9 Replies Latest reply on Feb 18, 2010 5:56 PM by rcamm

    Using an internal DNS Server

    aacordoba

      Hi everyone.

       

      I´m trying to looking and answer in KB but nothing yet...

       

      Host NameSG565Firmware Version

      Version 4.0.5

      We have an internal DHCP with DNS server, so this server is who tellme waht IP have my hostname, then in my firewall I have in  DEFINITIONS -> ADDRESSES All the internal IPs of my clients, but now that I´m using DHCP with DNS Server, I want to change that definition IP to DNS Hostaname definition, so...

       

      How can I tell yo my firewall that I have a DNS server internet, so when the firewall check the hostname "VIRTUAL" see the IP 192.168.2.55..

      I NETWORK SETUP -> LAN (Edit) I already add DNS Server(s) the IP of my internal DNS Server.

       

      Now I can see the server into DIAGNOSTICS

      Internet

      Gateway: xxx.xxx.xxx.xxx

      DNS: 192.162.2.190, 201.116.xxx.xxx, 201.144.xxx.xxx

       

      But the name is not resolving correctly, how can I do that?

      Thanks in advanced.

        • 1. Re: Using an internal DNS Server

          Check

           

          firewall -> packet filters

           

          For a drop all rule for dns.

           

          You will need to disable or modify this rule so your internal DNS server can resolve names.

          • 2. Re: Using an internal DNS Server
            aacordoba

            Hi Ross.

             

            Thanks, I already check this, anyway I just add a new rule to accept all traffic on port 53.

            Any other idea.

            I mean just adding the local server as DNS server it´s enough?

             

            Thanks in advanced.

            • 3. Re: Using an internal DNS Server

              not enough.

               

              Disable the rule entirely that blocks dns.

               

              it is stopping your internal dns server contacting other dns servers on the internet.

              • 4. Re: Using an internal DNS Server

                Hi,

                 

                another solution should be... make a dnat -> pointing to the dedicated internal DNS Server.  

                all clients are getting DNS from there.

                 

                _martin

                • 5. Re: Using an internal DNS Server
                  aacordoba

                  How can I make the dnat ?

                   

                  Well, here is more details about my scenario.

                   

                  In the FIREWALL section -> Definitions -> Addresses there are all the IP addres groups and single IP Address of the network, so that definition are by IP ADDRESS, but now we have a DHCP/DNS Server, so now the IP Address will be dynamic. So we need to create that definition by DNS Hostaname, that definition are used to bloque hosts from Internet Access.

                   

                  FIREWALL section -> Definitions -> Addresses

                   

                  image1.jpg

                  • 6. Re: Using an internal DNS Server
                    aacordoba

                    NETWORK SETUP -> Network Setup -> DNS

                     

                    image2.jpg

                     

                    NETWORK SETUP -> Network Setup -> Connections -> (edit LAN) -> Direct Connection Settings

                     

                    image3.jpg

                     

                    FIREWALL -> Access Control -> ACL

                     

                    image4.jpg

                     

                    IP Address of DHCP/DNS Server is: 192.168.2.190

                    And hostname of the test client is: VIRTUAL  ip: 192.168.2.55

                    • 7. Re: Using an internal DNS Server

                      Are your internal clients using the UTM device as a DNS proxy ?

                       

                      If so, I suggest you don't.

                       

                      Configure them to use the internal DNS server instead ( via DHCP I presume ), then the names should resolve.

                      • 8. Re: Using an internal DNS Server
                        aacordoba

                        Hi Ross.

                         

                        My internal client are using 2 DNS.

                         

                        First DNS:      192.168.2.100 (UTM Internal IP / Gateway)

                        Second DNS:  192.168.2.190 (DNS/DHCP)

                         

                        So you suggest change the DNS, and only let the internal DNS only?

                         

                        But the problem here I suppose is that my box (snapgear) is not resolve the correct ip for the hostname (VIRTUAL), I change the IP of the DNS Server in the LAN configuration, the screenshots above was wrong, so now I change the IP to 192.168.2.190, and try it but nothing... the client can pass to the internet.

                         

                        Thanks in advanced...picture5.jpg

                        Regards

                        • 9. Re: Using an internal DNS Server

                          Yes, I am suggesting that since you already have a full functional DNS server ( probably linked to AD and DHCP ), that you use this, not the UTM DNS proxy.

                           

                          So point all internal clients to use  192.168.2.190

                           

                          Do not specify this address on the UTM config...let the UTM device use the DNS servers as set by the ISP