Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 21622 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Definition - Bug or by design?

Jeff x

When creating a 'Host' type network definition, you have the option of adding multiple DNS hostnames such as:

  • www.mysite.com
  • support.mysite.com
  • mysite.com

The problem I encounter is when subdomains are hosted on different servers/hosts. If I add the root domain (mysite.com) to one of my network definitions, it acts like a wildcard entry and overrides any other network definition.

For example, if "www.mysite.com" and "mysite.com" are added to one network definition and "support.mysite.com" is added to another network definition that points to a different IP, all traffic to "support.mysite.com" goes to the other/wrong IP address. If I remove the root domain (mysite.com) from the other network definition, then traffic is routed accordingly.

So is this by design?



This thread was automatically locked due to age.
Parents
  • 0

    By design.  If you use just tk, you will block name resolution for all .tk domains.  See Block a TLD.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob, 

    Did you post your answer to the wrong discussion, lol? I don't see how your answer applies here.

    My question is about why adding a root domain (SLD.TLD) to a Sophos Network Definition acts like a wildcard.

    Thanks, 

    Jeff

    --------------------------------------------------------------------
    Sophos UTM 9.714-4 - Home User
    Currently testing VM on i3-9100 @ 3.60 GHz
    16 GB RAM
    Dell Optiplex XE
    Intel Core 2 Duo CPU E8600 @ 3.33GHz
    8GB RAM
    --------------------------------------------------------------------

  • 0 in reply to Jeff x

    Hey Jeff,

    Good question - I didn't explain well, did I?!?

    I was just showing that this behavior is "by design."  Just as domain.tld will prevent the separate resolution of sub.domain.tld, tld will prevent the separate resolution of domain.tld.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Jeff x

    Hey Jeff,

    Good question - I didn't explain well, did I?!?

    I was just showing that this behavior is "by design."  Just as domain.tld will prevent the separate resolution of sub.domain.tld, tld will prevent the separate resolution of domain.tld.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Thank you for the clarification. That's what I thought.

    So what is the workaround if you want "domain.tld" to point to one local IP address and "sub.domain.tld" to point to another IP address (local or external)? I have a small network so adding a local DNS server seems overkill.

    Thanks again!

    --------------------------------------------------------------------
    Sophos UTM 9.714-4 - Home User
    Currently testing VM on i3-9100 @ 3.60 GHz
    16 GB RAM
    Dell Optiplex XE
    Intel Core 2 Duo CPU E8600 @ 3.33GHz
    8GB RAM
    --------------------------------------------------------------------

  • 0 in reply to Jeff x

    Not possible.  The only workaround is a separate subdomain instead of domain.tld.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:

    Not possible. The only workaround is a separate subdomain instead of domain.tld.

    Cheers - Bob


    Sorry Bob but I'm not following your logic.

    "sub.domain.tld" is a separate subdomain.

    --------------------------------------------------------------------
    Sophos UTM 9.714-4 - Home User
    Currently testing VM on i3-9100 @ 3.60 GHz
    16 GB RAM
    Dell Optiplex XE
    Intel Core 2 Duo CPU E8600 @ 3.33GHz
    8GB RAM
    --------------------------------------------------------------------

  • 0 in reply to Jeff x

    You can use sub1.domain.tld and sub2.domain.tld.  You cannot use sub.domain.tld and domain.tld.

    Is that clearer?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner