This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Host Definitions not updating

Hello Community,

we do have 2 Domain Controllers with Sophos UTM Cluster.

The Domain Controllers handle DNS Services and are used by the UTM to work with DNS Hosts.

We do work with DNS Host Definitions and i recently moved a Host from one VLAN to another, therefore the IP address has changed.

After a reboot of the corresponding machine the DNS Record has been successfully updated on the Domain Controllers and i verified that the new entry has its 15Min TTL Property.

I waited the whole night but the Firewall was still resolving the Host with its old IP, i had to manually clear the resolver cache for the UTM to Update the Record.

Shouldn´t this be some sort of automatic process, am i missing something ?
Thanks



This thread was automatically locked due to age.
Parents
  • Hallo,

    What was the TTL on the original entry in the domain server?  If that hadn't been reached yet, the UTM would have no idea of the new values.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob, i do not know how to verify this as i deleted the old records manually but as i told Amodin already there is a mixture of static and dynamic dns entries and there is no scavenging in place at all, can this be the issue? i will setup some records to test the behaviour before moving to the productive systems

Reply
  • Hello Bob, i do not know how to verify this as i deleted the old records manually but as i told Amodin already there is a mixture of static and dynamic dns entries and there is no scavenging in place at all, can this be the issue? i will setup some records to test the behaviour before moving to the productive systems

Children
  • I didn't see anything about your DNS scavenging not in place.  How is it then you get rid of old records?  Manually delete them from DNS?

    Because that is literally the purpose of DNS scavenging - get rid of stale records.

    If the UTM is forwarding requests to your DNS servers and no scavenging is taking place, the aged/stale records will remain because the UTM is just sending that request onto the recordkeeper.  So you get stuck with GIGO.

    XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | GB Ethernet x5