Hi Sophos Forum :)
I´ve been stuck with configuring VPN DNS and the error is recurring for several firewalls now. I cannot tell if it has something todo with the V18 migration but presumably it worked quite a while.
I´ve setup SSL Client VPN with the usual DHCP Pool 10.81.235 and DNS of the internal firewall interface.
The firewall WAN Interface uses Google DNS.
When nslookup server.domain.com it adds another dns suffix from my LAN and always resolves in an external IP adress rather than the internal server
nslookup server.domain.com resolves in server.domain.com.domainB.com 184.108.40.206
This is the case for any host I query.
Expected is 10.20.0.5
As there is no DNS Server like ADDNS the server requested is added to the firewalls DNS entry without FQDN but its not different from firewalls where the internal server is used for DNS.
I´fe seen this on a couple of managed firewalls already but can´t figure the reason. Its really stranged that this external Ip resolves all the time.
Any hint is much appreciated.
have you created the internal interface in the XG DNS and not set Publishon on WAN?
the internal interface is not added to XG DNS.
then how does the DNS know to use 10.x.x.x if you have not created it in the internal DNS, it will only see the external address.
Understand, let me explain it from my view
The XG, lets say 10.20.0.254 runs the only dns available for internal clients.
From DHCP for SSL VPN I configure 10.20.0.254 for clients
From the XG I add the server.domain.com with 10.20.0.1
From my understanding the SSLVPN client uses his configured primary dns to resolve using the firewalls ip as dns server.
Am I missing something?
maybe I am missing something in your explanation, how does the URL associate to the IP address?ian
From the internal dns A record I set in the XG.
So the XG knows the IP from a static record for the URL.
Thats what actually works without issues but for certain firewalls the dns gets an additional dns domain name like explained above