Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 7369 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reverse DNS / Request routing not working

JamesD_01
I can't seem to get Sophos to resolve internal hostnames.  I've read through several threads with similar problems and haven't figured it out yet.  I removed all static DNS entries after reading ttps://www.astaro.org/gateway-products/management-networking-logging-reporting/48974-9-105-dns-request-routing-still-not-working-reverse-lookup.html

I'm running 3 internal networks, will give info on one that wasn't created by the wizard.

wInterface attachment shows interface settings
wDHCP shows DHCP settings
wDefinition shows a definition I created so I'd have something to put in the target box for request routing; maybe I did something dumb here.
wDNSGlobal shows the 3 networks allowed to use Sophos for DNS.
wRequestRouting shows the DNS request route.

So I connect my phone to the network and do a nslookup on it:

MBPR: $ nslookup
> 192.168.78.197
Server:  192.168.64.1
Address: 192.168.64.1#53

** server can't find 197.78.168.192.in-addr.arpa.: NXDOMAIN


Any ideas? thanks a bunch!


This thread was automatically locked due to age.
  • 0
    I can't seem to get Sophos to resolve internal hostnames.  I've read through several threads with similar problems and haven't figured it out yet.  I removed all static DNS entries after reading ttps://www.astaro.org/gateway-products/management-networking-logging-reporting/48974-9-105-dns-request-routing-still-not-working-reverse-lookup.html

    I'm running 3 internal networks, will give info on one that wasn't created by the wizard.

    wInterface attachment shows interface settings
    wDHCP shows DHCP settings
    wDefinition shows a definition I created so I'd have something to put in the target box for request routing; maybe I did something dumb here.
    wDNSGlobal shows the 3 networks allowed to use Sophos for DNS.
    wRequestRouting shows the DNS request route.

    So I connect my phone to the network and do a nslookup on it:

    MBPR: $ nslookup
    > 192.168.78.197
    Server:  192.168.64.1
    Address: 192.168.64.1#53

    ** server can't find 197.78.168.192.in-addr.arpa.: NXDOMAIN


    Any ideas? thanks a bunch!


    Hello JamesD

    The answer is in your error msg. Create another request route for your internal network(s) pointing to your internal DNS using that form as "domain"

    0.78.168.192.in-addr.arpa.

    It's your network range written reverse (and do not forget the point after arpa)

    This should work out fine
  • 0
    Thanks for the reply!

    Ok; I have a /20 subnet… so I assume this is the way to do it?

    0.65.168.192.in-addr-arpa → gwWaveAVP 
    0.66.168.192.in-addr-arpa → gwWaveAVP 
    0.67.168.192.in-addr-arpa → gwWaveAVP 
    0.68.168.192.in-addr-arpa → gwWaveAVP 
    0.69.168.192.in-addr-arpa → gwWaveAVP 
    0.70.168.192.in-addr-arpa → gwWaveAVP 
    0.71.168.192.in-addr-arpa → gwWaveAVP 
    0.72.168.192.in-addr-arpa → gwWaveAVP 
    0.73.168.192.in-addr-arpa → gwWaveAVP 
    0.74.168.192.in-addr-arpa → gwWaveAVP 
    0.75.168.192.in-addr-arpa → gwWaveAVP 
    0.76.168.192.in-addr-arpa → gwWaveAVP 
    0.77.168.192.in-addr-arpa → gwWaveAVP 
    0.78.168.192.in-addr-arpa → gwWaveAVP 
    0.79.168.192.in-addr-arpa → gwWaveAVP 

    I tried this and am getting the same error [:(]

    snippet from named.conf:

    zone "0.65.168.192.in-addr-arpa." IN {
    type forward;
    forward only;
    forwarders {
    192.168.64.1;
    };
    check-names ignore;
    };
  • 0
    Edit: realized I typoed addr.arpa as addr-arpa… fixed… relevant section from named.conf:

    zone "0.78.168.192.in-addr.arpa." IN {
                    type forward;
                    forward only;
                    forwarders {
                            192.168.64.1;
                    };
                    check-names ignore;
    };

    _______________

    $ nslookup
    > 192.168.78.197
    Server: 192.168.64.1
    Address: 192.168.64.1#53

    ** server can't find 197.78.168.192.in-addr.arpa.: NXDOMAIN
    >
  • 0 in reply to JamesD_01
    Whoops...sorry JamesD - My fault. For subnet you have to strip away the "0." it has to look like this here

    65.168.192.in-addr-arpa.

    /Sascha
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?