Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 14683 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Setup XG 16.5 - Local DNS/Name Resolution Not Working

Julius Perkins

I'm very new to the Sophos ecosystem, took the plunge two weeks ago & setup XG Firewall 16.5 in a virtual environment but need some help filling the gaps.

At the moment, I have a very basic setup with the device LAN port connected to a switch that everything else is connected to.

Problem: In a non-domain environment, machines on the LAN cannot locate each other by hostname (aka machine name).

Configuration & Steps Performed:

Configure > Network > Zones > LAN > Default settings - no changes here so DNS is checked

Configure > Network > DNS > IPv4

  • Static DNS selected - Also, this configuration results in slow lookups so I usually use 8.8.8.8 or 75.75.75.75 first.
    • DNS 1 set to 10.0.1.1
    • DNS 2 set to 8.8.8.8
    • DNS 3 set to 75.75.75.75
  • DNS Query Configuration > Tried both 'Choose server based on incoming requests record type' and 'Choose IPv6 if request originator address is IPv6, else IPv4'
  • DNS Host Entry > Setup multiple entries with 'Reverse DNS Lookup' checked
  • No DNS Request Routes setup

Configure > Network > DHCP > Default DHCP Server

  • Setup Static IP MAC Mapping for nearly all machines
  • Domain Name is empty
  • Gateway > 'Use Interface IP as Gateway' checked
  • DNS Server > 'Use Device's DNS Settings' checked
  • No WINS Server specified

System > Administration > Device Access > Default settings - no changes here so DNS is checked for the LAN Zone.

On each affected machine:

  • Released & renewed IP's after adjusting various settings
  • Flushed DNS: ipconfig /flushdns
  • Registered DNS: ipconfig /registerdns
  • Rebooted

Under Configure > Network > DNS Query Configuration exists a 'Test Name Lookup' button.
I click that, am taken to the next screen where I can enter in an IP Address/Hostname so I use the hostname of a machine the LAN and the result is blank.

IP Address/Hostname : LABSVR01
DNS Server Result Total Query Time

 

Curiously, if I enter an IP address of a local machine, it does work:

IP Address/Hostname : 10.0.1.110
DNS Server Result Total Query Time
10.0.1.1 Lookup Successful 0.32 msec
8.8.8.8 Lookup Fail N/A
75.75.75.75 Lookup Fail N/A

 

For what it's worth, when using real external IP or domain it works in that I do get back results, but the amount of time it takes is brutal:

IP Address/Hostname : oracle.com
DNS Server Result Total Query Time
10.0.1.1 Lookup Successful 3046.49 msec
8.8.8.8 Lookup Successful 20.55 msec
75.75.75.75 Lookup Successful 11.48 msec

 

The above is true when initiating the same request under Monitor & Analyze > Diagnostics > Tool > Name Lookup using the 'Lookup using all Configured Servers' option.

 

I'm a little perplexed and could use some guidance on this.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I will try, on the XG there is a test lookup tab, have you tried to see if the XG recognises your local DNS entries?

    Ian

  • 0 in reply to rfcat_vk

    hey  and thanks for the reply!

    Thanks for your comment!  I can't believe I totally forgot to include that because that was where things got strange for me!

    Post updated with those details.

  • 0 in reply to Julius Perkins

    This doesn't make sense to me:

    Attempts to ping the hostname/NetBIOS name results in: Ping request could not find host <HOSTNAME1>. Please check the name and try again.

    Attempts to perform nslookup results in: 

    C:\WINDOWS\system32>nslookup <HOSTNAME1>
    Server: SOPHOSXGFE
    Address: 10.0.1.1

    Non-authoritative answer:
    DNS request timed out.
            timeout was 2 seconds.
    Name: <HOSTNAME1>
    Address: 10.0.1.5

    C:\WINDOWS\system32>nslookup 10.0.1.5
    Server: SOPHOSXGFE
    Address: 10.0.1.1

    Name: <HOSTNAME1>
    Address: 10.0.1.5

     

    Yet when I attempt to access resources by the hostname/NetBIOS name (e.g.: network shares, http, ssh etc.) it says it cannot resolve the name.

  • 0 in reply to Julius Perkins

    Made some other configuration changes but it's still not working as desired.

     

    Configure > Network > DNS > IPv4

    • Static DNS selected:
      • DNS 1 set to 75.75.75.75
      • DNS 2 set to 8.8.8.8
      • DNS 3 set to 10.0.1.1

    Configure > Network > DNS Host Entry

    • Deleted the existing records
    • Created new ones using an 'internal-only' domain (e.g. lab.test, lab.example, lab.localhost) so they read hostname1.lab.example
      • I tried to create a new one without deleting the existing one but that resulted in: 
        • Failed to add/update DNS Host Entry. Identical configuration 'HOSTNAME1' already exists
      • The reverse is also true: Creating an entry with just the hostname when the FQDN exists fails similarly:
        • Failed to add/update DNS Host Entry. Identical configuration 'HOSTNAME1.lab.example' already exists

    Configure > Network > DNS Request Route - Created entry for the 'internal-only' domain

    • Host/Domain Name: lab.example
    • Target Servers > Host List > Created new entry that points back to the XG
      • Name: SophosXG
      • IP Family: IPv4
      • Type: IP
      • IP Address: 10.0.1.1

    Configure > Network > DHCP > Default DHCP Server

    • Set Domain Name to the 'internal-only' domain (e.g.: lab.example)

    On each affected machine:

    • Released: ipconfig /release
    • Flushed DNS: ipconfig /flushdns
    • Renewed: ipconfig /renew
    • Registered DNS: ipconfig /registerdns
    • The connection specific suffix is present (e.g.: lab.example)

     

    It would seem the DNS Request Route isn't working as requests for lab.example are still being forwarded to external servers.

     

    I switched the DNS order under Configure > Network > DNS > IPv4 so that 10.0.1.1 is first followed by the other two.

    Note: This is not a desirable configuration as forward lookups take a noticeable amount of time.

    After releasing, flushing, renewing, registering the behavior is only slightly different but not any better:

    I can't ping hosts without specifying the FQDN:

    Ping request could not find host HOSTNAME1. Please check the name and try again.

     

    I can't ping hosts without specifying the FQDN:

    Ping request could not find host HOSTNAME1.lab.example. Please check the name and try again.

     

    Performing a forward lookup for HOSTNAME1 semi-works:

    C:\>nslookup HOSTNAME1
    Server: SophosXG.lab.example
    Address: 10.0.1.1

    Non-authoritative answer:
    DNS request timed out.
        timeout was 2 seconds.
    Name: HOSTNAME1.lab.example
    Address: 10.0.1.5

     

    Performing a forward lookup for HOSTNAME1.fqdn is even worse than the non-FQDN equivalent:

    C:\>nslookup HOSTNAME1.lab.example
    Server: SophosXG.lab.example
    Address: 10.0.1.1

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    Non-authoritative answer:
    DNS request timed out.
        timeout was 2 seconds.
    Name: HOSTNAME1.lab.example
    Address: 10.0.1.5

     

    When doing the reverse lookup, it works as expected and it's blazing fast, but that doesn't help:

    C:\>nslookup 10.0.1.5
    Server: SophosXG.lab.example
    Address: 10.0.1.1

    Name: HOSTNAME1.lab.example
    Address: 10.0.1.5

     

     

    For a little over a week now I've been pouring over the Web interface reference & admin guide guide but if I'm doing something wrong or missing something, I'm not seeing it.
    At this point, I'm out of ideas so if this is a PEBKAC issue, please kindly point it out.

Reply
  • 0 in reply to Julius Perkins

    Made some other configuration changes but it's still not working as desired.

     

    Configure > Network > DNS > IPv4

    • Static DNS selected:
      • DNS 1 set to 75.75.75.75
      • DNS 2 set to 8.8.8.8
      • DNS 3 set to 10.0.1.1

    Configure > Network > DNS Host Entry

    • Deleted the existing records
    • Created new ones using an 'internal-only' domain (e.g. lab.test, lab.example, lab.localhost) so they read hostname1.lab.example
      • I tried to create a new one without deleting the existing one but that resulted in: 
        • Failed to add/update DNS Host Entry. Identical configuration 'HOSTNAME1' already exists
      • The reverse is also true: Creating an entry with just the hostname when the FQDN exists fails similarly:
        • Failed to add/update DNS Host Entry. Identical configuration 'HOSTNAME1.lab.example' already exists

    Configure > Network > DNS Request Route - Created entry for the 'internal-only' domain

    • Host/Domain Name: lab.example
    • Target Servers > Host List > Created new entry that points back to the XG
      • Name: SophosXG
      • IP Family: IPv4
      • Type: IP
      • IP Address: 10.0.1.1

    Configure > Network > DHCP > Default DHCP Server

    • Set Domain Name to the 'internal-only' domain (e.g.: lab.example)

    On each affected machine:

    • Released: ipconfig /release
    • Flushed DNS: ipconfig /flushdns
    • Renewed: ipconfig /renew
    • Registered DNS: ipconfig /registerdns
    • The connection specific suffix is present (e.g.: lab.example)

     

    It would seem the DNS Request Route isn't working as requests for lab.example are still being forwarded to external servers.

     

    I switched the DNS order under Configure > Network > DNS > IPv4 so that 10.0.1.1 is first followed by the other two.

    Note: This is not a desirable configuration as forward lookups take a noticeable amount of time.

    After releasing, flushing, renewing, registering the behavior is only slightly different but not any better:

    I can't ping hosts without specifying the FQDN:

    Ping request could not find host HOSTNAME1. Please check the name and try again.

     

    I can't ping hosts without specifying the FQDN:

    Ping request could not find host HOSTNAME1.lab.example. Please check the name and try again.

     

    Performing a forward lookup for HOSTNAME1 semi-works:

    C:\>nslookup HOSTNAME1
    Server: SophosXG.lab.example
    Address: 10.0.1.1

    Non-authoritative answer:
    DNS request timed out.
        timeout was 2 seconds.
    Name: HOSTNAME1.lab.example
    Address: 10.0.1.5

     

    Performing a forward lookup for HOSTNAME1.fqdn is even worse than the non-FQDN equivalent:

    C:\>nslookup HOSTNAME1.lab.example
    Server: SophosXG.lab.example
    Address: 10.0.1.1

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    Non-authoritative answer:
    DNS request timed out.
        timeout was 2 seconds.
    Name: HOSTNAME1.lab.example
    Address: 10.0.1.5

     

    When doing the reverse lookup, it works as expected and it's blazing fast, but that doesn't help:

    C:\>nslookup 10.0.1.5
    Server: SophosXG.lab.example
    Address: 10.0.1.1

    Name: HOSTNAME1.lab.example
    Address: 10.0.1.5

     

     

    For a little over a week now I've been pouring over the Web interface reference & admin guide guide but if I'm doing something wrong or missing something, I'm not seeing it.
    At this point, I'm out of ideas so if this is a PEBKAC issue, please kindly point it out.

Children