Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 639 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 DHCP with DNS Availability List

belzeBUB

Hello, 

I am fairly new in the UTM game.
I have set up an old appliance (which was a leftover in my company) with a home license. I am happy with my work until now - almost everything works as I was hoping.

The only thing which I just can't wrap my head around:

DHCP-Server + DNS Forwarders. My UTM refuses to use the DNS in the Forwarders-list. I sense I misconfigured something somewhere.

I wanted: UTM as DHCP, pi-hole as DNS, if pi-hole failes, fallback on UTM as DNS+DHCP (Fritzbox is the modem and the UTM is set uo as exposed host)

My DHCP is configured as followed (works fine - but not as intented):

But - of course - doesn't work when the pi-hole fails/is turned off.

This is the Forwarders config:

any recommendations where I need adjust things? Or am I just stupid?

Config:
Fritzbox: 192.168.169.1
UTM: 192.168.0.1
PiHole: 192.168.0.254

...and sadly yes - I have read:
https://community.sophos.com/utm-firewall/f/recommended-reads/122972/dns-best-practice 

Thanks for your time and suggestions.

Sorry, if my english is not understandable - not a native speaker - if Bob answers, I am happy to go on in german ;)

greetings, 

Matthias



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to jprusch

    Hi Philipp,

    right here (pi-hole available):

    If I turn off the pi-hole:

    so the switching actually works...

    Do I need a special (Network-/Service-)Definition for this to work?

    When I use Support>Tools>DNS Lookup it works, when the pihole is unavailable:

    "Trying "sophos.com"

;; Truncated, retrying in TCP mode.

Trying "sophos.com"

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10466

;; flags: qr rd ra; QUERY: 1, ANSWER: 40, AUTHORITY: 0, ADDITIONAL: 0


;; QUESTION SECTION:

;sophos.com.			IN	ANY
    Received 2604 bytes from 127.0.0.1#53 in 0 ms"


    I am lost...
  • 0 in reply to belzeBUB

    Hello Matthias,

    I believe you, that your DNS is working ON THE UTM. But that's not the point of view of the clients: you offer your DHCP-clients the IP address of the pi-hole only. They don't know about any other way to resolve DNS-requests.

    So you have two ways to go: either you change that first DNS-Server address in your DHCP configuration to the IP of the Sophos UTM (I think this is 192.168.0.1) or you use my suggestion from above (second DNS entry ...)

    With the second method you need to remove the pi-hole from the DNS availibilty group, because this makes no sense, then.

  • 0 in reply to jprusch

    Thanks Philipp, it seems to work the way you suggested - I fiddled around quiet a bit... but well. It does the job.

    I was preferring the availability list though. Is that a general "not working with dhcp" or am i just missing something?

    Thanks a lot.