This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Setup XG 16.5 - Local DNS/Name Resolution Not Working

I'm very new to the Sophos ecosystem, took the plunge two weeks ago & setup XG Firewall 16.5 in a virtual environment but need some help filling the gaps.

At the moment, I have a very basic setup with the device LAN port connected to a switch that everything else is connected to.

Problem: In a non-domain environment, machines on the LAN cannot locate each other by hostname (aka machine name).

Configuration & Steps Performed:

Configure > Network > Zones > LAN > Default settings - no changes here so DNS is checked

Configure > Network > DNS > IPv4

Static DNS selected - Also, this configuration results in slow lookups so I usually use 8.8.8.8 or 75.75.75.75 first.
- DNS 1 set to 10.0.1.1
- DNS 2 set to 8.8.8.8
- DNS 3 set to 75.75.75.75
DNS Query Configuration > Tried both 'Choose server based on incoming requests record type' and 'Choose IPv6 if request originator address is IPv6, else IPv4'
DNS Host Entry > Setup multiple entries with 'Reverse DNS Lookup' checked
No DNS Request Routes setup

Configure > Network > DHCP > Default DHCP Server

Setup Static IP MAC Mapping for nearly all machines
Domain Name is empty
Gateway > 'Use Interface IP as Gateway' checked
DNS Server > 'Use Device's DNS Settings' checked
No WINS Server specified

System > Administration > Device Access > Default settings - no changes here so DNS is checked for the LAN Zone.

On each affected machine:

Released & renewed IP's after adjusting various settings
Flushed DNS: ipconfig /flushdns
Registered DNS: ipconfig /registerdns
Rebooted

Under Configure > Network > DNS Query Configuration exists a 'Test Name Lookup' button.
I click that, am taken to the next screen where I can enter in an IP Address/Hostname so I use the hostname of a machine the LAN and the result is blank.

IP Address/Hostname : LABSVR01

DNS Server

Result

Total Query Time

Curiously, if I enter an IP address of a local machine, it does work:

IP Address/Hostname : 10.0.1.110

DNS Server	Result	Total Query Time
10.0.1.1	Lookup Successful	0.32 msec
8.8.8.8	Lookup Fail	N/A
75.75.75.75	Lookup Fail	N/A

For what it's worth, when using real external IP or domain it works in that I do get back results, but the amount of time it takes is brutal:

IP Address/Hostname : oracle.com

DNS Server	Result	Total Query Time
10.0.1.1	Lookup Successful	3046.49 msec
8.8.8.8	Lookup Successful	20.55 msec
75.75.75.75	Lookup Successful	11.48 msec

The above is true when initiating the same request under Monitor & Analyze > Diagnostics > Tool > Name Lookup using the 'Lookup using all Configured Servers' option.

I'm a little perplexed and could use some guidance on this.

This thread was automatically locked due to age.

0 rfcat_vk over 7 years ago

Hi,

I will try, on the XG there is a test lookup tab, have you tried to see if the XG recognises your local DNS entries?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Julius Perkins over 7 years ago in reply to rfcat_vk

hey rfcat_vk and thanks for the reply!

Thanks for your comment! I can't believe I totally forgot to include that because that was where things got strange for me!

Post updated with those details.
Cancel
Vote Up 0 Vote Down

Cancel
0 Julius Perkins over 7 years ago in reply to Julius Perkins

This doesn't make sense to me:

Attempts to ping the hostname/NetBIOS name results in: Ping request could not find host <HOSTNAME1>. Please check the name and try again.

Attempts to perform nslookup results in:

C:\WINDOWS\system32>nslookup <HOSTNAME1>
Server: SOPHOSXGFE
Address: 10.0.1.1

Non-authoritative answer:
DNS request timed out.
timeout was 2 seconds.
Name: <HOSTNAME1>
Address: 10.0.1.5

C:\WINDOWS\system32>nslookup 10.0.1.5
Server: SOPHOSXGFE
Address: 10.0.1.1

Name: <HOSTNAME1>
Address: 10.0.1.5

Yet when I attempt to access resources by the hostname/NetBIOS name (e.g.: network shares, http, ssh etc.) it says it cannot resolve the name.
Cancel
Vote Up 0 Vote Down

Cancel
0 Julius Perkins over 7 years ago in reply to Julius Perkins
Made some other configuration changes but it's still not working as desired.

Configure > Network > DNS > IPv4

Static DNS selected:

DNS 1 set to 75.75.75.75

DNS 2 set to 8.8.8.8

DNS 3 set to 10.0.1.1

Configure > Network > DNS Host Entry

Deleted the existing records

Created new ones using an 'internal-only' domain (e.g. lab.test, lab.example, lab.localhost) so they read hostname1.lab.example

I tried to create a new one without deleting the existing one but that resulted in:

Failed to add/update DNS Host Entry. Identical configuration 'HOSTNAME1' already exists

The reverse is also true: Creating an entry with just the hostname when the FQDN exists fails similarly:

Failed to add/update DNS Host Entry. Identical configuration 'HOSTNAME1.lab.example' already exists

Configure > Network > DNS Request Route - Created entry for the 'internal-only' domain

Host/Domain Name: lab.example

Target Servers > Host List > Created new entry that points back to the XG

Name: SophosXG

IP Family: IPv4

Type: IP

IP Address: 10.0.1.1

Configure > Network > DHCP > Default DHCP Server

Set Domain Name to the 'internal-only' domain (e.g.: lab.example)

On each affected machine:

Released: ipconfig /release

Flushed DNS: ipconfig /flushdns

Renewed: ipconfig /renew

Registered DNS: ipconfig /registerdns

The connection specific suffix is present (e.g.: lab.example)

It would seem the DNS Request Route isn't working as requests for lab.example are still being forwarded to external servers.

I switched the DNS order under Configure > Network > DNS > IPv4 so that 10.0.1.1 is first followed by the other two.

Note: This is not a desirable configuration as forward lookups take a noticeable amount of time.

After releasing, flushing, renewing, registering the behavior is only slightly different but not any better:

I can't ping hosts without specifying the FQDN:

Ping request could not find host HOSTNAME1. Please check the name and try again.

I can't ping hosts without specifying the FQDN:

Ping request could not find host HOSTNAME1.lab.example. Please check the name and try again.

Performing a forward lookup for HOSTNAME1 semi-works:

C:\>nslookup HOSTNAME1
Server: SophosXG.lab.example
Address: 10.0.1.1

Non-authoritative answer:
DNS request timed out.
timeout was 2 seconds.
Name: HOSTNAME1.lab.example
Address: 10.0.1.5

Performing a forward lookup for HOSTNAME1.fqdn is even worse than the non-FQDN equivalent:

C:\>nslookup HOSTNAME1.lab.example
Server: SophosXG.lab.example
Address: 10.0.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
DNS request timed out.
timeout was 2 seconds.
Name: HOSTNAME1.lab.example
Address: 10.0.1.5

When doing the reverse lookup, it works as expected and it's blazing fast, but that doesn't help:

C:\>nslookup 10.0.1.5
Server: SophosXG.lab.example
Address: 10.0.1.1

Name: HOSTNAME1.lab.example
Address: 10.0.1.5

For a little over a week now I've been pouring over the Web interface reference & admin guide guide but if I'm doing something wrong or missing something, I'm not seeing it.
At this point, I'm out of ideas so if this is a PEBKAC issue, please kindly point it out.
Cancel
Vote Up 0 Vote Down

Cancel
0 cyberzeus over 7 years ago in reply to Julius Perkins

Julius - did you ever get this fixed?
Cancel
Vote Up 0 Vote Down

Cancel
0 Julius Perkins over 7 years ago in reply to cyberzeus

Yes I did but I don't recall the exact steps. I had to make some minor adjustments and after doing that I was all set.

Happy to share little I think I know with you.
Cancel
Vote Up 0 Vote Down

Cancel