This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Help/guidance requested please.

I have a small soho network  which is connected to the WAN through a UTM.  I have enabled DNS services on subnets using the UTM.  I do not have a local DNS set up on my machines.

Recently I have run into authentication issues with a shared NAS device and am thinking of running an LDAP server on the NAS as it has this capability built in.

The first setting I have to complete is for an FQDN on the LDAP server and an example was suggested.  This suggestion was along the lines "my.server.com." 

I wondered why .com since I hope the LDAP will be contained within the LAN and not connect beyond. 

What will the top level domain name be if I create a dedicated FQDN for my LDAP sever.  As it will be a private domain can I use a more appropriate top level such as .org or what?

In addition to setting up the LDAP I am also planning to set up an NSFv4 sever on my network and this will require DNS.  Does this mean I must set up my own DNS or can I use the service provided on the UTM.

Sorry to be so dumb but am having to learn a lot of new stuff I have not needed before!!!

Budge



This thread was automatically locked due to age.
Parents
  • If you are assigning it local DNS for your internal network, you wouldn't use a .com address for that.  Instead, you would use something like NAS.budgie2.home and create a DNS entry on the UTM.  You would create DNS entries for each device, and the easiest way I do that is through the IPv4 Lease Table, so you can just click 'Make Static' and it pulls up the interface for you to create a new Host entry.  I do that for all of my server-type devices and core items (switches, servers, APs, etc).

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • If you are assigning it local DNS for your internal network, you wouldn't use a .com address for that.  Instead, you would use something like NAS.budgie2.home and create a DNS entry on the UTM.  You would create DNS entries for each device, and the easiest way I do that is through the IPv4 Lease Table, so you can just click 'Make Static' and it pulls up the interface for you to create a new Host entry.  I do that for all of my server-type devices and core items (switches, servers, APs, etc).

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
  • Hi and many thanks.  That seems really neat but I am not sure what I am doing so please help me further here. 

    For example I have a NAS which has a static IP on a subnet which is configured on UTM interfaces and uses the start address of the subnet for the DNS. The NAS is usually accessed by the web interface from one of the workstations on the same subnet.  The NAS has internet access for updates etc. and I can see it on the lease table.

    If I do as you suggest and create a new Host with a DNS hostname, does this work alongside the existing DNS connection configured on the UTM?

    I am seeking to do this to set up an LDAP server on the NAS which asks for the FQNS.  How do other devices work in this situation when LDAP is in use?

    As you can tell I am a real beginner still so hope you will forgive my dumb questions.

    Regards,

    Budge     

  • Hi Budge,

    You are overcomplicating things: DNS and LDAP are completely separate services, which perfectly work alongside. So one would not disturb the other when setup on the same LAN or server. Although an LDAP needs a correct and working DNS as a precondition, as you already know. You normally have one or more DNS inside your LAN, if you want to resolve internal servernames. The UTM has the ability to serve as a DNS, with some limitations. So the first thing you should do is to find an internal DNS domain name, you want to use on all of your systems. This could be budge.local or budgie2.home or blabla.internal. It should NOT use some of commen .TLD endings which are used in the public internet. So no .com , .org .net or alike.
    Then define thos host entries like Amodin showed you, and the UTM will happily resolve these. If you request Name resoltuion for a domain outside this internal used one, the UTM forwards this request to the DNS-forwarders you already have setup, did you?

    Hope this helps.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Philipp and many thanks.  Will use Amodin's suggestion with your very helpful clarification.

    Best wishes,

    Budge.  

  • Hi Amodin, I  do have one problem with your suggestion and that is because the machine I wish to use for local DNS is already on a fixed IP and therefore not within the lease table.

    Is there another way to do what is proposed please?

  • You can still create a host entry for that device and give it the fixed IP you have it assigned and can even create another hostname for it in the same entry. ;)  

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hi Amodin, many thanks.  I am a bit slow here, can you please give me a blow by blow instruction.  The screenshot was brilliant and  I have no idea where to start, so many options and not enough learning!!!

  • OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Great and many thanks.  Found it and have started setting it up.  It does beg the question about the existing networks on the DNS service and how this new host fits in.   More reading for me  required I think on how the local name server works.  

  • It's really the same thing as .com, you are just using something that isn't recognizable on the internet so the network (and you) can distinguish the difference.  I use .home to obviously recognize what my home devices are, and an FQDN would also constitute the naming convention you use; i.e., <subdomain>.<domain>.<com> It's the same thing as - <devicename>.<domain>.<home> 

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hi Amodin, clearly I made a mistake or three as I lost my internet connection on my home network and had to undo. 

    I did notice when I went to the Network Definitions tab that there is an entry in the list for my home network Alastair is not fully set and has the edit, delete, clone buttons showing.  It appears to be an attempted duplicate of the object Alastair (Network). 

    When I tried to delete this incomplete entry I received a warning The network object 'Alastair' is required by the WebAdmin allowed network list. 

    Since I already have the Alastair (Network) showing in the list I think I should clear this up before continuing with the local DNS work.