Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 10016 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Best Practice

Sally

Hello, 

 

I came across this thread https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32566/solved-dns-best-practice#pi2353=2 , and tried to adapt my config like you recommend, but i have some understanding problems how to do the config.

The actual UTM Hostname under System – Settings is FW. UTM give DHCP Config to my LAN Clients, DNS Server on Client is the UTM. Point 1 and 2 is done. Point 2. a/ b is not relevant for me.

 

And here start my questions how to continue:

 

3. Request Routing Domain is then the value for example: 16.172.in-addr.arpa.

When the UTM should do Internal DNS Resolution, do I have to create as Target Server and Host Object with Name / IP Address of the UTM ?

 

4. Do I have before rename the Hostname of my UTM like fw.domain.local and point to Internal UTM IP as Target Server ?

Every Client get via DHCP the Internal IP of the UTM, do I have then also to adapt DHCP Settings -> Edit and add under Domain: domain.local ?

 

5. / 6. I don’t understand what to do here?

 

Thanks a Lot!

 

Best Regards

Sally



This thread was automatically locked due to age.
  • 0

    You will have better luck getting answers here when each thread asks a specific question instead of many questions about different, specific issues.  Perhaps you could try again?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Since you want to achieve something with DNS dont use Dns-hostnames.

    1.Request route is to resolve local domain. Example printers, clients etc in Active directory

    For domain.local define the server with its IP. Utm will query that ip for domain.local.

    2. When you gibe DHCP you have the option to give local domain name

    3. Hostname in webadmin settings has nothing to do with all this

  • 0 in reply to Ol Deda

    Hello Oldeda,

     

    thanks for your reply. Regarding Request Route, what would be then the best conf when no active Directory is present, just the UTM? My Printer, Clients has the UTMs IP as DNS Server, and under Network Services - DNS - Forwarders i set an DNS Group with defined Hosts Object Google DNS Servers. All my Clients are created as Host Objects, with Hostname and Reverse DNS marked. When checking IPv4 Lease Table, i see the Clients Hostname as [unknown], how can i get the UTM to resolve the Clients Name?

    Thanks 

    Sally 

     

     

  • 0 in reply to Sally

    Just give the name by dhcp domain.local.

    Dont try with.com will not work

  • 0 in reply to Ol Deda

    Hello Oldeda,

     

    added the domain.local under DHCP Settings, do i have also to adapt network definition - host - dns settings - hostname for example windows.domain.local on UTM and also the hostname on the  PC itself? Also change the Hostname for Router / DMZ Hosts to domain.local?

     

    Regarding the Hostname of the UTM itself, if i would use Remote Access, then i would have to change the name to utm.domain.local ?

     

    Thx

    best Regards

    Sally

  • 0 in reply to Sally

    If you use static DHCP is the best way. Just leave the name of the workstation, example pc1.domain.local  to not complicate the thinks.

    Clear the dns cache and ping it.

    About utm hostname.

    If have your own domain and utm.domain.com points to your wan ip, Yes. It will respond with this name for internal requests too

    This is important for Certificates, (webadmin, vpn, etc). Certificates will be regenarated and you can import the new one. After that you will see https in green and even save the password in browser

    I hope to be helpful

  • 0 in reply to Ol Deda

    Thanks, what i still not clear for me, the created host entries under network definitions on the UTM has to be adapted, and all the hostnames of all devices i.e. router, iphone, pc tv have to adapt to name.domain.local?

     

    Or is the DNS domain.local just the DNS Suffix shared via DHCP, and the hostname of the PC can still be just pc1 ?

     

    Thx

    Sally

  • 0 in reply to Sally

    Yes you have to adapt hostnames in network deffinitions with ending domain.local.

    There are more options in DHCP options. But i never tested this options for this purpose.

  • 0 in reply to Sally

    Yes you have to adapt hostnames in network deffinitions with ending domain.local.

    There are more options in DHCP options. But i never tested this options for this purpose.

  • 0 in reply to Sally

    Dont change the name in devices or add the suffix domain.local.

    In host definition under hostname, add the name of the device with the suffix domain.local

Unfiltered HTML