This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Split DNS view?

Is it possible to have two different DNS views on the UTM based on the IP of the client?

I'm currently setting up a WLAN on a SG230 for guest access (hotspot/ticket system).

However this SG has many other modules in use (namely firewall, web and mail protection).

The DNS is fed by the provider DNS, but there is a delegations for "*.company.com" to the internal AD DNS.

So users can lookup hosts like "fileserver.company.com", "ticket-system.company.com" and all the like.

Works well with both wired and wireless corporate users.

However I want visitors on the guest SSID *not* have this forward to the internal nameserver.

So "fileserver.company.com" shall give "not found", "www.company.com" shall give the external (not the internal) IP and all the like.

How can I do this? The standard setup gives the SG ad DNS for wireless guest clients in the DHCP response. With this the guests can lookup the internal names and IPs (they cannot reach them due to the firewall, but this causes lenghty timeouts.

A "cheap" way might be to assign a public DNS (i.e. 8.8.8.8) tho the guests. However this not only "looks cheap", it might also cause problems with looking up the hotspot page, the "passthrough.fw-notify.net" and all the like.

With bind9 it's pretty simple to have different DNS views based upon the IP of the client with some ACLs.

How is this usually done with the Sophos UTM? Am I missing something?

Thanks in advance.



This thread was automatically locked due to age.
  • Hallo Alan and welcome to the UTM Community!

    I'm fairly certain that this can't be done in WebAdmin.  If you succeed in doing it at the command line, please come back and share.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA