Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 6077 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authoritative Nameserver behind UTM 9

Jiri Benes

Hey guys,

 

I have setup a new authoritative name server for my domain.

What do I need to setup on UTM for this server to be able to server external dns requests?

I added this NAT rule

 

Do I need to do anything else?

Seems like DNS server is unreachable from WAN

Thanks for any help

 

Regards

 

Jiri

 



This thread was automatically locked due to age.
Parents
  • 0

    Besides for traffic from: Internet IPv4 instead of Any I would do this exactly like you did it.

    In my mind the rule is correct.

    Did the WAN IP match correct? Anything in the logs?

    -

  • 0 in reply to Alexander Busch

    Nothing at all in logs...im just getting a lot of UDP DNS requests rn from my internal network to google DNS and some non existing internal IP.

    Also tried to disable IPS

     

    like this

     

  • 0 in reply to Jiri Benes

    Jiri, here are the NS records I find for sametime.cz and none is ns?.sametime.cz (in fact, there's no name resolution for either of those):

    sametime.cz IN NS ns.forpsi.cz 3600s
    sametime.cz IN NS ns.forpsi.it 3600s
    sametime.cz IN NS ns.forpsi.net 3600s

    Why disable IPS?  Have you done #1 in Rulz?

    Then again, why do you want to host your own authoritative name server?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hey Bob,

    thanks for your reply,

    I had to switch testing domain to same-time.cz since i have an emails on sametime.cz, sorry for that.

    I´m testing an ISPConfig for our client and part of a ISPC will be an authoritative DNS server for couple of their domains.

    I disabled IPS just make sure it doesnt block DNS request, enabled it again after I did check logs.

    Seems like my ISP block 53 port so nothing wrong with UTM nothing in logs at all. I think DNS request is dropped before reaches my UTM.

    I did check Rulz and everything is setup correctly.

     

    ns1 host definition

     

    same-time.cz zone config

     

     

    Glue record for same-time.cz name servers is created. (ns1.sametime.cz,ns2.sametime.cz)

     

    Jiri

Reply
  • 0 in reply to BAlfson

    Hey Bob,

    thanks for your reply,

    I had to switch testing domain to same-time.cz since i have an emails on sametime.cz, sorry for that.

    I´m testing an ISPConfig for our client and part of a ISPC will be an authoritative DNS server for couple of their domains.

    I disabled IPS just make sure it doesnt block DNS request, enabled it again after I did check logs.

    Seems like my ISP block 53 port so nothing wrong with UTM nothing in logs at all. I think DNS request is dropped before reaches my UTM.

    I did check Rulz and everything is setup correctly.

     

    ns1 host definition

     

    same-time.cz zone config

     

     

    Glue record for same-time.cz name servers is created. (ns1.sametime.cz,ns2.sametime.cz)

     

    Jiri

Children
  • 0 in reply to Jiri Benes

    Yes that all looks good to me, Jiri.  I agree with your conclusion that it's your ISP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML