Forward Lookup "Zones" for IP's Domains through a VPN Connection - TZ470
AKAKilroy
Newbie ✭
We currently have a site-to-site VPN connection to a vendor where we need DNS lookup to their DNS forwarders (Lets use the example, their DNS servers are 12.2.60.60 and 12.2.60.61. Our LAN is (X0 interface) is 10.23.1.0/24 and we are NATing our IP's to 10.161.1.0/24 so our devices appear to them as for example 10.23.1.146→ 10.161.1.146. Our primary DNS entries are 8.8.8.8 and 1.1.1.1, we do not have our own DNS servers. we have a number of addresses that need to point to the 12.2.60.60, 61 for resolving as they are not public IP's. I am being told that we need to for those addresses for them we have to setup DNS forwarding for a specific set of domains, (5 of them). I have tried SPlit DNS, and get no where. so they suggested that we use both their DNS servers as primary and secondary on all our machines, and any addresses they can't resolve will be forwarded onto the internet. I don't like the idea of forwarding ALL our DNS requests to them, as in the event their DNS servers are down or the VPN tunnel goes down, we have no DNS resolutions. I have a ticket open with Sonicwall, but based on the collected logging, they show the DNS requests are either malformed or not fully resolvable DNS servier, (Forward only) therefore there is not much we can do. If I configured a device like they say to do, it seems to work (although not reliably). Suggestions, Insights?
Answers
Have you confirmed this yourself with a packet capture? Plain-old DNS is unencrypted so easy to troubleshoot with Wireshark,
No, using the diag logs from the SonicWALL itself.
Seems like you could accomplish what you need with DNS Proxy and static entries.
https://www.sonicwall.com/support/knowledge-base/configuring-dns-proxy-in-sonic-os/170505634644040
Or you could go the old school, less-centralized route of HOST file entries on individual machines.