Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 8553 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 and DNS without additional DHCP and DNS Server

TimBenkert

Hello,

I'm running Sophos UTM 9.503-4 on a pcengines APU board behind a FRITZ!Box Fon WLAN 7360. The UTM is configured as exposed host on the Fritz!Box and the UTM provides DHCP and DNS for my LAN. There are no other DHCP or DNS servers and I don't have an AD.

I use an IPv4 DHCP server with static mappings and a dynamic range.

I switched on IPv6 today.

-> Interfaces & Routing -> IPv6 -> Global -> Switch on; The Fritz!Box provides the UTM with a /62 subnet

-> Interfaces & Routing -> IPv6 -> Prefix Advertisement; I created 3 new /64 subnets for my internal networks (DMZ, internal LAN, internal WLAN) with stateless integrated DHCP server

-> Interfaces & Routing -> IPv6 -> Renumbering -> Allow Automatic IPv6 Renumbering

-> Interfaces & Routing -> Interfaces; Provided every existing interface except External with a /64 subnet taken from /62 subnet range mentioned above. The external interface got its IPv6 address via DHCP from the FRITZ!Box.

-> Network Protection -> NAT -> Masquerading; created new custom network definitions for the IP Adress ranges of my internal networks and replaced the standard network IPv4/v6 definitions.

I can surf the internet and there were no service issues so far.

Now I do not see the IPv6 hostnames on the UTM, as the hosts create them themselve and do not forward them to the UTM.

I googled a bit and came up with more questions than before.

1. Is it right, that the DNS Server within the UTM is just a DNS proxy without the full capabilities of a DNS server? If so, I might think about moving DNS and DHCP to my Synology NAS. I like to have both services on one machine, so I would move them both.

2. Is it correct, that the only chance I have to know which host has what IPv4 and IPv6 adresses is to change to stateful DHPCv6? This question supposes, that DNS and DHCP stay on the UTM.

 

I did not find any answers to my questions and all the best practice I found in this forum are made for environments with additional DHCP and DNS servers and/or AD.

 

Thanks for your help!

 

Tim

 



This thread was automatically locked due to age.
Parents
  • +1

    You seem to be correct that when using stateless there's no way in UTM to link a hostname to it's IPv6 address. You are also correct in that UTM is not a full-blown DNS-server.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • +1

    You seem to be correct that when using stateless there's no way in UTM to link a hostname to it's IPv6 address. You are also correct in that UTM is not a full-blown DNS-server.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
  • 0 in reply to apijnappels

    apijnappels said:

    You seem to be correct that when using stateless there's no way in UTM to link a hostname to it's IPv6 address. You are also correct in that UTM is not a full-blown DNS-server.

     

     

    Thank you for this short answer! It answers my questions.

    I'll look into the settings for DNS and DHCP on my Synology and will probably move both services to it.

    Maybe Sophos will improve DHCP and DNS servers on the UTM in future.

     

    Do you know if these services are implemented better in XG?

     

    Regards

    Tim

  • 0 in reply to TimBenkert

    TimBenkert said:
    Do you know if these services are implemented better in XG?

    I haven't really dug too deep in XG, maybe someone in the specific XG forums can help you with that specific question.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Unfiltered HTML