This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Best Practice

Hello, 

 

I came across this thread https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32566/solved-dns-best-practice#pi2353=2 , and tried to adapt my config like you recommend, but i have some understanding problems how to do the config.

The actual UTM Hostname under System – Settings is FW. UTM give DHCP Config to my LAN Clients, DNS Server on Client is the UTM. Point 1 and 2 is done. Point 2. a/ b is not relevant for me.

 

And here start my questions how to continue:

 

3. Request Routing Domain is then the value for example: 16.172.in-addr.arpa.

When the UTM should do Internal DNS Resolution, do I have to create as Target Server and Host Object with Name / IP Address of the UTM ?

 

4. Do I have before rename the Hostname of my UTM like fw.domain.local and point to Internal UTM IP as Target Server ?

Every Client get via DHCP the Internal IP of the UTM, do I have then also to adapt DHCP Settings -> Edit and add under Domain: domain.local ?

 

5. / 6. I don’t understand what to do here?

 

Thanks a Lot!

 

Best Regards

Sally



This thread was automatically locked due to age.
Parents
  • Since you want to achieve something with DNS dont use Dns-hostnames.

    1.Request route is to resolve local domain. Example printers, clients etc in Active directory

    For domain.local define the server with its IP. Utm will query that ip for domain.local.

    2. When you gibe DHCP you have the option to give local domain name

    3. Hostname in webadmin settings has nothing to do with all this

  • Hello Oldeda,

     

    thanks for your reply. Regarding Request Route, what would be then the best conf when no active Directory is present, just the UTM? My Printer, Clients has the UTMs IP as DNS Server, and under Network Services - DNS - Forwarders i set an DNS Group with defined Hosts Object Google DNS Servers. All my Clients are created as Host Objects, with Hostname and Reverse DNS marked. When checking IPv4 Lease Table, i see the Clients Hostname as [unknown], how can i get the UTM to resolve the Clients Name?

    Thanks 

    Sally 

     

     

  • Just give the name by dhcp domain.local.

    Dont try with.com will not work

  • Hello Oldeda,

     

    added the domain.local under DHCP Settings, do i have also to adapt network definition - host - dns settings - hostname for example windows.domain.local on UTM and also the hostname on the  PC itself? Also change the Hostname for Router / DMZ Hosts to domain.local?

     

    Regarding the Hostname of the UTM itself, if i would use Remote Access, then i would have to change the name to utm.domain.local ?

     

    Thx

    best Regards

    Sally

Reply
  • Hello Oldeda,

     

    added the domain.local under DHCP Settings, do i have also to adapt network definition - host - dns settings - hostname for example windows.domain.local on UTM and also the hostname on the  PC itself? Also change the Hostname for Router / DMZ Hosts to domain.local?

     

    Regarding the Hostname of the UTM itself, if i would use Remote Access, then i would have to change the name to utm.domain.local ?

     

    Thx

    best Regards

    Sally

Children
  • If you use static DHCP is the best way. Just leave the name of the workstation, example pc1.domain.local  to not complicate the thinks.

    Clear the dns cache and ping it.

    About utm hostname.

    If have your own domain and utm.domain.com points to your wan ip, Yes. It will respond with this name for internal requests too

    This is important for Certificates, (webadmin, vpn, etc). Certificates will be regenarated and you can import the new one. After that you will see https in green and even save the password in browser

    I hope to be helpful

  • Thanks, what i still not clear for me, the created host entries under network definitions on the UTM has to be adapted, and all the hostnames of all devices i.e. router, iphone, pc tv have to adapt to name.domain.local?

     

    Or is the DNS domain.local just the DNS Suffix shared via DHCP, and the hostname of the PC can still be just pc1 ?

     

    Thx

    Sally

  • Yes you have to adapt hostnames in network deffinitions with ending domain.local.

    There are more options in DHCP options. But i never tested this options for this purpose.

  • Yes you have to adapt hostnames in network deffinitions with ending domain.local.

    There are more options in DHCP options. But i never tested this options for this purpose.

  • Dont change the name in devices or add the suffix domain.local.

    In host definition under hostname, add the name of the device with the suffix domain.local

  • Perfect, Thanks a Lot Oldeda for your Help!!!

     

    Best Regards

    Sally