Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 6876 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS configuration without Internet

Alessandro Massi

Hi,

I have follw this post https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/32566/solved-dns-best-practice and all works fine. DNS request are client --> Windows DNS server --> UTM

If I make a ping request from LAN to mysite.com (web server in my DMZ) respond my public IP

If Internet connection fails I can't reach my website

There's a way to reach from LAN the website in DMZ when Internet connection fails? (if WAN fails, ping to website.com, respond local IP)

thanks!

Alessandro



This thread was automatically locked due to age.
Parents
  • 0

    Best practice to connect to an internal (or DMZ) server, that is normally reached over a pulic FQDN is a "split brain DNS config", at least when using an internal Windows DNS server. Then you can access the server over hostname from internal and external without any DNAT tricks for internal connections.

    You create a new forward lookup zone on your DNS server for the FQDN, eg. server.domain.tld, then create an A record in that new FLZ that contains no name but the internal IP address of your DMZ server. The UTM should then have a Request route entry for "server.domain.tld" that points to the availability group of your internal DNS servers.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

Reply
  • 0

    Best practice to connect to an internal (or DMZ) server, that is normally reached over a pulic FQDN is a "split brain DNS config", at least when using an internal Windows DNS server. Then you can access the server over hostname from internal and external without any DNAT tricks for internal connections.

    You create a new forward lookup zone on your DNS server for the FQDN, eg. server.domain.tld, then create an A record in that new FLZ that contains no name but the internal IP address of your DMZ server. The UTM should then have a Request route entry for "server.domain.tld" that points to the availability group of your internal DNS servers.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

Children
No Data
Unfiltered HTML