Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 6875 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS configuration without Internet

Alessandro Massi

Hi,

I have follw this post https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32566/solved-dns-best-practice and all works fine. DNS request are client --> Windows DNS server --> UTM

If I make a ping request from LAN to mysite.com (web server in my DMZ) respond my public IP

If Internet connection fails I can't reach my website

There's a way to reach from LAN the website in DMZ when Internet connection fails? (if WAN fails, ping to website.com, respond local IP)

thanks!

Alessandro



This thread was automatically locked due to age.
  • 0

    Maybe I don't see it but why not using the local IP if Internet connection is running too?

    Best

    Alex

    -

  • 0

    Best practice to connect to an internal (or DMZ) server, that is normally reached over a pulic FQDN is a "split brain DNS config", at least when using an internal Windows DNS server. Then you can access the server over hostname from internal and external without any DNAT tricks for internal connections.

    You create a new forward lookup zone on your DNS server for the FQDN, eg. server.domain.tld, then create an A record in that new FLZ that contains no name but the internal IP address of your DMZ server. The UTM should then have a Request route entry for "server.domain.tld" that points to the availability group of your internal DNS servers.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • 0 in reply to Alexander Busch

    Agreed with Kevin, Alex.  See this KB article: Accessing Internal or DMZ Webserver from Internal Network

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Maybe wrong expressed, but that's what I wanted to say by using the internal IP (for internal traffic). But thanks for the KB article.

    -

  • 0 in reply to Alexander Busch

    Sorry, Alex - my mistake, I confounded you with Alessandro and assumed you'd authored the OP here.  I remember thinking as I posted that that I thought you already knew this, but I was multitasking ineffectively!

    How about it, Alessandro, did Alex, Kevin and I hit on the answer to your problem?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML