XG in Azure - unable to resolve DNS without FQDN

Question

Hi there, 
 we have a Sophos XG active in Azure. Basically everything works as configured, except for DNS resolution if the object has NO FQDN. 
 The goal is to ensure name resolution for objects without FQDN from a VM in Azure. With the Sophos SG UTM you could "simply" store the IP address for a DNS name including reverse. With the XG I am biting my teeth out. 
 Example: DNS name: vmhost.contoso.com Result: Fully resolvable locally and in the network 
 DNS name: vmhost Result: Resolvable locally on the firewall, not in the network 
 The following is configured: - Firewall Firmware: SFOS 18.0.0 GA-Build354 - DNS request route for domain resolution, but also for Single DNS Name (2. does not work) - DNS is allowed for the affected zones - DoS and IPS is currently disabled - Firewall rule allows traffic 
 Try some: - Host registered - DNS host record added (seems to work only with websites?) 
 Anyone have an idea how I can solve this? 
 Thanks a lot! 
 
 Regards, Sascha

LuCar Toni · Accepted Answer

Likely this issue is caused by the VM, not XG. 
 Can you perform a tcpdump on the XG and check for DNS requests? 
 In Windows, there is a feature to add automatically a Domain to a hostname. https://serverfault.com/questions/74067/windows-appending-domain-suffix-to-all-lookups 
 Could observe this issue all the time in Windows Setups. 
 
 If you perform a tcpdump (tcpdump -ni any host CLIENT_IP and port 53), open the hostname in Client, check what is actually asked by the Client.