assigned by ISP' selects an appropriate DNS server for each ISP - Harsh?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for the link to your DNS best practice. Probably in my case "Availability Group" is the magic word.

    I can only use ISP DNS if connected using DHCP. This is not the case here where static IPs are used.