Availability Groups and internal DNS resolution by UTM as DNS server

Hi all,

at first I wish you all a happy new year.

I'm using the latest UTM release and want to test the Availability Group in the Network Definitions.

My use case: I'm accessing my file server by using an alternate DNS name, added to the host object of the file server in the Network Definitions of the UTM so that this name can be resolved by the UTM which is the DNS server for my internal network. This is working fine. Now I'm thinking about setting up a second file server which should be reachable by the same name when the primary file server is unavailable.

For this, an Availability Group is a good way. I have no need for load balancing which doesn't work for services running in the same network where the clients systems are connected to.

I tried this out by deleting the alternate name from the host object in the Network Definitions and then set up an Availability Group using this alternate name with adding the two hosts which are used as file servers. The resolution of the Availbality Group to the host IP address works perfect and changes by changing the sequence of the hosts. But if trying to access the file server by the name of the Availability Group doesn't work. Doing a 'nslookup' on the client shows the UTM as DNS server but the name can't be resolved by the UTM. Is this a behavior of the UTM by design? Are Availability Groups not resolved as DNS names in the UTM? What do I have to set up for getting my use case working?

Thank you and kind Regards

TheExpert



Edit of description
[bearbeitet von: TheExpert um 6:39 PM (GMT -8) am 6 Jan 2021]
Parents
  • Hallo,

    As apijnappels said, you can't solve your problem in a way similar to an actual name server.  Note that the log file is "DNS Proxy" instead of "DNS Server."  The Availability Group solution is the only way to have failover for two internal servers - I can't think of any other solution possible without a separate, full DNS Server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo,

    As apijnappels said, you can't solve your problem in a way similar to an actual name server.  Note that the log file is "DNS Proxy" instead of "DNS Server."  The Availability Group solution is the only way to have failover for two internal servers - I can't think of any other solution possible without a separate, full DNS Server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data