9 Replies Latest reply on Feb 18, 2010 5:56 PM by rcamm

    Using an internal DNS Server


      Hi everyone.


      I´m trying to looking and answer in KB but nothing yet...


      Host NameSG565Firmware Version

      Version 4.0.5

      We have an internal DHCP with DNS server, so this server is who tellme waht IP have my hostname, then in my firewall I have in  DEFINITIONS -> ADDRESSES All the internal IPs of my clients, but now that I´m using DHCP with DNS Server, I want to change that definition IP to DNS Hostaname definition, so...


      How can I tell yo my firewall that I have a DNS server internet, so when the firewall check the hostname "VIRTUAL" see the IP

      I NETWORK SETUP -> LAN (Edit) I already add DNS Server(s) the IP of my internal DNS Server.


      Now I can see the server into DIAGNOSTICS


      Gateway: xxx.xxx.xxx.xxx

      DNS:, 201.116.xxx.xxx, 201.144.xxx.xxx


      But the name is not resolving correctly, how can I do that?

      Thanks in advanced.

        • 1. Re: Using an internal DNS Server



          firewall -> packet filters


          For a drop all rule for dns.


          You will need to disable or modify this rule so your internal DNS server can resolve names.

          • 2. Re: Using an internal DNS Server

            Hi Ross.


            Thanks, I already check this, anyway I just add a new rule to accept all traffic on port 53.

            Any other idea.

            I mean just adding the local server as DNS server it´s enough?


            Thanks in advanced.

            • 3. Re: Using an internal DNS Server

              not enough.


              Disable the rule entirely that blocks dns.


              it is stopping your internal dns server contacting other dns servers on the internet.

              • 4. Re: Using an internal DNS Server



                another solution should be... make a dnat -> pointing to the dedicated internal DNS Server.  

                all clients are getting DNS from there.



                • 5. Re: Using an internal DNS Server

                  How can I make the dnat ?


                  Well, here is more details about my scenario.


                  In the FIREWALL section -> Definitions -> Addresses there are all the IP addres groups and single IP Address of the network, so that definition are by IP ADDRESS, but now we have a DHCP/DNS Server, so now the IP Address will be dynamic. So we need to create that definition by DNS Hostaname, that definition are used to bloque hosts from Internet Access.


                  FIREWALL section -> Definitions -> Addresses



                  • 6. Re: Using an internal DNS Server

                    NETWORK SETUP -> Network Setup -> DNS




                    NETWORK SETUP -> Network Setup -> Connections -> (edit LAN) -> Direct Connection Settings




                    FIREWALL -> Access Control -> ACL




                    IP Address of DHCP/DNS Server is:

                    And hostname of the test client is: VIRTUAL  ip:

                    • 7. Re: Using an internal DNS Server

                      Are your internal clients using the UTM device as a DNS proxy ?


                      If so, I suggest you don't.


                      Configure them to use the internal DNS server instead ( via DHCP I presume ), then the names should resolve.

                      • 8. Re: Using an internal DNS Server

                        Hi Ross.


                        My internal client are using 2 DNS.


                        First DNS: (UTM Internal IP / Gateway)

                        Second DNS: (DNS/DHCP)


                        So you suggest change the DNS, and only let the internal DNS only?


                        But the problem here I suppose is that my box (snapgear) is not resolve the correct ip for the hostname (VIRTUAL), I change the IP of the DNS Server in the LAN configuration, the screenshots above was wrong, so now I change the IP to, and try it but nothing... the client can pass to the internet.


                        Thanks in advanced...picture5.jpg


                        • 9. Re: Using an internal DNS Server

                          Yes, I am suggesting that since you already have a full functional DNS server ( probably linked to AD and DHCP ), that you use this, not the UTM DNS proxy.


                          So point all internal clients to use


                          Do not specify this address on the UTM config...let the UTM device use the DNS servers as set by the ISP