Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 21564 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Definition - Bug or by design?

Jeff x

When creating a 'Host' type network definition, you have the option of adding multiple DNS hostnames such as:

  • www.mysite.com
  • support.mysite.com
  • mysite.com

The problem I encounter is when subdomains are hosted on different servers/hosts. If I add the root domain (mysite.com) to one of my network definitions, it acts like a wildcard entry and overrides any other network definition.

For example, if "www.mysite.com" and "mysite.com" are added to one network definition and "support.mysite.com" is added to another network definition that points to a different IP, all traffic to "support.mysite.com" goes to the other/wrong IP address. If I remove the root domain (mysite.com) from the other network definition, then traffic is routed accordingly.

So is this by design?



This thread was automatically locked due to age.
  • 0

    By design.  If you use just tk, you will block name resolution for all .tk domains.  See Block a TLD.

    Cheers - Bob

  • 0 in reply to BAlfson

    Bob, 

    Did you post your answer to the wrong discussion, lol? I don't see how your answer applies here.

    My question is about why adding a root domain (SLD.TLD) to a Sophos Network Definition acts like a wildcard.

    Thanks, 

    Jeff

  • 0 in reply to Jeff x

    Hey Jeff,

    Good question - I didn't explain well, did I?!?

    I was just showing that this behavior is "by design."  Just as domain.tld will prevent the separate resolution of sub.domain.tld, tld will prevent the separate resolution of domain.tld.

    Cheers - Bob

  • 0 in reply to BAlfson

    Thank you for the clarification. That's what I thought.

    So what is the workaround if you want "domain.tld" to point to one local IP address and "sub.domain.tld" to point to another IP address (local or external)? I have a small network so adding a local DNS server seems overkill.

    Thanks again!

  • 0 in reply to Jeff x

    Not possible.  The only workaround is a separate subdomain instead of domain.tld.

    Cheers - Bob

  • 0 in reply to BAlfson

    BAlfson said:

    Not possible. The only workaround is a separate subdomain instead of domain.tld.

    Cheers - Bob


    Sorry Bob but I'm not following your logic.

    "sub.domain.tld" is a separate subdomain.

  • 0 in reply to Jeff x

    You can use sub1.domain.tld and sub2.domain.tld.  You cannot use sub.domain.tld and domain.tld.

    Is that clearer?

    Cheers - Bob

  • 0

    Hi Jeff,

     

    in the moment I do not understand, why you want to create network definitions like you say. What do you want to achieve with that? Maybe you can show your network definitions, if that is possible.

     

    Unknown said:
    it acts like a wildcard entry and overrides any other network definition

     

    Do you really mean any other definition or just the definitions ending with mysite.com?

     

     

    BR

    Sebastian

  • 0 in reply to seroal

    Unknown said:

    why you want to create network definitions like you say. What do you want to achieve with that? Maybe you can show your network definitions, if that is possible. 

    Do you really mean any other definition or just the definitions ending with mysite.com? 

    Only definitions ending with "mysite.com", not all definitions.

    Here is one example using NAT's:

    I have a web server that hosts 'www.mysite.com'. I want visitors (local and external) to be able to type into their browser's address bar 'mysite.com' or 'www.mysite.com' and reach the website.  There is a third server (external) which hosts 'proxy.mysite.com'. All three are accessible for local and external users. If I do not add 'mysite.com' to the network definition (as pictured above), traffic from users who forget to type "www." in front of "mysite.com" does not make it to the server so they only get "website not found" browser errors. The only problem with adding 'mysite.com' to that network definition is that it overrides my other network definition for 'proxy.mysite.com' which points to a different IP address. 

  • 0 in reply to Jeff x

    I tried that, but for me it´s working... Or did I miss a point?

     

    Look: