Hi, René, and welcome to the UTM Community!
Please click on 'Use rich formatting' and insert a picture of your DNS configuration.
Cheers - Bob
I'm guessing that you already found DNS Best Practice -
If you add "Internal (Network)" to 'Allowed Networks', do things work as you'd hoped?
Cheers - Bob
Have you looked at the DC to confirm that it has a Reverse Lookup Zone including 10.10.8.0/24 and that there's an entry for 10.10.8.21?
Cheers - Bob
It looks like DNS isn't the problem. If a reboot doesn't help, it might be an unusual configuration error in Web Filtering. Another possibility is that the initial load of the UTM's firmware was faulty. Before you reload from ISO, contact Sophos Support to have them look at this. Please let us know the result.
Cheers - Bob
I tried to send you a message. If you will send me one, I will help you get to Sophos Support.
Cheers - Bob