Policy Based DNS Selection

Question

Hello Sophos Community, 
 I have setup the Sophos XG 115 to have two WAN links in Active Backup mode. I have setup 2 Policy Routes so that destinations in Asia goes through WAN1 and destinations in USA goes through WAN2. Everything works just fine. However, it seems that the DNS server is ALWAYS FIXED to the WAN1(Active Link) DNS obtained from ISP DNS. 
 My question is that is it possible to use a specific DNS server for Policy Route 1(Destinations in Asia) and another specific DNS server for Policy Route 2(Destinations in USA)? Like the following: 
 Policy Route 1 -> Using WAN Link 1 -> Use DNS from WAN Link 1 ISP. 
 Policy Route 2 -> Using WAN Link 2 -> Use a custom DNS server in my lab. 
 Thx in advance! 
 Geoff T.

LuCar Toni · Accepted Answer

As SD-WAN PBR works on the protocol level, you cannot split this up. It will always trigger one way. Simply because DNS does not work that way. If XG tries to resolve a name, it has to go to the forwarder. 
 You can forward specific source DNS requests to different routes. But not if the XG is the DNS Server.

JET IT · Answer

Thx LuCAR, you are right. Instead I did split DNS at the WAN Link level on one of the WAN Link routers and using that router as the DNS forwarder for all LAN clients. Working like a charm now! Thx so much!

Policy Based DNS Selection

Top Replies